Security Directory

L

Laama

pixie.ee

38

Laama is a small Estonian digital agency specializing in web design, UX/UI design, branding, graphic design, front-end development, websites, and web applications. The website serves as a minimal portfolio and contact landing page, targeting businesses or individuals seeking digital design and development services. The company appears to have been founded around 2018, consistent with the domain registration date. Technically, the website uses standard web technologies including Google Analytics and Google Tag Manager for tracking, and Typekit for fonts. Hosting and domain registration are managed by Elkdata OÜ, a local Estonian registrar and hosting provider. The site is basic in design and content, with moderate performance and basic mobile optimization. SEO and accessibility features are minimal but present. From a security perspective, the site uses HTTPS as indicated by canonical URLs, but no security headers were detected in the provided data. There are no visible forms or inputs, reducing attack surface, but the absence of privacy and cookie policies indicates poor privacy compliance. No incident response or security policy information is available. The WHOIS data is consistent and legitimate, with no suspicious patterns. Overall, the website is functional but minimal, with moderate technical maturity and basic security posture. Strategic improvements in privacy compliance, security headers, and richer contact information would enhance trust and compliance.

V

Visit Lahemaa

visitlahemaa.com

47

Visit Lahemaa is a regional tourism website dedicated to promoting Lahemaa National Park in Estonia. It provides comprehensive information on local attractions, accommodations, dining, transport, and events, targeting tourists interested in exploring this natural and cultural area. The website is multilingual, supporting several languages to cater to a diverse audience. Technically, it is built on WordPress using the Elementor page builder, with integration of common analytics and tracking tools such as Facebook Pixel and Microsoft Clarity. The site is hosted under a legitimate domain registered since 2017, with standard security practices like HTTPS enabled. However, there is room for improvement in privacy compliance, notably the absence of a cookie consent mechanism and limited explicit privacy-related disclosures. Security posture is generally good but could be enhanced by enabling DNSSEC and publishing security policies. Overall, the website is professional and functional, serving its purpose as a tourism information portal effectively.

The website 'Maardu 45' serves as a dedicated platform for celebrating the 45th anniversary of Maardu city in Estonia. It provides residents and visitors with information about the city's history, culture, events, and local government contacts. The site is positioned as a local government information portal aimed at community engagement and city promotion. Technically, the site leverages a modern tech stack including Alpine.js, jQuery, Leaflet for maps, and multiple analytics tools such as Google Analytics and Matomo, hosted likely by Telia Eesti AS. The website is mobile optimized and offers a good user experience with clear navigation and consistent branding. Security-wise, the site uses HTTPS and does not expose sensitive data, but lacks some security headers and formal policies such as privacy and cookie policies, which are important for GDPR compliance. The domain is very recently registered, which is somewhat unusual for a city site but may reflect a new dedicated event domain. Overall, the site is trustworthy and professional but would benefit from enhanced privacy compliance and security best practices.

S

Sõnumitooja

sonumitooja.ee

52

Sõnumitooja is a regional weekly newspaper serving the Ida-Harju region in Estonia, established in 1994 and operating under the Eesti Meediaettevõtete Liit association. The website provides news articles, opinion pieces, and local event coverage, targeting residents and readers interested in regional news. The business model is primarily based on advertising and subscriptions, with a consistent brand presence and good content quality. Technically, the site is built on WordPress with popular plugins such as WPBakery Page Builder and Yoast SEO, hosted by Virtuaal.com OÜ, and demonstrates moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and secure login forms, but lacks explicit security policies, headers, and vulnerability disclosure mechanisms. Privacy compliance is basic, with a cookie consent mechanism but no visible privacy policy or terms of service. Overall, the site is professional and trustworthy, though improvements in security transparency and privacy documentation are recommended.

V

Viimsi vald

viimsi.ee

47

Viimsi vald is the official local government authority for the Viimsi municipality in Estonia, providing a wide range of public services including administration, education, social care, culture, and environmental management. The website serves residents and businesses in the region with comprehensive information, news, and access to municipal services. The site is well-structured and professionally designed, reflecting its role as a government portal. Technically, the site is built on Drupal 9 CMS and integrates modern analytics and tracking tools such as Google Analytics, Microsoft Clarity, and Facebook SDK, while maintaining GDPR-compliant cookie consent mechanisms. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though formal security policies and incident response contacts are not published. Overall, the site demonstrates a mature digital presence suitable for a government entity, with clear contact information and consistent branding.

A

Apotheka

apotheka.ee

59

Apotheka is a leading Estonian online pharmacy and health product retailer offering over 8000 products with fast delivery options including home courier and free pick-up from physical pharmacies. The website targets Estonian consumers seeking pharmaceutical, health, and cosmetic products. The business operates a multi-brand ecosystem including PetCity, Apotheka Beauty, Apollo, and Inimene.ee, indicating a broad market presence. Technically, the site is built on Magento with integrations for Google Tag Manager, Hotjar, and Google Translate, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and no visible vulnerabilities, though explicit security policies and incident response contacts are not found. Overall, the website is professional, trustworthy, and compliant with GDPR, with room for improvement in transparency of security policies and contact information.

E

EOMAP

eomap.ee

39

EOMAP is an established Estonian technology company specializing in cartography and spatial data solutions, with a strong focus on municipal software products such as the Kovgis EVALD system. The company has a solid market position supported by integration with national information systems and a 30-year history. Technically, the website is built on WordPress using the Divi theme and Yoast SEO plugin, indicating a mature digital presence with good SEO and mobile optimization. Security posture is adequate with HTTPS enabled and no obvious vulnerabilities, but lacks advanced security headers and explicit security policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the website is professional and trustworthy but would benefit from enhanced privacy and security disclosures.

J

Järva Vallaraamatukogu

jarvaraamat.ee

45

Järva Vallaraamatukogu operates as a public library service for the Järva County region in Estonia, providing residents with access to books, cultural events, and library services including a mobile library bus. The website serves as an informational portal with news, events, and user resources, targeting local community members and library patrons. The business model is government-funded public service, with a clear focus on community engagement and education. Technically, the website is built on WordPress using the Avada theme and incorporates modern web technologies such as Slider Revolution and Google Tag Manager, indicating a moderate level of digital maturity. The site is mobile optimized and SEO friendly, with structured data enhancing search visibility. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though security headers are not detected and no explicit security or incident response policies are published. Overall, the site is trustworthy and professionally maintained, reflecting its public institution status.

Z

Zone Media OÜ

visitjarva.ee

44

Visitjarva.ee is a regional tourism information website focused on Järvamaa (Järva County) in Estonia. It provides comprehensive information about local events, accommodation, cultural and historical sites, nature activities, food, wellness, and seminar facilities. The site targets tourists and visitors interested in exploring the region, offering curated content and links to social media channels for engagement. The business operates under Zone Media OÜ, with a domain established in 2016, indicating a stable presence in the regional tourism market. Technically, the website is built on WordPress CMS, utilizing common libraries such as jQuery, Owl Carousel, LazySizes, and Lightbox for enhanced user experience. SEO is well addressed through Yoast SEO plugin and structured data (JSON-LD). The site is mobile optimized and performs moderately well, though accessibility features are basic. Hosting and domain registration are consistent and transparent, managed by Zone Media OÜ. From a security perspective, the site enforces HTTPS with excellent SSL configuration and includes a cookie consent banner, demonstrating basic privacy compliance. However, it lacks explicit privacy policy and terms of service pages, security headers, and a vulnerability disclosure mechanism. No incident response or security policy information is published, which could be improved to enhance trust and compliance. Overall, the website is a good quality regional tourism portal with solid business credibility and technical implementation. Strategic improvements in privacy documentation, security headers, and incident response transparency would elevate its security posture and compliance standing.

Skepast & Puhkim OÜ is a leading Estonian consultancy specializing in infrastructure, environmental, and spatial planning services with over 15 years of experience. The company offers expert engineering and consulting services including infrastructure design, environmental impact assessments, and spatial planning solutions. Their market position is strong within Estonia, supported by a medium-sized team of 40 experts and a professional digital presence. The website is well-structured, multilingual, and provides clear contact channels and business information. Technically, the site is built on WordPress with modern frameworks like Bootstrap and integrates Google Analytics and Tag Manager for traffic analysis. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although some security headers could be improved. Privacy compliance is robust with a comprehensive privacy policy and cookie consent banner. No critical vulnerabilities or suspicious WHOIS patterns were detected, indicating a trustworthy domain and business operation.

T

Tapa Valla Spordikeskus

tapasport.ee

46

Tapa Valla Spordikeskus is a municipal sports center in Lääne-Virumaa, Estonia, offering diverse sports facilities including swimming pools, gyms, health trails, and event hosting. The website serves local residents and sports enthusiasts with information on training, events, and additional services such as accommodation and seminar rooms. The business operates under a government sector model, founded in 2020, and maintains a consistent and professional online presence with active social media channels. Technically, the site is built on WordPress with modern plugins and SEO tools, hosted by Virtuaal.com OÜ, and optimized for mobile devices with good performance and accessibility. Security posture is strong with HTTPS and no visible vulnerabilities, though security headers and explicit privacy and cookie policies are missing, representing compliance gaps. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and security best practices.

Z

Zone Media OÜ

puhkaeestis.ee

67

PuhkaEestis.ee is a professional tourism portal focused on promoting Estonia's unique cultural, natural, and recreational offerings to visitors. The website is well-established, with a domain age dating back to 2010, and is operated by Zone Media OÜ. It targets tourists and travelers interested in exploring Estonia, providing curated content on activities, destinations, and local experiences. The site leverages modern web technologies including Next.js and React, hosted on AWS infrastructure, ensuring good performance and mobile optimization. Privacy compliance is robust, featuring a comprehensive cookie consent mechanism aligned with GDPR requirements. However, explicit contact information, terms of service, and security policy pages are not publicly available, which could be improved to enhance transparency and trust. Security posture is strong with HTTPS enforcement and monitoring tools like New Relic in place, but incident response details are absent. Overall, the site presents a trustworthy and professional front for Estonia's tourism promotion, with room for improvement in compliance documentation and contact accessibility.

E

eHost OÜ

arenduskeskus.ee

40

Investor.ee is a small Estonian educational website focused on providing information and guidance about investing and financial growth. The site targets individuals and organizations interested in learning about investment strategies, risk management, and financial planning. The business operates primarily as an informational resource with content in Estonian, positioning itself as a niche player in the finance education sector. The website is built on WordPress using modern themes and plugins, with a moderate level of technical maturity and good mobile optimization. Security measures include HTTPS enforcement and Google reCAPTCHA integration, although some security best practices such as security headers and explicit privacy policies are missing. Overall, the site demonstrates a moderate security posture with room for improvement in privacy compliance and security transparency.

T

The Hertz Corporation

hertz.co.uk

67

The Hertz Corporation operates a comprehensive car and van rental service platform targeting customers primarily in the UK and worldwide. The website offers a broad range of services including daily car hire, electric vehicles, long-term business rentals, and van hire, supported by loyalty programs such as Gold Plus Rewards. The site is professionally designed with good content quality and clear navigation, optimized for mobile devices. Technically, the platform leverages modern JavaScript frameworks, Google Tag Manager, Google Analytics, and Stripe for payments, alongside security tools like Google reCAPTCHA Enterprise and a cookie consent mechanism powered by Securiti.ai. Security posture is strong with HTTPS enforced and no visible vulnerabilities, although explicit security headers could be improved. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent banner. WHOIS data for the subdomain queried is unavailable due to Nominet rules, but the main domain is legitimate and consistent with the business. Overall, the website demonstrates a mature digital presence with robust security and privacy practices.

G

Goldcar Spain S.L.

goldcar.es

63

Goldcar Spain S.L. operates a large car rental service with over 95 offices across multiple countries, primarily in Southern Europe. The company is a subsidiary of Europcar, positioning it as a significant player in the transportation rental sector. The website offers multilingual support, currency selection, and a comprehensive booking system, targeting travelers seeking affordable car rentals. Technically, the site uses modern frameworks such as Bootstrap and integrates performance and consent management tools like Akamai Boomerang and Didomi SDK. Security posture is strong with HTTPS enforcement and cookie consent mechanisms, though explicit security headers could be verified further. The absence of WHOIS domain registration data is a transparency concern but does not detract from the overall legitimacy indicated by the brand presence and structured data. Overall, the website is professional, user-friendly, and compliant with GDPR requirements.

G

Goldcar

ongoldroad.com

63

Goldcar is a large car rental company operating over 115 offices primarily in Europe and the United States, targeting travelers and tourists. The company is part of the Europcar Mobility Group, which enhances its market credibility and operational scale. The website is professionally designed, mobile-optimized, and provides comprehensive information about office locations and services. Technically, the site uses modern frameworks such as Bootstrap, integrates Google Tag Manager and Akamai Boomerang for analytics and performance monitoring, and employs Didomi for consent management, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and incident response policies are not publicly disclosed. WHOIS data is unavailable, likely due to privacy protection, but the website's professional presentation and association with Europcar support its legitimacy. Overall, the site scores well on content quality, technical implementation, security, privacy compliance, and business credibility.

G

Goldcar

goldcarhelp.com

54

Goldcar is a well-established car rental company operating primarily in Spain with a strong presence in major tourist destinations. The company offers a variety of car rental services, including innovative features like the Key'n Go automatic key pickup system and a loyalty program called GO Club. The website serves as a comprehensive help center supporting customers with FAQs, booking assistance, and contact options. Technically, the website uses modern frontend technologies such as Bootstrap, jQuery, and Google Tag Manager, hosted on a CDN likely provided by Akamai, ensuring moderate performance and good mobile optimization. Security posture is generally good with HTTPS enforced and secure forms, but lacks some security headers and explicit cookie consent mechanisms. The absence of WHOIS registration data is a notable concern, impacting trust and legitimacy assessments. Overall, the site is professional and functional but would benefit from enhanced security and privacy compliance measures.

G

Green Motion

greenmotion.com

70

Green Motion is a UK-based car and van rental company established in 2007, specializing in low CO2 emission vehicles and sustainable travel solutions. The company operates a global franchise model offering eco-friendly vehicle rental services, including electric vehicles. Their website is professionally designed, multilingual, and optimized for mobile users, reflecting a mature digital presence. Technically, the site employs modern frameworks such as Bootstrap and integrates multiple analytics and marketing tools, including Google Analytics, Microsoft Clarity, and Facebook Pixel, indicating a data-driven approach to customer engagement. Security-wise, the website enforces HTTPS, uses security headers, and implements cookie consent mechanisms, though it lacks DNSSEC and a public security policy or incident response contacts. Overall, the site demonstrates good security hygiene and privacy compliance, with room for improvement in transparency and DNS security. The domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

G

Goldcar Spain S.L.

goldcar.com

63

Goldcar Spain S.L. operates a large car rental service with over 95 offices across multiple countries, primarily in Europe. The company is a subsidiary of Europcar, positioning it as a significant player in the transportation rental industry. The website is professionally designed, mobile-optimized, and provides comprehensive content including offers, destinations, and customer reviews. Technically, the site uses modern frameworks like Bootstrap and integrates third-party services such as Google Tag Manager and Didomi for consent management, hosted likely on Akamai infrastructure. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers could be improved. WHOIS data is unavailable, which slightly impacts trust but the overall business credibility remains high due to consistent branding and corporate affiliations. Privacy compliance is well addressed with GDPR-consistent cookie policies and consent banners.

B

Budget Rent a Car

budget.com

75

Budget is a globally recognized car rental company operating under the Avis Budget Group umbrella. The website provides vehicle rental services including cars, trucks, and vans, targeting both leisure and business travelers. The brand maintains a strong market position with a professional online presence and comprehensive service offerings. Technically, the website employs modern JavaScript frameworks, integrates multiple analytics and marketing tools, and implements accessibility and privacy compliance features effectively. Security posture is robust with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not publicly available. The absence of WHOIS data is notable but does not detract from the overall legitimacy of the site given the brand's prominence. Strategic recommendations include publishing detailed security policies and incident response information to enhance trust and compliance.

D

Dollar Car Rental

dollar.com

66

Dollar Car Rental operates a professional and user-friendly website offering car rental services across Europe with over 400 locations. The company targets budget-conscious travelers and provides flexible rental options with an emphasis on ease of booking and management. The website demonstrates a mature digital presence with modern technologies and compliance mechanisms such as cookie consent and privacy policies. However, the domain WHOIS data is missing, which raises concerns about domain registration legitimacy despite the professional branding and content. The site uses HTTPS and includes CSRF tokens in forms, but lacks explicit security headers and published incident response policies. Overall, the website is functional and trustworthy from a user perspective but would benefit from improved transparency on domain registration and enhanced security practices.

T

Thrifty Car Rental

thrifty.com

66

Thrifty Car Rental operates a professional and user-friendly website offering car rental services primarily across Europe. The company targets both business and leisure travelers with a broad fleet including electric and economy vehicles. The website demonstrates a mature digital presence with responsive design, clear navigation, and integration of modern technologies such as Google Tag Manager and cookie consent management via Securiti.ai. However, the absence of WHOIS registration data for the domain www.thriftycars4rent.com raises concerns about domain legitimacy, despite the website's strong branding alignment with the parent company Hertz. Security posture is generally good with HTTPS enforced and CSRF tokens in forms, but lacks explicit security headers and published security policies. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is functional and trustworthy from a user perspective but requires verification of domain registration and enhancement of security transparency.

Rakvere Linnavalitsus operates as the local government authority for the city of Rakvere, Estonia, providing a wide range of municipal services including public administration, social welfare, urban planning, crisis management, and cultural and sports activities. The website serves residents, visitors, and local businesses with comprehensive information and e-services. The organization maintains a medium-sized municipal operation with a well-structured digital presence. Technically, the website is built on the Liferay CMS platform, utilizing technologies such as jQuery, Bootstrap, and Google Tag Manager for analytics. The site is mobile-optimized and features clear navigation and professional design. Security-wise, the site enforces HTTPS and avoids exposing sensitive data, but lacks some modern security headers and incident response contacts. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. Overall, the website is trustworthy and legitimate, reflecting a stable municipal entity with room for improvements in privacy and security practices.

Vormsi.ee is the official local government and community information portal for Vormsi island, Estonia. The website provides current news, event calendars, administrative information, and local services primarily targeting residents and visitors of Vormsi. It is positioned as a trusted source of local information with a focus on community engagement and tourism. The site is multilingual, supporting Estonian, English, and Swedish languages, enhancing accessibility for diverse audiences. The business model is informational and governmental, with no evident commercial transactions. The domain is well-established since 2010, reinforcing its credibility and local presence. Technically, the website is built on WordPress CMS using a modern tech stack including PHP, jQuery, and popular plugins such as Yoast SEO and WPML for multilingual support. The site uses Google Tag Manager for analytics and employs a responsive design optimized for mobile devices. Performance is moderate with good SEO practices implemented. However, accessibility features are basic and could be improved. From a security perspective, the site uses HTTPS with a good SSL configuration, but lacks visible security headers such as Content-Security-Policy or X-Frame-Options. There is no evidence of a published privacy policy, cookie consent mechanism, or incident response information, which are important for GDPR compliance and user trust. No security.txt or vulnerability disclosure information is present. The site does not appear to be behind a WAF or security challenge, and no critical vulnerabilities were detected in the provided content. Overall, Vormsi.ee is a credible and professionally maintained government website with good content quality and technical implementation. To enhance security posture and compliance, it should publish privacy and cookie policies, implement security headers, and provide clear contact information for incident response. These improvements will strengthen user trust and regulatory compliance.

Novian Eesti OÜ operates the KOVTP service portal, providing IT infrastructure and software development services primarily targeted at local governments in Estonia. The company has a long-standing history dating back to 1970 and is part of the Novian group, positioning itself as a key player in e-government solutions. The website is professionally designed, mobile-optimized, and provides clear contact information and user support resources. Technically, the site uses Liferay CMS, jQuery, Bootstrap, and integrates Google Analytics and Tag Manager for tracking. Security posture is good with HTTPS enforced and cookie consent implemented, though some security headers are missing and jQuery version is outdated. Privacy compliance is adequate with a cookie policy and GDPR considerations, but no explicit privacy or security policies are prominently available. Overall, the domain registration aligns well with the business identity, indicating legitimacy and trustworthiness.

A

Alutaguse vald

alutagusevald.ee

53

Alutaguse vald operates as a local government entity in Estonia, providing a broad range of public services including social welfare, environmental management, urban planning, and cultural activities. The website serves as an information portal for residents and stakeholders, offering detailed navigation to various municipal services and administrative resources. The business model is typical of a public sector organization focused on community service and governance. The website is positioned as an official government resource with a clear focus on transparency and accessibility to local information. Technically, the website is built on the Liferay CMS platform, utilizing standard web technologies such as jQuery, Google Fonts, and Font Awesome. It integrates Google Tag Manager for analytics and tracking purposes. The site demonstrates moderate performance and good mobile optimization, with a structured and consistent design. SEO and accessibility are adequately addressed, though accessibility could be improved further. From a security perspective, the website enforces HTTPS and implements several security headers, indicating a good baseline security posture. There are no visible vulnerabilities or exposed sensitive data. However, the absence of an explicit cookie consent mechanism and published security or incident response policies suggests room for improvement in compliance and transparency. No WAF or blocking mechanisms were detected, and WHOIS data confirms the legitimacy and consistency of the domain registration with the website's government affiliation. Overall, the website presents a trustworthy and professional front for the Alutaguse vald municipality, with solid technical and security foundations. Strategic enhancements in privacy compliance, accessibility, and security policy transparency would further strengthen its position and user trust.

Z

Zone Media OÜ

hiiumaa.ee

48

The website hiiumaa.ee serves as a comprehensive tourism information portal for Hiiumaa island in Estonia, providing visitors with details on events, accommodation, transport, and local attractions. It targets tourists and visitors interested in exploring the island, positioning itself as a regional tourism promotion platform. The business behind the domain is registered as Zone Media OÜ, an Estonian company, with the domain established in 2010, indicating a mature presence in the market. Technically, the site is built on WordPress 6.7.2 with a modern tech stack including Yoast SEO, Google Tag Manager, Facebook Pixel, and multilingual support via WPML. The site demonstrates good mobile optimization, accessibility, and SEO practices. Cookie consent mechanisms are implemented, reflecting awareness of privacy compliance requirements. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks DNSSEC and explicit security headers such as Content-Security-Policy or X-Frame-Options. No exposed sensitive data or vulnerable libraries were detected in the HTML content. However, the absence of a published security policy or incident response contact limits transparency. Overall, the website presents a professional and trustworthy front for regional tourism promotion, with moderate tracking and advertising practices. The lack of explicit privacy and terms of service policies is a compliance gap. Strategic improvements in security headers, privacy documentation, and incident response transparency would enhance the site's security posture and user trust.

V

Viimsi vald

viimsivald.ee

47

Viimsi vald is the official municipal government entity for the Viimsi region in Estonia, providing a broad range of public services including planning, social welfare, education, culture, and infrastructure management. The website serves as a comprehensive portal for residents and stakeholders, offering news, event information, service guides, and contact details. It maintains a strong local government presence with clear communication channels and social media integration. Technically, the website is built on Drupal 9 CMS, leveraging modern JavaScript libraries and analytics tools such as Google Analytics and Microsoft Clarity. The site is mobile-optimized and demonstrates good SEO and accessibility practices, although some accessibility features could be enhanced. Hosting and domain registration are consistent with a reputable Estonian registrar, Elkdata OÜ, supporting the site's legitimacy. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms aligned with GDPR requirements. However, it lacks explicit security policies, incident response contacts, and some recommended security headers, which could be improved to strengthen its security posture. No critical vulnerabilities or exposed sensitive data were detected. Overall, Viimsi vald's website is a trustworthy, well-structured government portal with good content quality and technical implementation. Strategic improvements in security headers, incident response transparency, and accessibility would further enhance its robustness and user trust.

K

Kuusalu vallavalitsus

kuusalu.ee

50

Kuusalu vallavalitsus is the official local government authority for the Kuusalu municipality in Estonia, providing a wide range of public services including governance, social welfare, education, culture, environment, and crisis preparedness. The website serves residents, local businesses, and visitors by offering comprehensive information and access to municipal services. The site is built on the Liferay CMS platform and uses common web technologies such as jQuery, Bootstrap, and Font Awesome, with tracking enabled via Google Analytics and Google Tag Manager. The website is mobile optimized and presents a professional and consistent brand image aligned with government standards. Security-wise, the site enforces HTTPS but lacks visible security headers and uses an outdated jQuery version, which could pose vulnerabilities. Privacy compliance is weak due to the absence of visible privacy and cookie policies. Overall, the website is functional and credible but would benefit from security and compliance improvements.

J

Jõelähtme Vallavalitsus

joelahtme.ee

53

Jõelähtme Vallavalitsus operates as the official municipal government portal for the Jõelähtme vald region in Estonia, providing residents and stakeholders with comprehensive information on local governance, services, events, and community resources. The website serves as a critical communication channel for the municipality, offering structured navigation and regularly updated news content. The target audience includes local residents, businesses, visitors, and public sector partners. The business model is that of a governmental public service provider with a focus on transparency and community engagement. Technically, the website is built on the Liferay CMS platform, utilizing technologies such as jQuery, Bootstrap, Font Awesome, and Google Fonts. It integrates social media via Facebook and uses Google Tag Manager for analytics. The site is hosted likely by Telia Eesti AS, consistent with the domain registrar information. The website demonstrates good mobile optimization and moderate performance, though some technologies like jQuery are outdated. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks visible security headers and a cookie consent mechanism, which are important for compliance and security hardening. No vulnerability disclosure or incident response policies are published, representing an area for improvement. Overall, the security posture is solid but could benefit from enhanced compliance and transparency. The overall risk assessment is low, with the site appearing trustworthy and professionally maintained. Strategic recommendations include implementing cookie consent, adding security headers, updating legacy libraries, and publishing security policies to enhance compliance and user trust.

X

XetNET

xetnet.fi

62

XetNET is a Finnish-based hosting and domain registration company established in 2002, offering a range of web hosting solutions including webhotelli packages, virtual servers, Docker services, and business email. The company emphasizes local Finnish hosting infrastructure and customer service, positioning itself as a reliable and performance-oriented provider in the Finnish market. Their website is professionally designed, mobile-optimized, and provides clear navigation and service descriptions. Technically, the site uses WordPress with modern technologies such as LiteSpeed Cache, PHP 8.x, Redis, and Docker, ensuring good performance and scalability. Security posture is strong with HTTPS, security headers, and a comprehensive cookie consent mechanism that complies with GDPR. However, explicit security policies and incident response information are not publicly available, which could be improved to enhance transparency. Overall, the site reflects a mature, trustworthy business with good digital maturity and compliance practices.

S

S-ryhmä

s-kanava.fi

59

The website www.s-kanava.fi represents S-ryhmä, a major Finnish retail and banking group offering customer loyalty programs and banking services. The site promotes the S-Etukortti loyalty card and associated benefits, targeting Finnish consumers. Technically, the site is built using modern React and Gatsby frameworks, with integration of Usercentrics for cookie consent and Google Tag Manager for analytics. The site is well-secured with HTTPS and appropriate security headers, reflecting a good security posture. However, explicit privacy policy, terms of service, and contact information are not found in the provided content, indicating areas for compliance improvement. Overall, the site is professional, trustworthy, and technically sound, but could enhance transparency and privacy compliance documentation.

H

Havaş

havas.net

64

Havaş is a well-established Turkish transportation and ground services company, founded in 1999, specializing in airport ground handling, bus services, and cargo warehousing. The website reflects a professional and modern digital presence with a focus on service offerings relevant to airlines, airports, and passengers. The technical infrastructure leverages popular front-end frameworks like Bootstrap and integrates multiple analytics tools such as Google Analytics and Yandex Metrika, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enabled and domain transfer protections in place, but lacks advanced DNS security (DNSSEC) and security headers, which are recommended for enhanced protection. Privacy compliance is weak due to the absence of visible privacy and cookie policies or consent mechanisms, which could pose regulatory risks. Overall, the website is functional and credible but would benefit from improvements in privacy transparency and security hardening.

Copix is a modern digital printing company based in Estonia, offering a wide range of printing products and services such as labels, floor stickers, books, and interior decoration prints. The company targets businesses and individuals requiring quality printing solutions and operates an e-commerce platform for convenient ordering. The website is built on WordPress with modern technologies including Bootstrap, jQuery, and integrates multiple marketing and analytics tools such as Google Analytics and Facebook Pixel. Security posture is basic with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and DNSSEC. The domain is newly registered in 2024, consistent with the business's apparent recent establishment. Contact information is comprehensive and transparent, enhancing business credibility.

General Public is an independent branding and design agency based in Newcastle upon Tyne, UK, founded in 2009. The company focuses on providing creative branding and design services to a niche market of businesses and organizations seeking professional brand development. Their website reflects a consistent and professional brand image, with a clear presentation of their portfolio and thought leadership content. Technically, the website is built on WordPress with modern SEO and analytics tools integrated, including Yoast SEO and Google Analytics. The site is mobile optimized and performs moderately well, though accessibility features could be improved. Security posture is solid with HTTPS enabled and no visible vulnerabilities, but lacks security headers and formal privacy and cookie policies, which are compliance gaps. Overall, the business appears credible and established with a moderate trust level, but should enhance privacy compliance and security best practices to improve user trust and regulatory adherence.

T

Tuumik Stuudio OÜ

tuumik.ee

49

Tuumik Stuudio OÜ is an established Estonian graphic design and photography studio founded in 2007. The company specializes in visual identity, illustration, print preparation, and photography services, targeting cultural institutions and corporate clients. Their website showcases a comprehensive portfolio demonstrating professional design and consistent branding. Technically, the site is built on WordPress with modern SEO and analytics tools, providing a good user experience and mobile optimization. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks security headers and formal privacy or cookie policies, indicating compliance gaps. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices.

R

RP9 OÜ

rp9.ee

43

RP9 OÜ operates a pub named Pubi RP9 located at Raekoja Plats 9 in Tartu, Estonia. The business focuses on hospitality services including food and beverage offerings, sports event broadcasting, and table reservations. The website provides a comprehensive menu with detailed descriptions and pricing, targeting local residents and visitors interested in social dining and sports entertainment. The company is a small-sized entity founded in 2017, with a consistent brand presence and clear contact information. Technically, the website is built on the concrete5 CMS platform, utilizing common web technologies such as jQuery, Bootstrap, and Google Analytics. The site is mobile-optimized and offers a good user experience with clear navigation and professional design. Security-wise, the site uses HTTPS and avoids exposing sensitive data, but lacks important security headers and formal security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the domain registration is transparent and consistent with the business claims, indicating legitimacy.

T

Taararing OÜ

taararing.ee

42

Taararing OÜ is an Estonian company specializing in full solutions for deposit points and cleaning services for businesses, operating since 2006. The company serves retail stores and enterprises by managing deposit acceptance and providing cleaning services, employing approximately 50 people. Their market position is that of a trusted local service provider with a solid client base and over 16 years of experience in deposit acceptance management. Technically, the website is built on Concrete CMS with modern frontend technologies including Bootstrap 5 and jQuery, and integrates Google Analytics and Tag Manager for tracking. The site is mobile optimized and has good SEO practices, though accessibility is basic. Security posture is adequate with HTTPS enabled but lacks security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies and no consent mechanism. Overall, the website is professional and credible but could improve in compliance and security transparency.

Articulate Global Inc. operates a leading SaaS platform specializing in online workplace learning and interactive course creation. Their flagship product, Articulate 360, is trusted by millions of course creators worldwide, positioning the company as a market leader in the education technology sector. The website reflects a mature digital presence with comprehensive content, professional branding, and a clear focus on corporate training audiences. Technically, the site is built on WordPress with modern SEO and marketing integrations including Google Tag Manager, Marketo Munchkin, and Visual Website Optimizer. The presence of Osano consent management indicates a commitment to privacy compliance. Performance and mobile optimization are good, supporting a positive user experience. Security posture is strong with HTTPS enforced, multiple security headers, and no visible vulnerabilities or exposed sensitive data. However, explicit security policies and incident response information are not publicly available, representing an area for improvement. WHOIS data is not publicly accessible, likely due to privacy protection, which is common for large enterprises but slightly reduces transparency. Overall, the website is professional, secure, and compliant with privacy regulations, supporting a high trust level. Strategic recommendations include publishing detailed security policies, adding vulnerability disclosure mechanisms, and enhancing transparency around data protection contacts to further strengthen trust and compliance.

Promised Land Art Festival is a professionally organized event celebrating digital and traditional art, primarily targeting creative professionals in gaming, film, and advertising industries. The festival is supported and organized by CD PROJEKT RED and local cultural institutions in Łódź, Poland, positioning it as a significant niche event in the creative media sector. The website reflects a high level of digital maturity, utilizing modern web technologies such as Next.js and React, with good performance and mobile optimization. Security posture is solid with HTTPS enforcement and use of reCAPTCHA, though improvements in security headers and explicit security policies are recommended. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including GDPR considerations. Overall, the website presents a trustworthy and professional image, though the lack of WHOIS data for the domain introduces some uncertainty about domain registration status.

Q

Quality Pixels

qualitypixels.pl

41

Quality Pixels is a Polish interactive agency specializing in website design, creation, SEO, and Google Ads campaigns. Established in 2009, the company targets businesses seeking professional digital presence and marketing services. Their website reflects a consistent brand with good content quality and clear navigation, supporting their service offerings effectively. Technically, the site is built on WordPress with common plugins for SEO and multilingual support, and integrates major analytics and marketing tools such as Google Analytics, Facebook Pixel, and Google Tag Manager. The site is hosted by cyber_Folks S.A., a reputable registrar and hosting provider. Security-wise, the website uses HTTPS and cookie consent mechanisms but lacks advanced security headers and explicit privacy or security policies. No WAF or blocking mechanisms were detected, and the domain WHOIS data is consistent and trustworthy. Overall, the site demonstrates a moderate to good security posture with room for improvement in privacy compliance and security best practices.

L

La Gazette Drouot

gazette-drouot.com

67

La Gazette Drouot is a leading French media outlet specializing in auction news, art market updates, and cultural heritage content. It operates both as a weekly magazine and an online platform, offering comprehensive coverage of auction calendars, results, and featured lots. The website targets collectors, art professionals, and enthusiasts, providing subscription services and advertising opportunities. Technically, the site employs a modern tech stack including Bootstrap, jQuery, and various analytics and marketing tools, hosted behind Cloudflare for performance and security. The site is well-optimized for mobile and SEO, with good content quality and navigation. Security posture is strong with HTTPS and secure forms, though explicit security policies and incident response contacts are absent. Privacy compliance is robust with cookie consent and GDPR-aligned policies. However, the lack of WHOIS data for the domain raises questions about domain registration transparency, though the site content and branding strongly indicate legitimacy. Overall, the site scores well on content, technical implementation, and security, with room for improvement in business credibility and security transparency.

M

Moniteur des Ventes

moniteurdesventes.com

65

Moniteur des Ventes operates a professional online auction platform specializing in live, online, and catalogued auctions of professional equipment, vehicles, and industrial materials primarily targeting French-speaking markets. The platform connects auction houses, public entities, and businesses with buyers, offering a comprehensive auction calendar and account-based bidding services. The website demonstrates a professional and consistent brand presence with clear navigation and relevant content for its target audience. Technically, the website employs a mature technology stack including jQuery, Bootstrap, and various UI and analytics libraries. It integrates secure payment gateways such as Ingenico and Lemonway, and uses Google Analytics and Tag Manager for traffic analysis. The site is mobile-optimized and shows good SEO practices, though accessibility features are basic. Hosting includes Azure Blob Storage for some assets. From a security perspective, the site enforces HTTPS and uses secure payment processors, with a cookie consent mechanism supporting GDPR compliance. However, no explicit security headers or incident response policies are evident, and no direct contact information is provided on the main site. The absence of WHOIS registration data is a notable concern, impacting domain legitimacy and trustworthiness. Overall, the platform presents a solid business and technical foundation but would benefit from enhanced transparency in security policies and domain registration details to improve trust and compliance posture.

D

Drouot Estimations

drouot-estimations.com

57

Drouot Estimations is a French auction house operating under the Drouot group, specializing in art, antiques, jewelry, and collectibles. The website serves as a platform for auction calendars, results, object estimations, and online bidding services, targeting both French and international clients interested in auctions. The site is well-branded and professionally designed, reflecting a medium-sized business with a strong market position in the auction industry. Technically, the website employs modern web technologies including Bootstrap, jQuery, and various JavaScript libraries for sliders and carousels, ensuring a responsive and interactive user experience. Google Tag Manager and Google Analytics are integrated with a cookie consent mechanism, indicating some level of privacy awareness. However, explicit privacy and terms of service pages are not found, which is a compliance gap. From a security perspective, the site uses HTTPS and implements cookie consent, but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the provided content. The absence of WHOIS registration data is a concern, potentially indicating privacy protection or domain registration issues, which slightly lowers trust. Overall, the website is functional, professional, and trustworthy from a user perspective but would benefit from enhanced transparency in privacy, security policies, and domain registration information to improve compliance and trustworthiness.

D

Drouot Immobilier

drouot-immobilier.com

60

Drouot Immobilier is a small real estate agency based in Paris 9ème, France, affiliated with the Groupe Drouot. The company specializes in property sales, estimations, research, and valorization services primarily targeting individuals and professionals interested in Paris and the surrounding regions. The website presents a professional and well-structured digital presence with clear navigation, good content quality, and compliance with privacy regulations including GDPR. Technically, the site uses modern JavaScript frameworks and Google Analytics for tracking, with a cookie consent mechanism in place. Security posture is generally good with HTTPS enforced, but lacks explicit security policies or incident response contacts. The domain WHOIS data is missing or unavailable, which raises some concerns about domain legitimacy and registration status, though the website content and branding appear consistent and trustworthy.

G

Grano Oy

emmi.fi

50

Grano Oy operates the EMMi Mediapankki, a comprehensive digital asset management platform designed to help businesses efficiently manage and share their digital materials. The website positions itself as a trusted solution with over 250 brands relying on its services, offering features such as metadata management, user access control, and API integrations. The platform targets businesses seeking streamlined digital asset workflows. Technically, the website is built on WordPress with Elementor and incorporates modern marketing and analytics tools like Google Tag Manager, Facebook Pixel, and Hotjar. It demonstrates strong digital maturity with excellent SEO, mobile optimization, and user experience. Security-wise, the site enforces HTTPS and employs cookie consent mechanisms, though explicit security headers and policies are not fully detailed. Overall, the site is professional, trustworthy, and compliant with GDPR, though it could enhance its security posture by publishing dedicated security policies and implementing additional HTTP security headers.

P

Puolustusministeriö

defmin.fi

59

Puolustusministeriö is the Finnish Ministry of Defence responsible for national defence policy, international cooperation, and administrative oversight. The website serves as an authoritative government portal providing comprehensive information on defence themes, current news, licensing, and organisational details. It targets Finnish citizens, government officials, and defence sector stakeholders, positioning itself as a key national government entity. Technically, the site employs modern web standards including HTML5, CSS3, jQuery, and FontAwesome, with responsive design and accessibility features ensuring good user experience across devices. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and incident response contacts are not published. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations, supporting its role as a government information source.

M

Moss

getmoss.com

69

Moss is a technology company offering a SaaS platform focused on corporate spend management, including unlimited corporate credit cards, expense management, and accounts payable automation. The website positions Moss as a modern financial technology provider targeting businesses seeking to optimize their spending processes. The platform aims to accelerate month-end financial closing and streamline corporate expenses. Technically, the website is built using modern frameworks such as React and Next.js, with integrations for analytics and consent management, indicating a mature digital infrastructure. Security-wise, the site uses HTTPS and consent management tools but lacks visible security headers and explicit privacy or cookie policies, which are areas for improvement. The absence of WHOIS data for the domain raises concerns about domain legitimacy, although the professional website and use of reputable third-party services suggest a legitimate business. Overall, the website is functional and professional but would benefit from enhanced transparency and security practices.

M

Międzynarodowy Festiwal Komiksu i Gier w Łodzi

komiksfestiwal.com

67

The Międzynarodowy Festiwal Komiksu i Gier w Łodzi website represents a well-established cultural event focused on comics and games, primarily targeting creators and enthusiasts in Poland and Central-Eastern Europe. The festival is the largest of its kind in the region, with a history dating back to 2006 for the domain and earlier for the event itself. The site offers multilingual support, event information, contests, and partner links, reflecting a mature digital presence. Technically, the site is built on WordPress with common plugins and tracking tools such as Google Analytics and Facebook Pixel, indicating a standard but effective infrastructure. Security posture is adequate with HTTPS enabled but could be improved by adding DNSSEC and security headers. Privacy compliance is basic but present, with cookie and privacy policies accessible and a consent mechanism implemented. Business credibility is strong due to the festival's reputation, social media presence, and consistent branding. Overall, the site is professional and trustworthy with room for security enhancements.

EC1 Łódź - Miasto Kultury is a well-established cultural and educational institution based in Łódź, Poland, offering a broad range of services including exhibitions, workshops, film screenings, and educational programs. The website serves as a comprehensive portal for visitors, schools, and cultural enthusiasts, providing detailed information about events, offers, and the institution's mission. The site is built on TYPO3 CMS and integrates modern tracking and consent management tools, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and cookie consent implemented, though there is room for improvement in security headers and incident response transparency. The domain is long-standing and registered with a reputable registrar, supporting the legitimacy of the institution. Overall, the website demonstrates good content quality, technical implementation, and privacy compliance, positioning EC1 Łódź as a credible and trusted cultural hub.