Security Directory

K

KOALA

koala.ch

56

KOALA is a Swiss-based e-commerce retailer specializing in women's, men's, and children's fashion footwear, clothing, and accessories. The website offers products from over 300 leading brands, emphasizing quality customer service, free shipping, and returns. The platform is built on Magento, leveraging modern web technologies and multiple analytics and advertising tools to optimize user experience and marketing effectiveness. The site supports multiple languages and provides clear contact information, enhancing accessibility for its target audience. Security-wise, KOALA enforces HTTPS, implements GDPR-compliant cookie consent mechanisms, and uses fingerprinting for fraud prevention, reflecting a mature security posture. However, explicit security policies and incident response contacts are not publicly available, representing areas for improvement. Overall, KOALA presents a professional, trustworthy online retail presence with a solid technical foundation and good privacy compliance.

A

Aeschbach

a1904.ch

58

Aeschbach is a Swiss-based e-commerce retailer specializing in shoes, clothing, and accessories primarily targeting women, men, and children. The website showcases a broad portfolio of over 300 leading brands, offering free shipping and returns, and emphasizes customer satisfaction and quality service. The platform is built on Magento Commerce, leveraging modern web technologies and analytics tools such as Google Tag Manager, Facebook Pixel, and Matomo for marketing and user behavior tracking. The site is well-structured with clear navigation and multilingual support, optimized for mobile devices. Security posture is strong with HTTPS enforcement, security headers, and GDPR-compliant cookie consent mechanisms, although explicit security policies and incident response contacts are not publicly disclosed. Overall, the website presents a professional and trustworthy retail experience with moderate to good technical maturity.

A

atmosfair

atmosfair.de

58

atmosfair is a reputable non-profit organization specializing in CO₂ compensation and climate protection projects, primarily targeting the global south and aviation sectors. The organization is recognized as a test winner in Germany for CO₂ compensation, emphasizing transparency, sustainability, and high-quality certified projects. Their services include CO₂ offsetting for flights and events, sustainable energy project funding, and climate consulting for businesses. The website reflects a mature digital presence built on WordPress with modern SEO and analytics tools, demonstrating good technical infrastructure and user experience. Security posture is solid with HTTPS and privacy-conscious analytics, though improvements in security headers and incident response disclosures are recommended. Overall, atmosfair presents a trustworthy and professional online presence aligned with its mission and audience.

S

Sojern

sojern.com

71

Sojern operates as a leading travel marketing platform specializing in data-driven advertising solutions for hotels, attractions, and destinations. The company positions itself as a market leader, offering services that help travel-related businesses find, engage, and convert travelers online. The website reflects a mature digital presence with comprehensive marketing and analytics integrations, including Google Analytics, Facebook Pixel, Matomo, and Pardot, indicating a sophisticated technical infrastructure. The use of Webflow CMS and modern web fonts contributes to a professional and responsive user experience. Security posture is strong with HTTPS enforcement and security headers, although explicit security policies and incident response information are not publicly available. Privacy compliance is well addressed with GDPR-compliant privacy and cookie policies and a consent mechanism. The absence of WHOIS data introduces some uncertainty regarding domain registration legitimacy, but the overall website quality and technology usage support a credible business operation. Strategic recommendations include publishing detailed security policies, implementing vulnerability disclosure mechanisms, and enhancing transparency around data retention and DPO contact information.

N

Neos CMS

neos.io

69

Neos CMS is an open source content application platform designed to empower editors and developers with an intuitive, extensible, and powerful content management system. The website showcases a mature product with a strong community focus, offering features such as inline editing, multi-language support, and integration capabilities. The platform is positioned as a reliable and flexible solution for enterprises and developers seeking a modern CMS. Technically, the site leverages PHP with the Flow framework, uses Matomo for privacy-respecting analytics, and is hosted by Flownative, indicating a robust and modern infrastructure. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though the absence of a published security policy and incident response contacts suggests room for improvement. Overall, the website is professional, well-structured, and trustworthy, with minor gaps in privacy consent mechanisms and WHOIS transparency.

S

Sparteo

sparteo.com

68

Sparteo is a technology company specializing in advanced advertising technology solutions tailored for publishers and ad networks. The company offers a suite of AI-powered products including display monetization, consent management, supply side platform services, and audio/video advertising technologies. Sparteo holds a strong market position supported by multiple industry awards and certifications, indicating a reputable and innovative presence in the AdTech sector. Their target audience primarily includes digital publishers and advertising networks seeking to optimize revenue and ensure regulatory compliance. Technically, Sparteo leverages modern web technologies such as Webflow CMS, Matomo analytics, and Google reCAPTCHA, ensuring a fast, mobile-optimized, and accessible website experience. The use of a dedicated consent management platform highlights their commitment to privacy compliance and user consent management. Security-wise, the website enforces HTTPS and integrates bot protection and consent management, though it could benefit from additional explicit security headers and published security policies. The absence of WHOIS data for the subdomain is noted but does not detract significantly from the overall trustworthiness given the strong branding and external validations. Overall, Sparteo demonstrates a mature digital infrastructure with a solid security posture and compliance awareness, positioning it well for continued growth in the AdTech industry.

F

Fastcmp

fastcmp.com

66

Fastcmp is a specialized Consent Management Platform designed specifically for publishers, operating as part of the Sparteo group. The company focuses on delivering a high-performance CMP solution that optimizes monetization and consent rates, leveraging technical excellence and collective intelligence. Their business model aligns revenue with customer success, emphasizing a performance-based approach. The website reflects a professional and modern digital presence with clear branding and targeted messaging towards publishers. Technically, the site is built on Webflow with integrations such as Matomo analytics and Google reCAPTCHA, ensuring good performance, mobile optimization, and GDPR compliance. Security posture is solid with HTTPS and bot protection, though explicit security headers and incident response policies are not published, representing areas for improvement. Overall, the website and business demonstrate a mature digital footprint with moderate to high trustworthiness, though WHOIS data for the subdomain is unavailable, which is typical for subdomains. Strategic recommendations include enhancing security headers, publishing security policies, and improving direct contact information availability.

V

Viously

viously.com

67

Viously is a technology company specializing in AI-driven video solutions tailored for publishers. Positioned as an all-in-one platform, it offers video player technology, video hubs, advertising stacks, and analytics to empower publishers to control and monetize their video content effectively. The company is established in Europe with plans for global expansion and operates under the parent company Sparteo. The website reflects a mature digital presence with professional design, clear branding, and comprehensive service descriptions. Technically, the website leverages modern web technologies including Webflow CMS, Matomo analytics, Google reCAPTCHA for bot protection, and FastCMP for consent management, ensuring compliance with privacy regulations. Hosting appears to be via Webflow's CDN, contributing to fast performance and excellent mobile optimization. The site demonstrates good SEO and accessibility practices. From a security perspective, the site uses HTTPS and integrates bot protection and consent management. However, explicit security headers and published security policies or incident response information are absent, representing areas for improvement. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data for the subdomain is unavailable, which is typical for subdomains, but the domain is consistent with the parent company Sparteo, supporting legitimacy. Overall, Viously's website presents a trustworthy and professional front for its video technology services, with strong compliance and technical maturity. Strategic enhancements in security transparency and direct contact information could further strengthen trust and security posture.

S

Sparteo

flashb.id

68

Sparteo is a technology company specializing in advanced advertising technology solutions for publishers and ad networks. Their portfolio includes multiple subsidiary brands offering platforms for display monetization, consent management, supply side platform services, and audio/video advertising technologies. The company positions itself as an award-winning innovator with a strong focus on AI-driven, sustainable advertising solutions. Technically, the website is built on Webflow CMS, uses modern JavaScript libraries, and integrates Matomo analytics and Google reCAPTCHA for security and tracking. The security posture is solid with HTTPS enforced and consent management implemented, though some HTTP security headers are not explicitly detected. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Business credibility is supported by clear branding, multiple certifications, and physical office addresses in London, Paris, and Lille. Overall, Sparteo presents a professional, trustworthy, and technically mature digital presence.

S

Schwarzwald Tourismus GmbH

schwarzwald-tourismus.de

64

Schwarzwald Tourismus GmbH operates as the official tourism organization for the Black Forest region in Germany, providing comprehensive travel information, accommodation booking services, and event promotion. The website is professionally designed with excellent content quality and clear navigation, targeting tourists interested in nature, culture, and family-friendly activities. Technically, the site uses modern frameworks such as Neos CMS and Flow PHP, integrates analytics via Matomo, and employs cookie consent management through Cookiebot. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, although explicit incident response and vulnerability disclosure information are absent. Overall, the site demonstrates high business credibility and compliance with privacy regulations.

D

DeepAlps Ltd

deepalps.ch

47

DeepAlps Ltd is a Swiss-based technology company specializing in AI and machine learning solutions. Their offerings include AI chatbots, AI search engines, training and consulting services, and custom deep neural network model development. The company emphasizes Swiss data sovereignty and sustainability through partnerships such as with e-Durable, which provides eco-friendly cloud hosting. The website presents a professional and consistent brand image targeting businesses and organizations seeking advanced AI solutions. Technically, the site uses modern JavaScript frameworks and privacy-respecting Matomo analytics, hosted likely on Swiss infrastructure. Security posture is good with HTTPS enabled and no exposed sensitive data, though the absence of security headers and formal policies indicates room for improvement. Overall, the website is well-designed, mobile-optimized, and trustworthy, but lacks explicit privacy and cookie policies, as well as incident response information.

A

Aeschbach

aeschbach-chaussures.ch

58

Aeschbach is a Swiss-based e-commerce retailer specializing in shoes, clothing, and accessories for women, men, and children. The website offers a broad selection of products from over 300 leading brands, emphasizing quality customer service, free shipping, and returns. The platform targets consumers interested in fashion and footwear, positioning itself as a trusted and established player in the Swiss retail market. The business model is primarily online retail with a focus on brand partnerships and customer satisfaction.

E

Electronic Privacy Information Center

epic.org

74

The Electronic Privacy Information Center (EPIC) is a well-established non-profit organization focused on protecting privacy, freedom of expression, and democratic values in the digital age. Founded in 1994, EPIC operates primarily through policy research, litigation, public education, and advocacy. The website reflects a mature digital presence with comprehensive content covering a wide range of privacy and civil liberties issues, targeting policymakers, researchers, and the general public. Technically, the site is built on WordPress with a modern theme and uses Cloudflare for DNS and likely CDN services. It integrates Matomo analytics for privacy-conscious user tracking and Stripe for payment processing. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. Security posture is good with HTTPS enforced and domain transfer protections in place, but could be improved by enabling DNSSEC and implementing security headers. From a security and compliance perspective, EPIC demonstrates strong legitimacy and trustworthiness with transparent contact information and a comprehensive privacy policy. However, the absence of a cookie consent mechanism and explicit security policies or vulnerability disclosures are areas for improvement. No WAF or blocking mechanisms were detected, allowing full content access. Overall, EPIC's website is professional, secure, and credible, supporting its mission effectively. Strategic enhancements in security headers, DNSSEC, and privacy compliance would further strengthen its posture.

C

Center for Internet Security

cisecurity.org

81

The Center for Internet Security (CIS) is a reputable nonprofit organization dedicated to improving cybersecurity for public and private entities by leveraging a global IT community. Their website reflects a professional and well-structured digital presence, offering resources, collaboration opportunities, and cybersecurity best practices. The organization targets IT professionals, businesses, and government agencies seeking to enhance their security posture. Technically, the website employs modern web technologies including Vue.js, jQuery, and Sitecore CMS, supported by analytics and marketing tools such as Matomo, Cookiebot, and Optimizely. The site is mobile-optimized, accessible, and SEO-friendly, indicating a mature digital infrastructure. From a security perspective, the site enforces HTTPS, uses cookie consent mechanisms, and integrates privacy-compliant analytics. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security headers should be verified and a security.txt file could enhance vulnerability disclosure. Overall, CIS presents a low-risk profile with strong business credibility and compliance posture. Strategic recommendations include enhancing security header implementation, formalizing vulnerability disclosure, and continuous monitoring of third-party scripts to maintain security integrity.

N

Naturschutzzentrum Obere Donau

nazoberedonau.de

71

Naturschutzzentrum Obere Donau is a regional nature conservation center in Germany affiliated with the Baden-Württemberg Ministry of Environment. The website provides comprehensive information about nature conservation activities, educational programs, events, and community engagement focused on the Obere Donau region. The site targets the general public, educators, families, and tourists interested in environmental education and nature preservation. Technically, the website is built on the Liferay CMS platform, using modern JavaScript libraries and frameworks such as YUI, jQuery, and Bootstrap. It employs Matomo analytics with cookies disabled to respect user privacy. Security posture is good with HTTPS enforced, though some security headers are not explicitly detected. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. Overall, the website is professional, trustworthy, and well-maintained, serving its non-profit/governmental mission effectively.

Châteaux Rhénans is a European co-financed cultural and tourism project focused on promoting and preserving the heritage of medieval castles in the Upper Rhine region spanning France, Germany, and Switzerland. The project is supported by the Collectivité européenne d’Alsace and funded through the Interreg Rhin Supérieur program, highlighting its strong regional government backing. The website serves as an information hub for tourists, researchers, and cultural enthusiasts, offering details on castles, legends, events, and research activities. Technically, the site is built on modern frameworks including Alpine.js and Umbraco CMS, with good mobile optimization and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks some advanced security headers and explicit incident response information. Overall, the site is professional, trustworthy, and compliant with GDPR, making it a reliable resource for its audience.

V

vioma GmbH

vioma.de

64

vioma GmbH is a medium-sized German company specializing in comprehensive digital solutions for the hospitality industry, including hotel management software, booking systems, channel management, and online marketing services. The company positions itself as a 360° service provider offering innovative and award-winning software tools tailored for hotels and tourism businesses. Their market presence is supported by strong partner integrations and positive customer testimonials, indicating a solid reputation in their sector. Technically, the website is built on the Condeon CMS platform and integrates modern technologies such as Matomo Analytics, HubSpot forms, and Pipedrive for CRM. The site is well-optimized for mobile devices, features good SEO practices, and employs a robust cookie consent mechanism compliant with GDPR. The use of multiple analytics and marketing tools demonstrates a mature digital infrastructure. From a security perspective, the site enforces HTTPS and implements cookie consent with opt-in/out capabilities. However, it lacks explicit security policy documentation and incident response contact details, which are recommended for enhanced transparency and trust. No critical vulnerabilities or exposed sensitive data were detected in the analysis. Overall, vioma GmbH presents a professional, trustworthy, and technically sound online presence with strong compliance to privacy regulations. Strategic improvements in security policy disclosure and incident response readiness would further strengthen their security posture and customer confidence.

G

GRUPPENTOURISTIK.COM

gruppentouristik.com

49

GRUPPENTOURISTIK.COM is a specialized online portal focused on group travel, offering curated destinations, events, accommodations, and bus travel options primarily targeting German-speaking customers. The website presents a professional and content-rich platform that supports group travel planning with a clear focus on leisure and tourism. The business appears established since 2012, with a medium-sized market presence and consistent branding. Technically, the site is built on Drupal 11, leveraging modern libraries and responsive design, ensuring good user experience and mobile optimization. Security posture is solid with HTTPS, cookie consent, and privacy compliance, though some improvements like DNSSEC and enhanced security headers are recommended. No critical vulnerabilities or suspicious content were detected. Overall, the site is trustworthy and well-positioned in its niche.

O

Open Society Foundations

opensocietyfoundations.org

71

Open Society Foundations is a globally recognized philanthropic organization dedicated to promoting freedom, democracy, and human rights through grant giving, research, advocacy, and strategic litigation. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content targeting non-profit organizations, activists, and the general public interested in social justice. Technically, the site employs modern analytics tools such as Matomo and Google Tag Manager, along with cookie consent management, ensuring compliance with privacy regulations. Security posture is strong with HTTPS enforced and secure form handling, although explicit security headers could be verified further. Overall, the site demonstrates high trustworthiness and professionalism, with no signs of blocking or malicious activity.

C

CERN

visit.cern

66

The website visit.cern is the official visitor portal for CERN Science Gateway, providing comprehensive information about visiting CERN, including exhibitions, events, educational resources, and support opportunities. The site targets a broad audience including families, educational groups, and science enthusiasts, positioning itself as a leading educational and scientific outreach platform. The business model is non-profit, aligned with CERN's mission as a premier international scientific research organization. Technically, the site is built on Drupal 10 with modern web technologies such as Bootstrap, jQuery, and Matomo analytics, hosted on CERN's infrastructure, delivering fast and mobile-optimized performance with good accessibility and SEO practices. Security posture is strong with HTTPS enforced and domain transfer protections, though DNSSEC is not enabled and security headers could be improved. Privacy compliance is well addressed with a clear data privacy page and cookie consent mechanisms. Overall, the website is professional, trustworthy, and well-maintained, reflecting CERN's reputable brand and mission.

C

CCSD

episciences.org

65

Episciences is a Diamond Open Access scientific publishing platform operated by CCSD, focusing on overlay journals across multiple disciplines. It serves the academic and research community by providing innovative editorial tools integrated within the European scholarly ecosystem. The platform hosts journals founded recently (2023-2025) and emphasizes open peer review and CC BY 4.0 licensing, positioning itself as a trusted non-profit academic publisher. Technically, the website is built on WordPress with modern web standards, including responsive design, SEO optimization via Yoast, and privacy-conscious analytics using Matomo. Security measures include HTTPS enforcement and hCaptcha integration for form protection, though explicit security headers could be improved. The security posture is solid with no evident vulnerabilities or exposed sensitive data. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. Contact information and legal terms are transparently provided, enhancing business credibility. Overall, Episciences presents a professional, trustworthy, and well-maintained platform suitable for academic publishing, with recommendations to enhance security headers and publish incident response details for further maturity.

V

Visa d.o.o.

visa.si

56

Visa d.o.o. is a Slovenian real estate agency with over 25 years of experience, specializing in property sales, rentals, consulting, contract preparation, property status verification, tax assistance, advertising, valuation, geodetic services, and full transaction management. The company targets individuals and businesses in Slovenia seeking real estate services, positioning itself as a trusted local agency with professional offerings and multiple trust indicators such as licensing and industry memberships. Technically, the website employs a modern tech stack including Bootstrap, jQuery, Font Awesome, and Matomo analytics, with good mobile optimization and moderate performance. Security posture is adequate with HTTPS and Google reCAPTCHA implemented, but lacks some advanced security headers and explicit security policies. Privacy compliance is partial, with cookie consent and terms of service present but no dedicated privacy policy page. Overall, the website is professional, trustworthy, and functional, with room for improvement in privacy and security transparency.

The Zweckverband Regionale Deponie Schwarzwald-Baar-Heuberg operates as a regional public authority responsible for the planning, construction, and management of landfill facilities for non-recyclable mineral waste in the Schwarzwald-Baar-Heuberg region of Germany. The website serves as an informational portal for residents, local government, and stakeholders, providing updates on construction progress, legal documents, and contact information. The organization is positioned as a key regional player in waste management with a clear public service mandate. Technically, the website is built on TYPO3 CMS, leveraging common web technologies such as jQuery and Slick Slider for UI components. It is hosted on Schlund Technologies infrastructure, uses HTTPS, and implements a cookie consent mechanism with Matomo analytics for privacy-conscious visitor tracking. The site demonstrates moderate performance and good mobile optimization, though some improvements in accessibility and security headers could enhance its technical maturity. From a security perspective, the site enforces HTTPS and uses cookie consent to comply with GDPR. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of explicit security policies, incident response contacts, and vulnerability disclosure mechanisms suggests room for improvement in security governance. Overall, the security posture is adequate for a public sector website but could benefit from enhanced transparency and technical controls. The overall risk assessment is low, with the website presenting a trustworthy and professional front for the Zweckverband. Strategic recommendations include implementing security headers, publishing security policies, and maintaining up-to-date software components to further strengthen security and compliance.

N

Naturpark Obere Donau e.V.

naturpark-obere-donau.de

47

Naturpark Obere Donau e.V. operates as a regional non-profit nature park organization in southern Baden-Württemberg, Germany. The website serves as an information hub for visitors and locals interested in nature experiences, regional products, events, and educational resources. The organization maintains a visitor center called 'Haus der Natur' and promotes regional culture and environmental awareness. The site is well-positioned as a trusted regional authority with sponsorship from local government and lottery funds. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates Matomo analytics and Usercentrics for privacy compliance. The site demonstrates good mobile optimization, accessibility, and SEO practices. Security posture is solid with HTTPS and consent management, though it lacks explicit HTTP security headers and a public security policy. Overall, the domain registration and website content align well, indicating legitimacy and trustworthiness.

Move – Zweckverband Verkehrsverbund Schwarzwald-Baar-Heuberg operates a regional public transportation portal providing comprehensive bus and train connection information, ticket sales, and travel planning services for the Schwarzwald-Baar-Heuberg region in Germany. The website serves as a central hub for travelers to access schedules, purchase tickets, and receive traffic updates, positioning itself as a key regional transportation authority. The business model focuses on facilitating mobility and providing customer support through digital channels.

O

OpenAIRE

openaire.eu

69

OpenAIRE is a well-established non-profit initiative providing open science infrastructure and services primarily in Europe. It supports researchers, institutions, and funders with tools and platforms that enable open access, data sharing, and scholarly communication. The organization holds a strong market position as a key contributor to the European Open Science Cloud and offers a comprehensive suite of services that cover the full research lifecycle. Technically, the website is built on Joomla! CMS with modern frameworks like UIkit and integrates analytics tools such as Matomo and Google Analytics. The site is mobile-optimized, accessible, and performs moderately well. Security measures include HTTPS enforcement, reCAPTCHA on forms, and cookie consent management, though some security headers could be improved. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong, with clear policies and consent mechanisms. The WHOIS data is privacy protected under EURid policy, which is typical for EU domains and does not raise suspicion. Overall, the website demonstrates high professionalism, trustworthiness, and a strong commitment to open science principles. Strategic recommendations include enhancing security headers, publishing a security policy and incident response contacts, and maintaining regular audits of third-party components to sustain security and compliance.

C

CERN

home.cern

68

CERN is a globally recognized intergovernmental scientific research organization specializing in fundamental physics. The website serves as a comprehensive portal for scientific research, educational resources, news, and events related to particle physics. It targets scientists, educators, and the general public interested in physics and science. The site is professionally designed, well-branded, and provides rich, relevant content with clear navigation and mobile optimization. Technically, the website is built on Drupal 10 CMS, utilizing modern JavaScript libraries such as Owl Carousel and Prism.js, and employs Matomo for privacy-conscious analytics. The site is hosted securely with HTTPS and enforces clientTransferProhibited status on the domain, though DNSSEC is not enabled, representing a minor security gap. Security posture is solid with HTTPS and some security best practices, but lacks explicit security headers and a public vulnerability disclosure or security.txt file. Privacy compliance is partial due to the absence of visible privacy and cookie policies or consent mechanisms. Contact information is available primarily via contact forms and physical address, with no direct emails or phone numbers exposed. Overall, the website is trustworthy, authoritative, and well-maintained, with recommendations to improve privacy compliance and DNS security to enhance user trust and security posture.

R

Research Organization Registry (ROR)

ror.org

57

The Research Organization Registry (ROR) operates as a global, community-led open registry providing persistent identifiers and metadata for research organizations. It is positioned uniquely in the scholarly infrastructure ecosystem, supported by key organizations such as California Digital Library, Crossref, and DataCite. The website offers comprehensive services including a searchable registry, REST API, and data dumps under a CC0 license, targeting research institutions and data managers worldwide. The business model emphasizes open infrastructure and community governance, fostering transparency and collaboration. Technically, the website is built using the Hugo static site generator and leverages modern web technologies such as jQuery, Plyr.js, FontAwesome, and Matomo analytics. Hosting and DNS are managed via AWS infrastructure, ensuring reliable performance and scalability. The site demonstrates excellent mobile optimization, accessibility, and SEO practices, contributing to a fast and user-friendly experience. From a security perspective, the site enforces HTTPS and employs domain status protections to prevent unauthorized changes. However, it lacks DNSSEC and explicit security headers, and does not provide published security or incident response policies. Tracking is minimal and conducted via Matomo, but no cookie consent mechanism is present, which could be improved for GDPR compliance. Overall, the security posture is solid but could benefit from enhanced transparency and technical controls. The overall risk assessment is low, with no indications of malicious activity or content safety concerns. Strategic recommendations include enabling DNSSEC, implementing security headers, publishing security policies, and adding cookie consent mechanisms to strengthen compliance and trust. The website is professional, trustworthy, and well-aligned with its mission to support open research infrastructure.

C

CERN

cern.ch

68

CERN is a globally recognized intergovernmental scientific research organization specializing in fundamental physics. The website serves as a comprehensive portal for scientific information, news, events, and educational resources targeting scientists, educators, and the general public. It maintains a strong market position as a leader in particle physics research and public outreach. The technical infrastructure is modern, leveraging Drupal 10 CMS and open-source technologies, with good performance and mobile optimization. Security posture is strong with HTTPS enforcement and domain transfer protections, though DNSSEC is not enabled and explicit security policies are not publicly visible. Privacy and cookie policies are not clearly presented, indicating room for compliance improvement. Overall, the website is professional, trustworthy, and content-rich, reflecting CERN's authoritative status in science.

B

Bits of Freedom

jouwplatformrechten.nl

60

The website 'Blijf Luid | Bits of Freedom' is an advocacy platform focused on informing users about their digital rights and new European regulations that empower users to claim their online space more freely and autonomously. It is operated by Bits of Freedom, a non-profit organization based in the Netherlands. The site targets a general audience interested in digital rights and platform freedoms, providing educational content and advocacy resources. Technically, the site is built using modern JavaScript frameworks such as Nuxt.js and Vue.js, with custom fonts and a responsive design optimized for mobile devices. Matomo analytics is employed, reflecting a privacy-conscious approach to user tracking. Security posture is good with HTTPS enforced and no visible vulnerabilities, though the absence of explicit security headers and security policy pages suggests room for improvement. Privacy compliance is limited due to the lack of visible privacy and cookie policies. Overall, the site is professional and trustworthy but could enhance transparency and compliance by publishing relevant policies and contact information.

S

Schwarzwald Tourismus GmbH

schwarzwald-tourismus.info

62

Schwarzwald Tourismus GmbH operates as the official tourism organization for the Black Forest region in Germany, providing comprehensive travel information, accommodation booking services, and promoting regional attractions and events. The website serves a broad audience of tourists and visitors interested in outdoor activities, cultural experiences, and regional highlights. The business model focuses on tourism promotion and facilitating visitor engagement through digital channels and partnerships. Technically, the website is built on the Neos CMS platform using the Flow PHP framework, integrating modern JavaScript libraries and tools such as Google Tag Manager, Matomo Analytics, Cookiebot for consent management, and Eye-Able for accessibility. The site demonstrates good mobile optimization, accessibility, and SEO practices, although some security headers are missing. From a security perspective, the site enforces HTTPS and includes cookie consent mechanisms, but lacks explicit security headers and published security policies or incident response information. No vulnerabilities or malicious content were detected. The WHOIS data is unavailable publicly, likely due to privacy protection, but the website's professional presentation and official contact details support its legitimacy. Overall, the site presents a low risk profile with strong business credibility and a good user experience. Strategic improvements include publishing privacy and security policies, enhancing security headers, and providing vulnerability disclosure information to strengthen trust and compliance.

G

GovConnect GmbH

govconnect.de

73

GovConnect GmbH is a specialized software provider focused on delivering digital solutions for public administrations in Germany. Their portfolio includes products for digital administration, dog and owner management, ordinance management, citizen management, and partner integrations. The company serves over 600 customers nationwide, positioning itself as a niche player in the government technology sector. The website reflects a professional and consistent brand image, targeting government entities seeking modernization and efficiency through digital tools. Technically, the website is built on the ikiss CMS platform, utilizing technologies such as jQuery, Highslide, Flexslider, and Parallax.js. It employs Matomo analytics configured with privacy-respecting settings, including disabled cookies and Do Not Track support. The site is mobile-optimized with good SEO and basic accessibility features. Performance is moderate, with room for improvement in modernization of libraries and frameworks. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms. However, it lacks explicit security policies, incident response contacts, and security.txt files. The use of an outdated jQuery version may pose potential vulnerabilities. No critical security issues or exposed sensitive data were detected. Overall, the security posture is solid but could benefit from enhanced transparency and updated technologies. The overall risk assessment is low, with the website demonstrating professionalism, compliance with privacy regulations, and a clear business focus. Strategic recommendations include publishing a security policy, adding incident response information, upgrading technical components, and enhancing security headers to further strengthen trust and resilience.

C

Centre national de la recherche scientifique (CNRS)

cnrs.fr

63

The Centre national de la recherche scientifique (CNRS) is a leading French governmental research organization active across all scientific disciplines. The website reflects a mature digital presence with comprehensive scientific content, innovation initiatives, and societal challenges addressed. The organization targets researchers, academics, enterprises, and the general public interested in science and innovation. Technically, the site is built on Drupal 10, uses Matomo for analytics, and implements a consent management platform (Axeptio) for GDPR compliance. Security posture is solid with HTTPS and cookie consent, though some security headers and explicit incident response contacts are missing. The WHOIS data is unavailable, likely due to registry privacy policies, but the website's branding and external references strongly support legitimacy. Overall, the site is professional, trustworthy, and well-optimized for users.

E

European Digital Rights (EDRi)

edri.org

58

European Digital Rights (EDRi) is a well-established non-profit network of NGOs, experts, advocates, and academics focused on defending and advancing digital rights across Europe. With over 20 years of history, EDRi operates as a collective advocacy organization providing campaigns, publications, events, and policy influence to protect human rights in the digital environment. The website reflects a professional and consistent brand presence targeting stakeholders interested in digital rights and privacy. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and Matomo Analytics, ensuring good SEO and privacy-respecting analytics. The site is mobile-optimized and includes accessibility features, enhancing user experience and inclusivity. Hosting is managed via Gandi SAS, a reputable registrar and hosting provider. From a security perspective, the site uses HTTPS with a clientTransferProhibited domain status, indicating domain transfer protection. However, DNSSEC is not enabled, and no explicit security headers were detected in the HTML content. The site lacks a cookie consent mechanism and does not publish explicit security or incident response policies, which are areas for improvement. Overall, the website is trustworthy, professionally maintained, and aligned with its mission. The risk level is low, but enhancements in security headers, DNSSEC, and privacy compliance (cookie consent) would strengthen its posture further.

Z

Zenodo

zenodo.org

74

Zenodo is a reputable open research data repository operated by CERN and OpenAIRE, serving the academic and research community by providing safe, trusted, and citable storage for diverse research outputs. It is well-positioned in the open science ecosystem with strong institutional backing and EU funding. The platform offers key services such as DOI assignment, versioning, and GitHub integration, targeting researchers and institutions committed to open science principles. Technically, Zenodo leverages the InvenioRDM framework, is hosted at CERN's Data Centre, and employs modern web technologies ensuring good performance, accessibility, and mobile optimization. Security posture is strong with HTTPS enforcement and domain transfer protections, though DNSSEC is not enabled and no explicit security policy or vulnerability disclosure is published. Privacy compliance is robust with clear privacy and cookie policies and user consent mechanisms. Overall, Zenodo demonstrates a high level of professionalism, trustworthiness, and technical maturity, making it a reliable platform for research data preservation.

U

Universiteit van Amsterdam

uva.nl

71

The Universiteit van Amsterdam (UvA) is a prominent European research university offering a broad spectrum of bachelor, master, and professional education programs. The website reflects a mature digital presence with comprehensive educational content, research highlights, and clear navigation targeting students, researchers, and professionals. The technical infrastructure employs modern web technologies including JavaScript frameworks, SVG icons, and analytics tools such as Matomo and Google Tag Manager, ensuring a responsive and accessible user experience. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and incident response information are absent. Overall, the domain registration data aligns well with the university's identity, supporting legitimacy and trustworthiness.

L

LensDirect

lensdirect.com

58

LensDirect operates as an e-commerce platform specializing in discount contact lenses, targeting consumers seeking affordable vision correction products online. The website demonstrates a moderate level of digital maturity, utilizing modern web technologies such as Vue.js, Nuxt.js, Bootstrap, and multiple third-party marketing and analytics tools including Google Analytics, Matomo, Yotpo, and Trustpilot. The infrastructure leverages cloud-based CDNs like AWS Cloudfront and performance optimization services such as Yottaa. However, the absence of WHOIS domain registration data raises concerns about domain legitimacy and transparency. Security posture is moderate with HTTPS usage and some best practices observed, but lacks critical security headers and explicit privacy or cookie policies, which are essential for compliance and user trust. Overall, the website provides a professional user experience with good content quality but requires improvements in privacy compliance and security hardening.

T

Thüga Solutions

thuega-solutions.de

39

Thüga Solutions is a well-established energy sector specialist group in Germany, offering integrated solutions by combining the expertise of multiple subsidiaries under the Thüga group umbrella. Their services span insurance, renewable energy projects, process and data management, digitalization of municipal utilities, and energy trading. The website reflects a professional and consistent brand image targeting energy companies, municipalities, and city utilities. Technically, the site is built on WordPress with modern plugins for SEO, cookie management, and appointment booking, showing a mature digital infrastructure. Security posture is solid with HTTPS, cookie consent, and no visible vulnerabilities, though some security headers and policies could be improved. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is trustworthy and well-positioned in its market niche.

I

Image Professionals GmbH

imageprofessionals.de

59

Image Professionals GmbH operates a specialized premium content platform aggregating leading international niche image agencies. The company targets media professionals and creative industries, offering licensed images, videos, and editorial services. Their market position is strong within the specialized media content sector, supported by a portfolio of reputable partner agencies. Technically, the website employs a modern but somewhat dated tech stack including React 15.4.0 and jQuery, with good mobile optimization and SEO practices. Security posture is solid with HTTPS and privacy-conscious analytics (Matomo with cookies disabled), but lacks some security headers and explicit cookie consent mechanisms. WHOIS data is unavailable, slightly reducing trust but the professional presentation and structured data support legitimacy. Overall, the site is well-designed, content-rich, and trustworthy for its audience.

K

Kommunaler Zweckverband ITK Rheinland

itk-rheinland.de

62

ITK Rheinland is a municipal IT service provider based in Neuss, Germany, serving primarily public sector clients such as schools and municipal institutions in North Rhine-Westphalia. The organization operates as a Zweckverband (municipal association), positioning itself as one of the largest IT providers in the region. Their key services include IT support, service desk operations, and specialized IT solutions for educational and childcare institutions. The website reflects a professional and consistent brand image with clear contact points and service information. Technically, the website is built on TYPO3 CMS, leveraging modern frontend technologies such as jQuery, Bootstrap, and FontAwesome. It uses Matomo for analytics with consent mechanisms indicated in the tracking code, although no visible cookie banner was detected. Hosting appears to be provided by Deutsche Telekom, inferred from the name servers. The site is mobile optimized, accessible, and SEO friendly, with good performance characteristics. From a security perspective, the site enforces HTTPS and uses Matomo with consent requirements, indicating a privacy-aware approach. However, no explicit security policy or incident response information is published, and no security headers were detected in the provided data. There are no visible vulnerabilities or exposed sensitive data. The WHOIS data shows consistent domain registration with German name servers, supporting legitimacy. Overall, the website is trustworthy, professional, and well-maintained with minor areas for improvement in privacy compliance and security transparency. The risk level is low, but enhancements in cookie consent visibility and security policy publication would strengthen the security posture and user trust.

M

mehrwert intermediale kommunikation GmbH

mehrwert.de

61

mehrwert intermediale kommunikation GmbH is a well-established digital agency based in Cologne, Germany, specializing in TYPO3 CMS, design, web technology, and digitalization services since 1998. The company targets businesses and organizations seeking professional digital project execution with a focus on design and technology integration. Their market position is solid, supported by a professional website and clear service offerings. Technically, the website is built on TYPO3 CMS, uses modern web technologies including SVG and JavaScript, and integrates Matomo analytics with privacy-conscious settings. The site is mobile-optimized and accessible, with good SEO practices. Security posture is strong with HTTPS enabled and no visible vulnerabilities, though security headers could be improved. Privacy compliance is adequate but lacks a cookie consent mechanism. Overall, the website reflects a trustworthy and professional digital agency with room for minor improvements in security and privacy transparency.

J

jweiland.net

jweiland.net

52

jweiland.net is a specialized service provider focused on TYPO3 CMS hosting, support, training, and agency projects. Established in 2000, it holds a strong market position as one of the largest TYPO3 hosting providers worldwide, serving over 36,000 TYPO3 domains. The company offers a comprehensive suite of services including cloud hosting, TYPO3 upgrades, ELTS programs, templates, and educational resources such as video tutorials. Their target audience primarily consists of TYPO3 users, businesses, and agencies seeking reliable hosting and expert support. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries like jQuery and Prism.js, and uses Matomo for privacy-conscious analytics. The site is well-optimized for performance, mobile responsiveness, and SEO, with structured data enhancing search visibility. Hosting is likely based in Germany, aligning with the stated server location and GDPR compliance focus. From a security perspective, the site enforces HTTPS and employs domain status locks to prevent unauthorized changes. However, DNSSEC is not enabled, and no explicit security or incident response policies are published. The absence of a cookie consent mechanism is a minor GDPR compliance gap. Overall, the security posture is solid but could be improved with additional headers and policies. The website is professional, trustworthy, and content-rich, with clear contact information and multiple trust indicators such as certifications and testimonials. No adult or questionable content is present, making it suitable for a general audience. The domain registration data is consistent with the business claims, supporting legitimacy and trustworthiness.

S

SSL.org

ssl.org

58

SSL.org operates as a specialized online platform offering free tools for SSL/TLS certificate checking, CSR generation, and related cryptographic utilities. The website targets IT professionals, web administrators, and security-conscious users seeking to validate and troubleshoot SSL certificate installations. The business is positioned as a niche service provider with a clear focus on SSL security diagnostics and education, supported by IBAN.com as the parent company. The site content is professional, well-structured, and consistent with its stated purpose, though it lacks some standard corporate disclosures such as privacy and cookie policies. Technically, the website employs modern frontend technologies including Bootstrap 5, jQuery, and Matomo analytics for user tracking. The site is mobile-optimized and performs moderately well, though accessibility and SEO optimizations are basic. Security posture is good with HTTPS enforced and secure form handling, but the absence of security headers and explicit incident response contacts limits its security maturity. No vulnerabilities or suspicious content were detected. The WHOIS data is unavailable due to privacy protection, which is common for this type of service and does not raise immediate concerns. However, the lack of registrant transparency and absence of privacy and cookie policies reduce compliance confidence. Overall, the website is trustworthy and functional but would benefit from enhanced transparency and security best practices. Strategic recommendations include implementing comprehensive privacy and cookie policies with consent mechanisms, adding security headers, publishing incident response contacts, and improving accessibility and SEO features to enhance user trust and compliance.

N

nic.at GmbH

tldbox.at

71

nic.at GmbH operates the website www.nic.at and its sister company tldbox GmbH offers comprehensive consulting and registry services for Top-Level-Domains (TLDs). The company is a well-established domain registry operator in Austria with a strong reputation since 1998. Their services include strategic consulting for new gTLD applications, registry backend operations, and domain management. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content relevant to domain services. The company demonstrates a mature digital infrastructure using modern technologies such as Laravel, Bootstrap, and Matomo analytics. Security posture is strong with HTTPS enforcement, ISO 27001 certification, and compliance with GDPR and NIS2 regulations. Cookie consent mechanisms are implemented with detailed user controls. Overall, the website and business present a trustworthy and professional image with no detected vulnerabilities or suspicious activity.

I

ipcom GmbH

rcodezero.at

73

RcodeZero DNS, operated by ipcom GmbH, is a specialized DNS service provider offering Anycast DNS solutions tailored for enterprises, ISPs, registries, and companies. The company emphasizes speed, reliability, and security, leveraging modern Anycast technology to ensure fail-safe and fast DNS resolution globally. Their market position is strong in Europe, supported by ISO 27001 certification and GDPR compliance, reflecting a mature security posture. Technically, the website employs modern frontend technologies such as Tailwind CSS and Alpine.js, with Matomo analytics for privacy-conscious user tracking. The site is well-optimized for performance and mobile devices, providing a professional user experience. Security practices include HTTPS enforcement and a comprehensive cookie consent mechanism, although explicit security headers are not visibly configured. The security posture is solid, with certifications and compliance frameworks in place, but could be enhanced by publishing vulnerability disclosure policies and incident response contacts. The absence of WHOIS data reduces transparency but does not significantly detract from the overall legitimacy given the professional presentation and trust indicators. Overall, RcodeZero DNS presents a trustworthy and technically competent service offering with room for improvement in security transparency and WHOIS data availability.

C

CXP Commerce Experts GmbH

searchhub.io

73

searchHub, operated by CXP Commerce Experts GmbH, is a specialized technology company based in Germany offering an AI-powered add-on to optimize existing ecommerce site search engines. Founded in 2014, the company positions itself as a niche provider enhancing site search performance without requiring replacement of existing search infrastructure. The website demonstrates a professional digital presence with comprehensive content, customer testimonials, and multimedia presentations, targeting ecommerce businesses, operations teams, and developers. Technically, the site is built on WordPress with Elementor and integrates Matomo analytics, reflecting a modern and maintainable infrastructure. Security posture is good with HTTPS and cookie consent mechanisms, though some security headers and incident response information are absent. Privacy compliance is strong with GDPR-aligned policies and consent management. Overall, the site is trustworthy and professionally managed, though WHOIS data is unavailable likely due to privacy protection, slightly reducing transparency.

N

nic.at GmbH

tld-box.at

71

nic.at GmbH operates as the official Austrian registry for .at domains and related TLDs, with a sister company tldbox GmbH providing consulting and registry services for new and existing Top-Level-Domains. The company has a strong market position in Austria and internationally, leveraging over two decades of experience and technical expertise. Their services include strategic consulting for new gTLD applications, registry backend operations, and domain management solutions. The website reflects a professional and trustworthy business with clear contact points and compliance with relevant data protection regulations. Technically, the site uses modern frameworks and privacy-respecting analytics, with a good security posture evidenced by ISO 27001 certification and GDPR/NIS2 compliance. No critical vulnerabilities or suspicious indicators were found. Overall, nic.at and tldbox present a mature, secure, and reliable domain registry service provider.

D

Dipl.Ing. (FH) Florian Simeth

melanie-simeth.de

64

Dipl.Ing. (FH) Florian Simeth operates a professional freelance WordPress development business based in Germany, specializing in plugin and theme development, consulting, and training. The website presents a strong market position with extensive experience, a published book, and numerous client testimonials, targeting WordPress site owners and developers. The technical infrastructure is modern, leveraging Cloudflare DNS, Matomo analytics with privacy-conscious settings, and responsive design. Security posture is good with HTTPS and secure analytics usage, though explicit security headers and policies could be improved. Overall, the site is trustworthy, professional, and well-optimized for SEO and user experience.

T

Thüga

thuega.de

60

Thüga is Germany's largest municipal utility group, comprising around 100 local and regional energy and water suppliers serving millions of customers nationwide. The company focuses on sustainable energy solutions, regional utility support, and digital transformation services. Their market position is strong within the German energy sector, emphasizing collaboration and innovation. Technically, the website is built on WordPress with modern frameworks and includes privacy-conscious analytics (Matomo) and cookie consent mechanisms. Security posture is solid with HTTPS, reCAPTCHA, and no visible vulnerabilities, though some HTTP security headers are missing and no explicit security policy is published. Overall, the site is professional, well-structured, and compliant with GDPR, reflecting a mature digital presence for a large enterprise energy group.

E

Enable JavaScript

enable-javascript.com

52

Enable-JavaScript.com is a specialized educational website dedicated to providing clear, step-by-step instructions on how to enable JavaScript in the most popular web browsers. The site targets general internet users who may have JavaScript disabled and aims to improve their browsing experience by enabling this essential web technology. The website is small in scale, with a focused content offering and multi-language support to reach a global audience. The business model is informational and free access, with some partner links and supporters listed. Technically, the website employs a traditional web stack including jQuery 1.11.2, Lightbox for image display, and analytics tools such as Matomo and Google Analytics. The site uses HTTPS and asynchronous script loading, contributing to a moderate performance and basic mobile optimization. SEO practices are good with proper meta tags and hreflang for internationalization. However, some technical debt is present due to the use of an outdated jQuery version and lack of modern security headers. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security policies, vulnerability disclosure mechanisms, and security headers that are considered best practices. Privacy compliance is basic, with a cookie banner present but no formal privacy or terms of service pages. The contact information is limited to an email address, with no phone or physical address provided. Overall, the security posture is adequate but could be improved with additional policies and technical controls. The overall risk assessment is low given the site's informational nature and lack of sensitive data handling. Strategic recommendations include implementing security headers, updating JavaScript libraries, publishing privacy and security policies, and adding a security.txt file for vulnerability reporting. These improvements would enhance trust, compliance, and security culture, supporting the site's continued reliability and user confidence.