Security Directory

C

Cleverec AB

cleverec.se

42

Cleverec AB operates a specialized SaaS platform called Cleverservice, designed to streamline referee assignments, digital receipts, payments, and tax reporting for sports associations primarily in Sweden. The company has an established market presence since 2014, focusing on a niche segment with tailored services for associations and referees. The website is built on WordPress with the Divi theme, incorporating modern web technologies and analytics tools such as Google Analytics and Google Tag Manager. The site demonstrates good content quality, clear navigation, and mobile optimization, supporting a positive user experience. Security posture is adequate with HTTPS enabled and cookie consent mechanisms in place, though improvements such as enabling DNSSEC and additional security headers are recommended. Privacy compliance is well addressed with a dedicated GDPR page and cookie policy. Overall, the website reflects a professional and trustworthy digital presence aligned with the company's business objectives.

V

Varsego Sverige AB

varsego.se

68

Varsego Sverige AB is a well-established Swedish wholesale distributor specializing in ice cream, beverages, confectionery, protein products, fast food, and bakery items. Operating since 2009, the company serves wholesale customers across 22 localities in Sweden, offering a broad portfolio of market-leading brands such as GB Glace. Their business model focuses on providing local service and delivery with an online ordering platform that supports customer convenience and operational efficiency. The website reflects a mature digital presence with good content quality, clear navigation, and mobile optimization. Technically, the website is built on modern frameworks including ASP.NET Core and Litium CMS, leveraging Cloudflare for DNS and security services. The site integrates Google Tag Manager and CookieTractor for analytics and cookie consent management, respectively. Performance is moderate with good SEO and basic accessibility features. Security posture is strong with HTTPS enforced, security headers present, and anti-forgery protections in place, although DNSSEC is not enabled. Privacy compliance is well addressed with visible privacy and cookie policies, GDPR compliance indicators, and consent mechanisms. Contact information is clearly presented, enhancing business credibility. However, the site lacks explicit security or incident response policies and does not publish a vulnerability disclosure or security.txt file, which could improve transparency and trust. Overall, Varsego.se demonstrates a professional, secure, and compliant online presence suitable for its wholesale business. Strategic improvements in DNS security and explicit security policy publication are recommended to further enhance trust and resilience.

Y

Young Reporters for the Environment

yre.global

54

Young Reporters for the Environment (YRE) is a well-established international non-profit program operated by the Foundation for Environmental Education, focused on empowering youth aged 11-25 to investigate and report on environmental issues globally. The website serves as a platform for education, competitions, and community engagement, leveraging multimedia content and social media channels to reach its audience. Technically, the site is built on Squarespace with integrations such as Google Analytics and YouTube embeds, providing a modern and responsive user experience. Security posture is strong with HTTPS and HSTS enabled, though additional security headers could enhance protection. Privacy compliance is evident with clear GDPR and cookie policies including consent mechanisms. Overall, the site demonstrates a professional and trustworthy presence consistent with its non-profit mission.

F

Foundation for Environmental Education

leaf.global

52

The website www.leaf.global represents the Learning about Ecosystems and Forests (LEAF) programme, operated by the Foundation for Environmental Education, a registered non-profit organization focused on environmental education. LEAF promotes outdoor learning and ecosystem restoration education globally, with implementation in 28 countries and recognition by HundrED’s Global Collection 2024. The site provides educational resources, campaigns, and online courses via the FEE Academy platform. Technically, the site is built on Squarespace, uses modern web technologies, and integrates Google Analytics and Stripe for analytics and payment processing. Security posture is strong with HTTPS and HSTS enabled, no exposed sensitive data, and secure forms. Privacy compliance is well addressed with GDPR-compliant cookie and privacy policies. However, WHOIS data is unavailable due to privacy protection, which is justified for this non-profit entity. Overall, the site is professional, trustworthy, and well-maintained, serving a global educational mission.

F

Foundation for Environmental Education

ecoschools.global

56

Eco-Schools is a globally recognized environmental education programme operated by the Foundation for Environmental Education, engaging millions of students across over 100 countries. The website serves as a comprehensive resource hub offering educational materials, news, events, and online courses to support sustainability education. Technically, the site is built on Squarespace, leveraging modern web technologies and analytics tools, providing a good user experience with mobile optimization and clear navigation. Security posture is strong with HTTPS and HSTS enabled, though additional security headers could enhance protection. Privacy compliance is well addressed with clear GDPR and cookie policies. The absence of WHOIS data limits domain trust verification but does not detract significantly from the overall legitimacy given the organization's established reputation and transparent content.

F

Foundation for Environmental Education

blueflag.global

56

Blue Flag is a globally recognized eco-label program operated by the Foundation for Environmental Education, a registered non-profit organization based in Denmark and England. The website serves as an informational and educational platform promoting sustainable tourism, environmental education, and certification of beaches, marinas, and boats. The organization maintains a strong market position as a leader in voluntary environmental awards with a global network of partners and national operators. Technically, the website is built on Squarespace, leveraging modern web technologies and ensuring secure HTTPS connections with HSTS enabled. Privacy and cookie policies are comprehensive and GDPR compliant, though terms of service and incident response contacts are absent. Social media presence and sustainability policy documents enhance trust and transparency. Overall, the site demonstrates good content quality, technical implementation, and security posture, suitable for its non-profit mission and audience.

T

Tervise Paradiis

terviseparadiis.ee

54

Tervise Paradiis is a well-established 4-star spa hotel and water center located in Pärnu, Estonia, offering a comprehensive range of leisure and wellness services including accommodation, water park facilities, sports complex, bowling, and dining options. The business targets spa and wellness tourists, families, and leisure travelers, positioning itself as a leading hospitality provider in the region. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on WordPress CMS, leveraging modern SEO tools and cookie consent management, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks some advanced security headers and published security policies. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the business. Strategic improvements in privacy compliance and security transparency would enhance trust and compliance.

Talsu Kultūras centrs is a local cultural institution based in Talsi, Latvia, focused on organizing and promoting cultural events, exhibitions, and community activities. The website serves as an information hub for upcoming events and cultural programs, targeting residents and visitors interested in local culture and amateur arts. The business model is that of a public cultural center, supporting cultural policy implementation and community engagement. Technically, the website is built on WordPress 6.8.1 with common plugins and uses Google Tag Manager for analytics. The site is moderately optimized for mobile and SEO but lacks advanced accessibility features. Security posture is basic with HTTPS enabled but missing important security headers and no visible privacy or cookie policies, which impacts compliance and user trust. WHOIS data could not be retrieved, limiting domain legitimacy verification. Overall, the site is functional and informative but would benefit from enhanced security and privacy compliance measures.

C

Conviva

conviva.com

65

Conviva operates a leading real-time performance analytics platform focused on digital experience monitoring for media, streaming, and related industries. The company leverages full-census client-side telemetry to provide actionable insights that improve app performance, user engagement, and operational efficiency. Their market position is strong, supported by customer testimonials, industry awards, and extensive use of modern web technologies. The website is professionally designed, mobile optimized, and SEO friendly, reflecting a mature digital presence. However, the absence of WHOIS registration data raises questions about domain registration status, though the active and rich website content suggests legitimate business operations. Security posture is good with HTTPS and no exposed sensitive data, but lacks explicit security policies and vulnerability disclosures. Privacy compliance is basic with cookie consent but no visible privacy policy. Overall, Conviva presents as a credible and professional technology company with room to improve transparency in privacy and security documentation.

A

ANOC Association of National Olympic Committees

anoc.tv

55

The ANOC.tv website serves as the official digital platform for the Association of National Olympic Committees, a Swiss-based non-profit organization dedicated to supporting and promoting Olympic committees worldwide. The site offers comprehensive coverage of sporting events, news, and specialized programs such as sustainability workshops, targeting Olympic committees, sports professionals, and enthusiasts. The business model focuses on media dissemination and informational services within the Olympic sports ecosystem. Technically, the website leverages modern web technologies including React, Google Tag Manager, Stripe.js, and push notification SDKs, indicating a mature digital infrastructure. The site is mobile-optimized with good design quality and user experience, although some accessibility and SEO aspects could be enhanced. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, but lacks advanced security headers and explicit security policies or incident response contacts. WHOIS data is transparent and consistent with the organization's identity, supporting domain legitimacy. Overall, the website presents a professional and trustworthy front with moderate privacy compliance and security posture. Strategic improvements in privacy policy publication, security headers, and incident response transparency would enhance compliance and user trust.

C

Coopalsa + Nadal

bus.ad

55

Coopalsa + Nadal operates as a primary public transportation service provider in Andorra, offering regular bus lines and related services. The website serves residents and visitors by providing schedules, ticket sales information, and route details. The company maintains a consistent brand presence and engages users through social media platforms such as Facebook, Twitter, and Instagram. The business model focuses on essential transportation services within the country, positioning itself as a key local operator.

R

RAMIRENT BALTIC AS

ramirent.ee

62

Ramirent Baltic AS operates as the largest tool and construction equipment rental service provider in the Baltic region, offering a comprehensive range of rental products and services including 24-hour technical support and modular factory solutions. The company is part of the Loxam Group, a recognized leader in equipment rental, which enhances its market position and credibility. The website reflects a professional and user-friendly digital presence with clear navigation and localized content tailored for Estonian customers. Technically, the website is built on a modern WordPress CMS platform with WooCommerce integration, leveraging popular libraries such as jQuery and Google Tag Manager for analytics and marketing. The site demonstrates good mobile optimization and moderate performance, with a GDPR-compliant cookie consent mechanism and structured data enhancing SEO and user experience. From a security perspective, the site enforces HTTPS and uses Cloudflare bot management cookies, indicating a proactive approach to security. However, some security headers are not explicitly detected, and there is no publicly available security policy or incident response contact, which could be improved to strengthen trust and compliance. Overall, the website presents a trustworthy and professional image with strong business credibility and compliance posture. Strategic improvements in security policy transparency and enhanced accessibility could further elevate the site's maturity and user trust.

C

Churnkey

churnkey.co

64

Churnkey is a technology company founded in 2020, specializing in SaaS solutions aimed at reducing customer churn and enhancing subscriber retention for subscription-based businesses. The website presents a professional and modern design, leveraging advanced frontend frameworks such as Vue.js and Nuxt.js, and is hosted with Cloudflare for performance and security benefits. The company integrates multiple marketing and analytics tools including HubSpot, Dreamdata, Google Tag Manager, and Facebook Pixel, indicating a mature digital marketing approach. However, the site lacks explicit privacy and cookie policies, as well as visible contact information, which impacts its privacy compliance and user trust. Security posture is generally good with HTTPS enabled and Cloudflare protection, but could be improved by enabling DNSSEC and publishing security policies. Overall, the website is functional and professional but would benefit from enhanced transparency and compliance documentation.

A

AS Arstikeskus Confido

1220.ee

45

The website 1220.ee serves as the official Estonian health advice line platform, providing telephone and web chat medical consultation services. It targets Estonian residents and callers abroad, offering guidance on medical issues, prescription renewals, and emergency care decisions. The service operates under the auspices of the Estonian Health Insurance Fund (Tervisekassa) and collaborates with healthcare providers and pharmacies. The site is professionally designed with consistent branding and clear navigation, supporting multiple languages (Estonian and Russian). Technical infrastructure includes modern JavaScript libraries, CDN-hosted resources, and integration with Facebook SDK and Google Tag Manager for analytics and marketing purposes. The site uses HTTPS and shows no signs of blocking or WAF interference, indicating good accessibility and security basics. However, it lacks visible privacy and cookie policies, which impacts GDPR compliance and privacy posture. Contact information is limited to phone numbers with no email or physical address disclosed. No forms collecting personal data are present on the main page, reducing immediate data protection concerns. Overall, the site demonstrates a solid business credibility and technical foundation but requires improvements in privacy compliance and security policy transparency.

N

NürnbergMesse GmbH

chillventa.de

70

Chillventa is a globally recognized exhibition specializing in refrigeration technology, organized by NürnbergMesse GmbH in Germany. The website serves as a comprehensive platform for industry experts, exhibitors, and visitors to connect, showcasing the latest innovations and providing detailed event information. The company holds a leading market position in the energy sector, particularly in refrigeration and related technologies. Technically, the website is built on modern frameworks such as Next.js and Sitecore CMS, hosted on Microsoft Azure infrastructure, ensuring fast performance and excellent mobile optimization. Security posture is strong with HTTPS enforcement and cookie consent mechanisms, although explicit security policies and incident response contacts are not published. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR regulations.

A

Andmik

andmik.ee

45

Andmik is a specialized platform focused on providing data visualization and budget tracking services for Estonian municipalities. The website presents detailed geographic and demographic data for various local governments, targeting municipal officials and stakeholders. The platform leverages modern web technologies including Vue.js and Leaflet for interactive maps, supported by Google Analytics and Tag Manager for user tracking. The domain is registered with a reputable Estonian registrar, Zone Media OÜ, and was created in 2021, aligning with the platform's apparent recent launch. Technically, the website employs a modern JavaScript framework and mapping libraries, ensuring a responsive and interactive user experience. However, there is room for improvement in accessibility and SEO optimization. Security-wise, the site lacks visible security headers and does not enable DNSSEC, which could be enhanced to improve overall security posture. Privacy compliance is weak, with no visible privacy or cookie policies, and no consent mechanisms, which is a significant gap given the use of tracking technologies. Overall, the website is functional and professionally designed but requires improvements in privacy compliance, security best practices, and contact transparency to enhance trust and regulatory adherence. Strategic recommendations include implementing comprehensive privacy and cookie policies, enabling DNSSEC, adding security headers, and providing clear contact and incident response information.

M

Medicover

medicover.com

70

Medicover is a large healthcare provider specializing in diagnostic and healthcare services primarily in Central and Eastern Europe, with recent expansion into India. The company operates through two main divisions, Diagnostic Services and Healthcare Services, targeting patients and healthcare consumers in these regions. The website presents a professional and consistent brand image with comprehensive corporate governance and financial information, indicating a mature business presence. Technically, the website is built on Drupal CMS with Bootstrap framework and integrates modern analytics tools such as Google Analytics and Google Tag Manager. It is mobile optimized and includes a cookie consent mechanism compliant with GDPR. However, explicit security headers are not detected, and there is no visible security policy or incident response information published. From a security perspective, the site enforces HTTPS and uses privacy-compliant analytics configurations. The absence of WHOIS data raises concerns about domain registration legitimacy, which requires further investigation. No critical vulnerabilities or exposed sensitive data were found in the content. Overall, the website demonstrates a good security posture but could improve transparency and security best practices. The overall risk is moderate due to the missing WHOIS data and lack of explicit security policies. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and verifying domain registration details to strengthen trust and compliance.

O

OÜ Tervise Paradiis

veekeskus.eu

44

OÜ Tervise Paradiis operates the largest water center in Estonia, located in Pärnu, offering a wide range of recreational and sports facilities including pools, saunas, bowling, and fitness services. The website is well designed, multilingual, and provides comprehensive information and booking forms for various customer segments such as families, schools, and groups. Technically, the site is built on WordPress with modern plugins and frameworks, and it integrates Google Analytics and Tag Manager for tracking. Security posture is good with HTTPS and secure form handling, though some security headers could be improved and no explicit security policies are published. Privacy compliance is addressed with a privacy policy and cookie consent mechanism. Overall, the domain registration is consistent with the business location and sector, indicating legitimacy and trustworthiness.

T

Toyota Eesti

toyota.ee

72

Toyota Eesti operates as the official Toyota brand presence in Estonia, offering a comprehensive range of automotive products including hybrid and electric vehicles, SUVs, commercial vehicles, and special offers. The website serves as a digital storefront and information hub for Estonian consumers and businesses interested in Toyota's mobility solutions. It reflects Toyota's global brand standards and local market adaptation. Technically, the site is built on Adobe Experience Manager, leveraging modern web technologies such as Adobe Launch for tag management, Datadog for real user monitoring, and OneTrust for cookie consent management. The infrastructure is robust, with CDN usage and integration with Toyota Europe services. Security posture is strong, with HTTPS enforced, privacy-conscious tracking, and no visible vulnerabilities or exposed sensitive data. However, explicit privacy policy and terms of service documents are not detected in the provided content, which is a compliance gap. Overall, the website is professional, trustworthy, and well-optimized for performance and user experience.

I

Invaru OÜ

invaru.ee

65

Invaru OÜ operates as a specialized provider of assistive devices and healthcare-related products in Estonia, offering a comprehensive range of mobility aids, incontinence products, rehabilitation equipment, and personal care items. The company supports its customers through both online e-commerce and multiple physical store locations, providing sales, rental, repair, and consultation services. Their market position is that of a trusted regional player catering to individuals with special needs, elderly customers, and healthcare providers. Technically, the website is built on the nopCommerce platform, integrating modern analytics and marketing tools such as Google Analytics, Facebook SDK, and Klevu Search, reflecting a mature digital infrastructure with good mobile optimization and accessibility features. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though the absence of explicit security policies and vulnerability disclosure reduces transparency. Overall, the site demonstrates moderate to good professionalism and trustworthiness, with room for improvement in privacy compliance and security communication.

E

ENRE OÜ

oakohv.ee

46

ENRE OÜ operates the website oakohv.ee, an Estonian e-commerce platform specializing in the retail and wholesale of coffee products including coffee beans, capsules compatible with Dolce Gusto, Nespresso, and Senseo machines, as well as coffee machines and accessories. The company targets both individual consumers and businesses within Estonia, offering a broad product range with options for bulk purchases and subscription services. The website is professionally designed with clear navigation, product categorization, and detailed product information, supporting a positive user experience.

F

Foundation for Environmental Education

greenkey.global

56

Green Key is a globally recognized environmental certification program operated by the Foundation for Environmental Education, focusing on sustainable operation within the tourism and hospitality industry. The website presents a professional and comprehensive overview of the program, its benefits, and participation process, targeting hospitality businesses and environmentally conscious travelers. The digital infrastructure is built on Squarespace, leveraging modern web technologies and analytics tools such as Google Analytics and Hotjar for user insights. Security posture is strong with HTTPS and HSTS enabled, though additional security headers and incident response information could enhance trust. Privacy compliance is well addressed with clear GDPR and cookie policies. WHOIS data is privacy protected but consistent with the organization's profile, supporting legitimacy. Overall, the website is a credible and effective platform for promoting sustainable tourism certification.

T

Tervisekassa

haigekassa.ee

66

Tervisekassa is a government-related healthcare organization in Estonia responsible for managing national health insurance and providing various health-related benefits and services to insured individuals. The website serves a broad audience including individuals, employers, healthcare providers, and vulnerable groups such as Ukrainian refugees. It offers comprehensive information on health insurance, medical services, preventive screenings, and related administrative procedures. The site is well-structured, multilingual, and integrates modern digital tools to enhance user experience and accessibility. Technically, the website is built on the Drupal CMS platform and leverages several third-party services including Google Analytics, Google Tag Manager, Google reCAPTCHA, Siteimprove, and tawk.to for analytics, marketing, security, and user support. The site is hosted behind Cloudflare DNS, uses HTTPS, and implements a robust cookie consent mechanism compliant with GDPR. Performance and accessibility are rated good, with mobile optimization and clear navigation. From a security perspective, the site enforces HTTPS and uses bot protection mechanisms. However, it lacks explicit security headers and a published security policy or incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent with the website's governmental and Estonian identity, supporting legitimacy. Overall, Tervisekassa's website demonstrates a mature digital presence with strong business credibility and privacy compliance. Strategic improvements could include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to further strengthen trust and security posture.

E

European Olympic Committees

eoctv.org

63

EOC Channel is a specialized media platform operated by the European Olympic Committees, focusing on streaming and rewatching European Olympic sports events such as the European Games and Youth Olympic Festival. The platform targets sports fans and the Olympic community, providing live and on-demand video content. The website demonstrates a consistent brand presence aligned with the European Olympic Committees and offers a user-friendly experience with clear navigation and event-focused content. Technically, the site employs modern JavaScript libraries including jQuery, Splide.js for sliders, and Clappr for video playback, hosted likely on Aruba infrastructure. The site is mobile optimized and includes SEO best practices. Privacy compliance is well addressed with comprehensive privacy and cookie policies and a granular cookie consent mechanism. From a security perspective, the site uses HTTPS and implements cookie consent controls but lacks DNSSEC and advanced security headers, which are recommended for enhanced protection. No WAF or blocking mechanisms are detected, indicating full accessibility. The WHOIS data shows privacy protection typical for such organizations and domain age consistent with the business timeline. Overall, the site is professionally designed, secure, and compliant with privacy regulations, though it could improve security posture by enabling DNSSEC and publishing explicit security policies.

C

CoreIT

cuponline.se

50

CupOnline is a well-established Swedish online platform specializing in the administration of sports cups, tournaments, and series, primarily focused on youth hockey. Operating since 2003 and managed by Abion AB with technology support from CoreIT, it serves a large user base with over 1.5 million participants and thousands of events annually. The platform offers comprehensive services including registration, live reporting, statistics, and integration with third-party services for referees and streaming. The website content is rich and relevant, targeting sports organizers and participants, with a business model supported by partnerships and advertising revenue. Technically, the site is built on ASP.NET WebForms with CoreCMS, featuring moderate performance and basic mobile optimization. Security posture is adequate with HTTPS but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to missing policies and consent mechanisms. Overall, the site is credible and functional but would benefit from enhanced security and privacy practices.

P

PHORIA

phoria.com.au

60

PHORIA is a specialized XR studio based in Australia, focusing on emerging immersive technologies such as Augmented Reality, Virtual Reality, and Mixed Reality. The company positions itself as an award-winning provider crafting impactful stories and experiences using cutting-edge XR technologies. Their target audience includes businesses and organizations seeking innovative immersive solutions. The website reflects a professional and modern digital presence with good design quality and mobile optimization. Technically, the site employs a variety of modern analytics and marketing tools including Google Tag Manager, Facebook Pixel, Hotjar, and Segment Analytics, indicating a mature digital marketing strategy. Security-wise, the site benefits from HTTPS and uses secure third-party scripts but lacks explicit security headers and formal security policies, which are recommended for improvement. The WHOIS data is incomplete and malformed, which raises some concerns about domain registration transparency and trustworthiness. Overall, the website is functional and professional but would benefit from enhanced privacy, security disclosures, and clearer contact information to improve trust and compliance.

T

The European Organisation for Grassroots Sport (ENGSO)

engso-education.eu

60

The European Organisation for Grassroots Sport (ENGSO) operates a dedicated education portal aimed at supporting the development of grassroots sport across Europe. The website offers a comprehensive range of educational resources, research publications, seminars, and e-courses focused on equality, governance, and the societal role of sport. ENGSO positions itself as a leading voice in voluntary grassroots sport, supported by EU funding and partnerships. The target audience includes sport professionals, voluntary organizations, and stakeholders involved in grassroots sport development. Technically, the website is built on WordPress using the Enfold theme and Elementor page builder, leveraging modern web technologies such as Google Tag Manager and Cloudflare Zaraz for analytics and performance. The site is mobile-optimized with good SEO and accessibility practices, although some accessibility features could be enhanced. Performance is moderate, with a well-structured and professional design. From a security perspective, the site enforces HTTPS and includes a Content Security Policy header, indicating a solid baseline security posture. However, additional security headers and formal security policies are absent. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is supported by a comprehensive privacy policy and cookie consent mechanisms, aligning with GDPR requirements. Overall, the website presents a trustworthy and professional front for ENGSO's educational mission. The main limitation is the absence of WHOIS data, which restricts domain trust verification. Despite this, the presence of EU funding disclosures and consistent branding supports legitimacy. Strategic recommendations include enhancing security headers, publishing incident response and security policies, and verifying domain registration details to improve trustworthiness.

T

Tartu County Tourism Foundation

visitnarva.ee

47

Visit Narva is the official tourism website for Narva city and its surrounding county in Estonia, managed by the Tartu County Tourism Foundation. The site provides comprehensive and up-to-date information on local attractions, events, conferences, and travel logistics, targeting tourists, event organizers, and local businesses. It serves as a key regional portal promoting Narva as a travel destination with multilingual support and rich multimedia content including virtual tours and social media integration. Technically, the website is built on Drupal 7 with a moderate performance profile and good mobile and accessibility features. Security posture is adequate with HTTPS and basic security headers, though there is room for improvement in advanced security practices and incident response readiness. Privacy compliance is basic with a cookie consent mechanism and privacy policy present, but lacks detailed GDPR-specific disclosures or a data protection officer contact. Overall, the website is professional, trustworthy, and well-aligned with its business purpose, with a domain registration consistent with its Estonian location and tourism focus.

T

Tartu Welcome Centre

tartuwelcomecentre.ee

40

Tartu Welcome Centre is a local newcomer information and support center based in Tartu, Estonia, founded in 2019. It provides free consultations, registry services, cultural and networking events, and useful information to international newcomers and their families in Tartu and South-Estonia. The organization positions itself as a community-oriented non-profit entity aiming to facilitate smooth integration and settlement for newcomers. The website is built on WordPress with modern SEO and analytics tools, hosted by Zone Media OÜ. The site is well designed, mobile optimized, and offers clear navigation and professional content. However, it lacks formal privacy and cookie policies, which impacts compliance and user trust. Security posture is adequate with HTTPS enabled but could be improved by adding security headers and vulnerability disclosure mechanisms. Overall, the website is trustworthy and functional, serving its target audience effectively.

T

Tiigi Seltsimaja

tartukorraldab.ee

60

Tartu korraldab is a government-affiliated event coordination platform managed by Tiigi Seltsimaja, focusing on organizing and promoting cultural and city-wide events in Tartu, Estonia. The website serves as a central hub for information on major city celebrations such as Tartu linna päev, jõululinn, and other seasonal festivals. The business operates under the official city branding and targets residents and visitors interested in Tartu's cultural life. Technically, the site is built on WordPress with modern plugins like Elementor and Modern Events Calendar, optimized for performance and mobile responsiveness. Security posture is solid with HTTPS, anti-spam measures, and GDPR-compliant cookie consent mechanisms, though explicit security policies and incident response contacts are absent. Overall, the domain registration and website content align well, indicating a legitimate and trustworthy presence.

V

V360 agency

v360.ee

43

V360 Agency OÜ is a small Estonian digital agency specializing in web development, e-commerce solutions, branding, and full digital marketing services. The company positions itself as a smart solution for digital success, targeting businesses seeking to elevate their online presence through comprehensive marketing and branding strategies. Their website showcases a professional design with clear navigation, client testimonials, and a portfolio of projects, indicating a trusted market presence. Technically, the site is built on WordPress with modern JavaScript libraries such as Swiper.js and Tippy.js, and integrates Google Tag Manager and reCAPTCHA for tracking and security. The hosting and domain registration are managed by Zone Media OÜ, a reputable Estonian registrar and hosting provider. Security posture is adequate with HTTPS and reCAPTCHA implemented, but lacks advanced security headers and DNSSEC. Privacy compliance is partial, with a cookie consent mechanism present but no visible privacy policy or terms of service pages. Overall, the website is professional and credible, though improvements in privacy and security policies are recommended.

V

Võrumaa Arenguagentuur SA

vorumaa.ee

39

Võrumaa Arenguagentuur SA operates the website vorumaa.ee as a regional development center serving Southeast Estonia. The organization provides information, consulting, and training services primarily targeting local businesses, non-profits, and municipalities. The website reflects a government or non-profit entity with a clear regional focus and a mission to support economic and community development. The site is built on WordPress using the Divi theme and incorporates modern SEO practices via Yoast SEO. It uses Google Analytics and Tag Manager for analytics and includes a cookie consent mechanism, indicating some attention to privacy compliance. Security measures include HTTPS and Google reCAPTCHA, but explicit security policies and incident response information are absent. Overall, the website is professionally designed with good content relevance and moderate trustworthiness, though it lacks some compliance documentation such as privacy and terms of service pages.

S

SA Jõgevamaa Arendus- ja Ettevõtluskeskus

jaek.ee

45

SA Jõgevamaa Arendus- ja Ettevõtluskeskus (JAEK) is a regional development and entrepreneurship support organization based in Jõgeva County, Estonia. Founded in 2010, it provides a broad range of services including entrepreneurship training, community programs, cultural and tourism promotion, and health and safety initiatives. The website serves as an information hub for local businesses, citizens, and institutions, offering news, project details, and contact information. The organization positions itself as a key regional player in supporting economic and social development.

Global Water Partnership (GWP) is an established international organization focused on water resource management and investment initiatives. The website serves primarily as a landing page announcing a transition to a new phase called the Global Transformation Agenda On Water Investments and directs users to a new website (gwpo-gwp.org). The organization appears to be a non-profit or partnership entity with a global focus on water-related projects. The domain has a long history dating back to 1996, supporting its legitimacy and established presence. Technically, the website uses common web technologies including Google Analytics, Google Tag Manager, and Facebook SDK for tracking and marketing purposes. The hosting provider appears to be Loopia based on DNS nameservers. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. No CMS or major frameworks are detected from the provided data. From a security perspective, HTTPS is enabled, but no DNSSEC or security headers are present, which reduces the overall security posture. There are no visible forms or data collection points on the landing page, limiting attack surface but also limiting user engagement. Privacy and cookie policies are absent, indicating poor privacy compliance. No contact information or incident response details are provided, which may impact user trust and compliance. Overall, the website is functional but minimalistic, with room for improvement in privacy compliance, security hardening, and content richness. The domain registration data aligns well with the organization's identity, supporting trustworthiness. Strategic improvements in security headers, privacy policies, and user engagement features are recommended to enhance the website's credibility and compliance.

Belimo is a global market leader specializing in the development, manufacturing, and marketing of field devices for heating, ventilation, and air conditioning (HVAC) systems. Their core business revolves around actuators, control valves, and sensors, targeting professionals and companies in the HVAC sector. The website is professionally designed, localized in Finnish, and demonstrates a strong brand presence consistent with a large enterprise in the energy sector. Technically, the site uses Magnolia CMS, integrates Google Tag Manager and Cookiebot for analytics and cookie consent management, and is hosted on a robust infrastructure likely leveraging Akamai CDN. Security posture is good with HTTPS enforced and cookie consent implemented, though explicit security policies and incident response information are not publicly available. The absence of WHOIS data for the domain is a notable gap, potentially impacting trust but not necessarily indicating illegitimacy. Overall, the site presents a credible and professional digital presence with room for improvement in privacy transparency and security disclosures.

C

Chiller Oy

chiller.eu

74

Chiller Oy is a Finnish company specializing in innovative cooling, heating, and energy solutions tailored to various applications. The company aims to provide thermal comfort and optimal indoor air quality, positioning itself as a specialized B2B provider in the energy sector. The website reflects a medium-sized enterprise with a professional digital presence, leveraging WordPress CMS and modern SEO and analytics tools. The technical infrastructure is sound, with good mobile optimization and moderate performance. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though improvements in security headers and incident response transparency are recommended. Overall, the website presents a trustworthy and professional image consistent with its business claims.

F

FläktGroup

flaktgroup.com

68

FläktGroup is a company specializing in air technology systems aimed at maintaining clean and healthy indoor air for improved living and professional environments. The website presents a professional and consistent brand image, targeting businesses and professionals in need of air quality solutions. The company appears to be a large entity within the energy sector, offering B2B technology and manufacturing services related to HVAC and air systems. Technically, the website employs modern technologies such as React and .NET, integrates Google Tag Manager and Cookiebot for analytics and consent management, and is served over HTTPS with a valid SSL certificate. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site enforces HTTPS and uses cookie consent mechanisms but lacks explicit security headers and published security policies. The absence of WHOIS data reduces domain trustworthiness, though the website content supports legitimacy. Privacy compliance is moderate, with a cookie banner present but no explicit privacy or terms of service pages detected. Overall, the site is functional and professional but would benefit from enhanced transparency and security disclosures.

A

AS FEB

feb.ee

54

AS FEB is a leading Estonian company specializing in the sale of sanitary technology, electrical systems, heating, tools, and ventilation products. The company operates a comprehensive e-commerce platform complemented by multiple physical stores across Estonia, targeting both retail consumers and business clients. Their market position is strong within Estonia, supported by a broad product range and a dedicated B2B portal. The website is professionally designed, mobile-optimized, and integrates modern e-commerce technologies such as Magento 2, Google Tag Manager, and Facebook SDK for marketing and analytics purposes. Security measures include HTTPS enforcement and Google reCAPTCHA on login forms, ensuring a secure user experience. However, the absence of explicit privacy and terms of service pages indicates room for improvement in compliance and transparency. Overall, the website demonstrates a mature digital presence with good business credibility and technical implementation.

1

1Kelvin

kelvin.ee

50

1Kelvin is an Estonian-based company specializing in technical system planning, design, and installation with a strong focus on energy efficiency and related services. With over 20 years of experience, the company positions itself as a reliable partner for large and complex projects in Estonia, targeting primarily business clients requiring engineering and energy consultancy services. The website reflects a professional and consistent brand image, offering clear information about services and company expertise. Technically, the site is built on WordPress with modern front-end technologies and integrates Google Analytics and Tag Manager for user tracking. The site is mobile optimized and SEO friendly, though accessibility features are basic. Security posture is good with HTTPS enabled and no visible vulnerabilities, but lacks some security headers and explicit incident response information. Privacy compliance is partially addressed with references to cookie and privacy policies but lacks an explicit consent mechanism. Overall, the site is trustworthy and credible with room for improvement in security and privacy transparency.

Paroc Group is an international manufacturer specializing in stone wool insulation products with headquarters in Finland and production units across four countries. The company serves a broad market including building insulation, HVAC, and industrial sectors, with a presence in 14 countries. The website reflects a professional and consistent brand image aligned with its parent company, Owens Corning. Technically, the site employs modern web technologies such as React, Adobe DTM, and Google Tag Manager, supported by AWS Cloudfront CDN for performance. The site is mobile-optimized and accessible with good SEO practices. Security posture is strong with HTTPS enforced and cookie consent managed via Osano CMP, though explicit security headers and policies could be improved. WHOIS data is unavailable, which slightly impacts trust but the overall digital footprint supports legitimacy. Privacy compliance is well addressed with a comprehensive privacy policy and cookie management. Contact is primarily via web forms, with no direct emails or phone numbers exposed. Overall, the site is professional, secure, and compliant with privacy regulations, suitable for its business audience.

E

EB THERM OÜ

ebtherm.ee

43

EB THERM OÜ is an established Estonian company founded in 1993 specializing in ventilation, heating, and climate control equipment sales, installation, maintenance, and consulting. The company targets residential and commercial customers seeking efficient and environmentally sustainable indoor climate solutions. Their website reflects a consistent brand presence with partner affiliations to Dantherm and Cotes, indicating a solid market position in the energy sector. Technically, the website is built on Drupal 7 with jQuery and integrates Google Analytics and Tag Manager for user tracking. The site is mobile-optimized and provides clear navigation and relevant content, though it lacks formal privacy and cookie policies. Security posture is moderate with HTTPS enabled and IP anonymization in analytics, but missing security headers and incident response information reduce overall security maturity. No blocking or WAF mechanisms were detected, allowing full content access and analysis.

E

E-varamu

e-varamu.ee

55

E-varamu is a key Estonian cultural heritage digital platform that aggregates materials from multiple datasets and integrates with the Europeana digital library. It serves researchers and the general public interested in Estonian culture, operating as a non-profit government-related entity. The website is built on WordPress with modern plugins and technologies, offering good SEO, accessibility, and mobile optimization. Security posture is solid with HTTPS, security headers, and cookie consent mechanisms, though explicit security policies and incident response information are not published. The domain registration data aligns well with the website's purpose, indicating legitimacy. Overall, the platform is professional, trustworthy, and technically sound.

M

MTÜ Maakondlikud Arenduskeskused

arenduskeskused.ee

45

MTÜ Maakondlikud Arenduskeskused operates as the largest nationwide network in Estonia providing consulting and training services to startups, active businesses, non-profits, and local governments. Their business model is based on publicly funded, free services aimed at fostering entrepreneurship and community development across all 15 Estonian counties. The website reflects a mature digital presence built on WordPress with modern plugins and SEO optimizations, supporting a good user experience and mobile responsiveness. Security posture is solid with HTTPS and standard best practices, though explicit security policies and headers could be improved. Privacy compliance is evident with a GDPR-aligned privacy policy and cookie consent mechanism. Overall, the site demonstrates high business credibility and trustworthiness with clear contact information and partner network links.

The website www.visitsaulkrasti.lv serves as an official regional tourism portal for Saulkrasti municipality in Latvia. It provides comprehensive visitor information including local attractions, events, accommodation options, dining, and useful tips for tourists. The site targets visitors and tourists interested in exploring the Saulkrasti region, positioning itself as a key local tourism information hub. The business model focuses on promoting local tourism services and events, supporting the hospitality and government sectors. The content is well-structured, visually appealing, and consistent with the brand identity of Saulkrasti tourism. Technically, the website is built on WordPress CMS and utilizes modern JavaScript libraries such as jQuery, Swiper.js for sliders, and Magnific Popup for galleries. It integrates Google Tag Manager and Google Analytics for tracking and marketing purposes. The site demonstrates good mobile optimization and basic accessibility features, with moderate performance. SEO practices are adequately implemented with proper meta tags and structured navigation. From a security perspective, the website enforces HTTPS with excellent SSL configuration. However, it lacks explicit security headers and does not provide a dedicated security or incident response policy. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism, aligned with GDPR requirements. Contact information is transparent and professionally presented, enhancing business credibility. Overall, the website is trustworthy, professionally maintained, and serves its purpose effectively. Strategic improvements could include implementing additional security headers, publishing a security policy or incident response contact, and adding a security.txt file to facilitate vulnerability disclosures. These steps would further strengthen the site's security posture and trustworthiness.

Eesti Toidutee is a well-established platform dedicated to promoting Estonian local food culture and tourism. It connects food producers, restaurants, and consumers by offering curated food routes, event information, and educational workshops. The website targets consumers interested in authentic Estonian food experiences, tourists, and local food businesses. It holds a recognized position in the local hospitality and tourism sector, emphasizing regional food specialties and seasonal offerings. Technically, the website employs a traditional tech stack with jQuery and jQuery UI libraries, Google Analytics, and Google Tag Manager for tracking. While the site is mobile-optimized and offers good user experience with clear navigation and rich content, it uses outdated JavaScript libraries that pose potential security risks. The site lacks modern security headers and explicit privacy or cookie policies, indicating areas for compliance improvement. From a security perspective, HTTPS is enabled, and no sensitive data is exposed in the HTML. However, the absence of security headers and use of outdated libraries reduce the overall security posture. There is no visible incident response or security policy information, which could impact trustworthiness. The WHOIS data aligns well with the website's Estonian focus, showing consistent and transparent registration details. Overall, the website is functional, content-rich, and professionally presented but requires enhancements in privacy compliance and security best practices to improve trust and reduce risk. Strategic updates to technology and policy transparency will strengthen its position as a trusted promoter of Estonian local food culture.

S

SA Jõgevamaa Arendus- ja Ettevõtluskeskus

kultuuritee.ee

44

Kultuuritee.ee is a regional cultural tourism website managed by SA Jõgevamaa Arendus- ja Ettevõtluskeskus, promoting the cultural heritage and tourism opportunities in the Jõgevamaa region of Estonia. The site provides information about cultural routes, events, maps, and local attractions, targeting tourists and cultural visitors interested in exploring Estonian history and culture. The business model is non-profit and focused on regional development and cultural promotion. Technically, the website is built on WordPress with common plugins like Yoast SEO and uses Google Analytics and Tag Manager for visitor tracking. The hosting is provided by Zone Media OÜ, and the domain is registered since 2019, consistent with the site's purpose. Security posture is moderate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is functional, well-branded, and provides relevant content but could improve in privacy and security practices.

S

SportAccord

sportaccord.com

60

SportAccord is a globally recognized organization dedicated to connecting International Sport Federations, cities, right holders, and businesses to shape the future of sport. The website reflects a professional and well-established entity with a strong market position in the sports event and federation engagement sector. Key services include organizing major events such as the SportAccord Convention and the International Federation Forum, alongside providing platforms for sustainability and membership applications. The technical infrastructure is built on WordPress with modern plugins and analytics tools, ensuring a robust digital presence. Security posture is strong with HTTPS enforcement, security headers, and monitoring tools like New Relic, although explicit security policies and incident response details are not publicly disclosed. Overall, the website demonstrates high professionalism, good privacy compliance, and trustworthy business credibility.

S

SportAccord

gaisf.sport

60

SportAccord is a globally recognized organization dedicated to connecting International Sport Federations, cities, right holders, and businesses to shape the future of sport. The website reflects a professional and well-structured platform offering information about major events such as the SportAccord Convention and the International Federation Forum. The organization positions itself as a key player in the sports event and federation engagement sector, supported by the International Olympic Committee and a broad network of partners. The digital infrastructure is built on WordPress with modern plugins and analytics tools, ensuring a good user experience and performance. Security posture is strong with HTTPS enforcement and privacy compliance mechanisms like Usercentrics CMP. However, WHOIS data is privacy protected, limiting transparency on domain ownership, though this is common and justified for such entities. Overall, the website demonstrates a mature digital presence with good content quality, technical implementation, and business credibility.

I

International Paralympic Committee

paralympic.org

75

The International Paralympic Committee (IPC) operates the official website www.paralympic.org, serving as the global authority for Paralympic sports. The site provides comprehensive news, event results, and multimedia content targeted at athletes, fans, and stakeholders worldwide. The organization is positioned as a non-profit international sports governing body headquartered in Germany. Technically, the website is built on Drupal 8 CMS, integrating modern analytics and cookie consent tools such as Google Tag Manager and Cookiebot, ensuring GDPR compliance through explicit cookie consent mechanisms. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. Security posture is strong with HTTPS enforced and anonymized IP tracking, although explicit security headers and incident response information are absent. The lack of WHOIS data limits domain registration transparency but is typical for such international organizations. Overall, the site is professional, trustworthy, and well-maintained, with minor gaps in privacy policy visibility and security disclosures.

I

International Olympic Committee (IOC)

olympic.org

63

Olympics.com is the official digital platform of the International Olympic Committee (IOC), providing authoritative and comprehensive coverage of the Olympic Games, athletes, sports, and related news. The website serves a global audience of sports enthusiasts, athletes, and stakeholders by delivering live event coverage, video highlights, original series, and historical Olympic content. It is positioned as the primary source for Olympic information and media worldwide. Technically, the site employs a modern technology stack including JavaScript frameworks (likely React), advanced search via Algolia, customer identity management through Gigya, and robust analytics with Google Tag Manager and Conviva. The site is hosted on a high-performance CDN (Akamai), ensuring fast load times and excellent mobile optimization. Accessibility and SEO practices are well implemented, supporting a broad and inclusive user experience. From a security perspective, Olympics.com enforces HTTPS with strong SSL configuration and implements key security headers such as Content-Security-Policy and Strict-Transport-Security. The site uses a comprehensive cookie consent mechanism compliant with GDPR, and no critical vulnerabilities or exposed sensitive data were detected. However, the absence of a public WHOIS record and lack of visible incident response contacts or vulnerability disclosure pages suggest areas for improvement in transparency and security communication. Overall, Olympics.com demonstrates a mature digital presence with strong content quality, technical infrastructure, and security posture. The main risks relate to WHOIS data opacity and limited direct contact information for security incidents. Strategic recommendations include enhancing incident response visibility, publishing a security.txt file, and continuous monitoring of third-party scripts to maintain security integrity.