Security Directory

R

ROSSMANN

rossmann.cz

69

ROSSMANN.cz is the online presence of ROSSMANN, a large retail chain specializing in drugstore products in the Czech Republic. The website offers a broad assortment of quality goods at competitive prices, including current promotions, flyers, and customer contests. The site targets retail consumers in the Czech market and positions itself as a well-established player in the retail sector. Technically, the website employs modern JavaScript frameworks and libraries, including React components, Google Tag Manager, and Cookiebot for cookie consent management. The site is mobile-optimized and uses preloading techniques for fonts and images to enhance performance. Security-wise, HTTPS is enforced, and cookie consent is implemented, but no explicit security headers or privacy policy pages were detected in the provided content. The WHOIS data is missing, which reduces domain trustworthiness, but the website content and branding suggest a legitimate business. Overall, the site demonstrates good digital maturity with room for improvement in security and privacy transparency.

R

RSJ

rsj.com

56

RSJ is a financial group operating primarily in the Czech Republic with a strong presence in global derivative markets including London, Chicago, New York, Frankfurt, and Tokyo. The company manages a diversified portfolio of investments spanning financial derivatives trading, real estate development, private equity, and emerging sectors such as biotechnology and healthy food production. The website clearly communicates its business scope and warns investors about fraudulent schemes misusing its brand. Technically, the site employs modern web technologies including Google Analytics and Tag Manager, with a cookie consent mechanism supporting GDPR compliance. Security posture is solid with HTTPS enforced, but lacks published security policies or incident response contacts. WHOIS data is missing, which raises concerns about domain registration legitimacy despite the professional website presence. Overall, RSJ presents as a credible financial entity with room for improvement in transparency and security disclosures.

Alfasilver.cz is the official website for Alfasilver HA+, a medical device product designed for wound care, including treatment of abrasions, minor burns, and skin injuries. The product is distributed by Glenmark Pharmaceuticals Distribution, s. r. o., based in Prague, Czech Republic. The website targets consumers seeking effective and easy-to-use wound care solutions, offering sprays and creams with antimicrobial properties and tissue hydration support. The site also provides educational content and retail partner links for product purchase. Technically, the website employs a modern frontend stack including Bootstrap 4, jQuery, and integrates Google Analytics and Google Tag Manager for user tracking and analytics. Cookie consent is managed via CookieScript, ensuring GDPR compliance with granular user consent options. The site is mobile-optimized and features clear navigation and professional design, though no CMS or backend platform is explicitly detected. Hosting and domain registration are consistent with the business location and history. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms but lacks visible advanced security headers. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data confirms domain legitimacy with a registration date in 2016 and no privacy protection, aligning with the business profile. Contact information is clearly provided, including company address, phone, and official emails, with a dedicated channel for reporting adverse effects. Overall, Alfasilver.cz presents a trustworthy, professional, and compliant online presence for a niche healthcare product. Strategic improvements could include enhanced security headers and explicit security policies to further strengthen trust and compliance.

3

3E PROJEKT, a.s.

3eprojekt.cz

50

3E PROJEKT, a.s. is a Czech Republic-based medium-sized company founded in 1998, operating primarily in hospitality, craft brewing, and real estate sectors. The company emphasizes a blend of tradition and innovation, maintaining a family-oriented culture while expanding its business portfolio. Their key services include managing gastronomy venues, operating a craft brewery, and providing real estate services. The website reflects a professional and consistent brand image with good content quality and user experience. Technically, the website uses a modern technology stack including jQuery, Slick Carousel, Lightbox, Remodal, Google Maps API, and Google Tag Manager. It is built on the Ibis CMS platform and shows good mobile optimization and SEO practices. The site implements GDPR-compliant cookie consent mechanisms and uses tracking tools such as Microsoft Clarity and Facebook Pixel with consent management. From a security perspective, the site enforces HTTPS and uses consent-based analytics but lacks visible security headers and explicit security or incident response policies. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS data for the domain is a notable concern, reducing trust in domain registration transparency. Overall, the website is professional and trustworthy with moderate technical and security maturity. Strategic improvements in security headers, incident response documentation, and WHOIS transparency are recommended to enhance trust and compliance.

D

DARAMIS Management, s.r.o.

daramis.com

55

Daramis Management, s.r.o. is a well-established real estate developer focused on residential projects primarily in Prague, Czech Republic. With over 25 years of experience, the company specializes in transforming urban areas into vibrant residential communities, offering services including residential development, project management, and property sales. Their market position is strong within the local real estate sector, supported by a portfolio of completed projects and a significant number of satisfied residents. The website reflects a professional and modern digital presence, leveraging WordPress with advanced front-end technologies to deliver an excellent user experience across devices. Security posture is robust with HTTPS, security headers, and secure forms, although explicit security policies and incident response information are absent. Privacy compliance is well addressed with comprehensive privacy and cookie policies including consent mechanisms. The domain WHOIS data is missing or privacy protected, which slightly reduces transparency and business credibility but is not uncommon in this sector. Overall, the site demonstrates a mature digital infrastructure and trustworthy business representation with room for improvement in transparency and security disclosures.

P

PLAYzone s.r.o.

playzone.agency

47

PLAYzone Agency is a well-established esports and gaming company based in the Czech Republic with over 15 years of experience. They provide a broad range of services including consulting, gaming zone construction, streaming studios, event content creation, equipment rental, and PR services targeted at the gaming community. The company operates several proprietary projects and maintains partnerships with major brands such as Hyundai, Tipsport, Vodafone, and Logitech, positioning itself as a leading player in the Czech esports market. The website is professionally designed, bilingual (Czech and English), and demonstrates a strong digital presence with active social media and partner links. Technically, the website is built on WordPress with Elementor and uses modern JavaScript libraries like Swiper and Google Tag Manager for analytics and marketing. The site is mobile optimized, accessible, and SEO friendly, with good performance metrics. Security posture is solid with HTTPS enforced and secure form handling, though some security headers are missing and no explicit incident response or vulnerability disclosure information is published. Overall, the website and business exhibit a mature digital infrastructure and a professional security stance suitable for their industry. The lack of WHOIS data transparency slightly reduces trust but is common for privacy reasons. The company maintains GDPR-compliant privacy and cookie policies with user consent mechanisms, reflecting good privacy practices. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure policies, and continuing to strengthen privacy and security culture to maintain trust and compliance.

O

OnlyU - Web s články o vztazích, společnosti a zdraví.

onlyu.cz

55

OnlyU is a Czech-language media website focused on publishing articles related to relationships, society, and health. The site targets Czech-speaking users interested in these topics and monetizes primarily through advertising networks such as Google Adsense and Taboola. The website is built on WordPress CMS and integrates multiple third-party analytics and marketing tools, including Google Analytics, Gemius, and ShareThis, indicating a mature digital marketing infrastructure. However, the absence of publicly available WHOIS data limits the ability to fully verify domain ownership and legitimacy. The site implements a cookie consent banner, showing some compliance with GDPR requirements, but lacks an explicit privacy policy or terms of service in the analyzed content. Technically, the site shows moderate performance and good mobile optimization but has minor backend issues such as visible PHP warnings. Security posture is moderate with HTTPS enabled but missing security headers and some code hygiene issues. Overall, the website is functional and professionally presented but would benefit from improved transparency, security hardening, and compliance documentation.

K

Království tianDe

kralovstvi-tiande.cz

69

Království tianDe operates a professional e-commerce website focused on selling tianDe cosmetics and health products inspired by traditional Chinese medicine. The site targets consumers interested in natural beauty and health products within the Czech Republic. The platform is technologically modern, leveraging React, Google Tag Manager, Microsoft Clarity, Klaviyo, and Sentry for analytics, marketing, and error monitoring. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security headers and privacy policies are lacking. The absence of WHOIS data for the domain raises concerns about domain legitimacy and trustworthiness, which should be addressed to improve business credibility. Overall, the website is functional, well-designed, and provides clear contact information, but could benefit from enhanced transparency and security documentation.

P

PlastisolTransfer24.com

plastisoltransfer24.com

63

PlastisolTransfer24.com is a German-based company specializing in the production and distribution of high-quality textile transfers, serving primarily B2B customers such as textile printing companies and promotional firms across Germany, Austria, Switzerland, and the UK. The company emphasizes rapid delivery, offering express shipping within 24 hours, and holds OEKO-TEX certification, underscoring its commitment to environmental and social responsibility. Their product portfolio includes a wide range of transfer types including plastisol, blockout, water, neon, digital, DTF, and specialty transfers like glitter and holographic options. Technically, the website is built on the Magento 2 e-commerce platform, leveraging RequireJS, jQuery, and various Magento UI components. It integrates modern payment solutions such as Stripe and employs Google Tag Manager, Google Analytics, and Microsoft Clarity for analytics and marketing purposes. The site is mobile-optimized with good SEO practices and a comprehensive cookie consent mechanism supporting GDPR compliance. From a security perspective, the site enforces HTTPS, uses clientTransferProhibited domain status to prevent unauthorized transfers, and implements CAPTCHA on login forms. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not evident, and no public security or incident response policies are found. The domain registration is consistent with the business claims, having been registered in 2012, aligning with the company's stated experience. Overall, the website presents a professional and trustworthy front with good content quality, technical implementation, and privacy compliance. Strategic improvements could include enhancing security headers, publishing a formal security policy, and enabling DNSSEC to further strengthen trust and security posture.

J

JMP s.r.o.

loznice.cz

50

JMP s.r.o. operates the website loznice.cz, specializing in the manufacture and retail of high-quality mattresses, beds, and bedroom furniture with a strong emphasis on Czech production and certification. The company targets consumers seeking quality sleep solutions and offers custom-made products supported by over 30 years of experience. The website features rich multimedia content, product categories, and multiple physical store locations with clear contact information. Technically, the website employs modern web technologies including Bootstrap, jQuery, and integrates marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and Heureka widgets. The site is mobile-optimized and provides a good user experience with clear navigation and structured data for SEO. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers and explicit policies are missing. From a security perspective, no critical vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS data for the domain reduces trust from a domain registration standpoint. The site lacks explicit security policies and incident response information, which could be improved to enhance compliance and user trust. Overall, the website presents a professional and trustworthy front for a medium-sized retail business in the Czech Republic, with recommendations to improve domain registration transparency, security headers, and published security policies to strengthen its security posture and compliance.

N

Národní technické muzeum

ntm.cz

54

Národní technické muzeum is a prominent national museum in the Czech Republic dedicated to preserving and showcasing technical history and innovation. The museum offers a wide range of exhibitions, educational programs, and cultural events targeting diverse audiences including families, schools, adults, and professionals. It maintains a strong market position as a leading cultural institution with multiple exhibition sites and partnerships with governmental and corporate entities. Technically, the website employs modern web technologies such as jQuery, Google Analytics, and Google Tag Manager, with good mobile optimization and accessibility features. The site is well-structured, professionally designed, and provides a rich user experience with clear navigation and relevant content. From a security perspective, the website uses HTTPS and implements cookie consent mechanisms compliant with GDPR. However, it lacks visible security headers and explicit security or incident response policies, which could be improved. The absence of WHOIS data for the domain is a notable concern for domain legitimacy verification, although the website content and external trust signals strongly support its authenticity. Overall, the website presents a low risk profile but would benefit from enhanced transparency in security policies and domain registration information to strengthen trust and compliance posture.

V

VAKOVAKO | Endowment fund

nf2091.org

62

VAKOVAKO is a Czech Republic-based non-profit endowment fund operating a global donation platform focused on environmental and humanitarian causes. The platform connects donors with carefully vetted nonprofits working in areas such as rainforests, oceans, biodiversity, endangered species, and humanity. The business model emphasizes transparency, with 100% of donations going directly to nonprofits and audited bank accounts. The platform supports donations via a mobile app available on iOS and Android, facilitating easy and fast contributions with no minimum or maximum limits. Technically, the website is built using modern web technologies including React and Next.js, with integrations for Stripe payments, Google Tag Manager, Facebook Pixel, and Cookiebot for consent management. The site is well-optimized for mobile devices, fast loading, and includes accessibility features. Security best practices are observed with HTTPS, security headers, and reCAPTCHA integration, though no explicit security policy or incident response information is published. The WHOIS data for the domain is unavailable or malformed, indicating privacy protection which is common and justified for non-profit organizations. Despite this, the website's transparency, presence of official policies, and contact information support its legitimacy. Overall, the site presents a professional, trustworthy, and user-friendly platform for charitable donations. Recommendations include publishing a dedicated security policy, incident response contacts, and vulnerability disclosure information to further enhance trust and security posture.

B

BressKamp s.r.o.

bresskamp.eu

59

BressKamp s.r.o. is a small manufacturing company based in the Czech Republic specializing in contract manufacturing of turned and milled parts, sheet metal parts, and welded constructions. The company emphasizes quality and flexibility, serving primarily German-speaking clients with ISO 9001 and EN 1090-2 certifications. Their website reflects a professional business presence with detailed service descriptions and reference customers. Technically, the website uses established but somewhat outdated technologies such as jQuery 1.11.1 and Bootstrap 3.2.0, with integration of Google Tag Manager and CookieYes for analytics and cookie consent management. Security posture is moderate; HTTPS is assumed but security headers are not detected, and older libraries may pose risks. Privacy compliance is basic with a cookie consent mechanism but no explicit privacy policy page found. Overall, the website is functional and professional but could improve in security and compliance documentation.

Z

Zasedáme.cz, s.r.o.

zasedame.cz

46

Zasedáme.cz, s.r.o. operates a premium event and conference space rental business located in the heart of Prague, offering multiple room sizes with modern technical equipment and comprehensive event services. The company targets corporate clients and individuals seeking well-equipped, centrally located venues with flexible scheduling options. The website is professionally designed, mobile-optimized, and provides clear pricing, contact information, and customer testimonials, supporting a strong market position in the hospitality and real estate sectors. Technically, the website employs a modern tech stack including Bootstrap, Swiper.js, and Usercentrics for cookie consent management, alongside analytics tools like Google Analytics and Hotjar. The site is served over HTTPS with no visible security vulnerabilities in the content, though security headers are not explicitly detected. The presence of a consent management platform indicates good privacy compliance practices. Security posture is solid with HTTPS and no exposed sensitive data, but the absence of explicit security policies or incident response contacts is a gap. The missing WHOIS data reduces domain trustworthiness and should be investigated further. Overall, the site demonstrates a mature digital presence with room for improvement in security transparency and domain registration clarity. Strategic recommendations include implementing security headers, publishing a security policy, adding incident response contacts, auditing third-party scripts, and considering a vulnerability disclosure policy to enhance trust and compliance.

P

Praha 3

praha3.cz

68

The website www.praha3.cz serves as the official portal for the municipal district Praha 3 in the Czech Republic. It provides comprehensive information about local government services, news, events, and contact details for residents and visitors. The portal supports multiple languages via Google Translate links and offers online services such as appointment booking and downloadable forms. The site is well-branded and maintains consistent messaging aligned with its government entity status. Technically, the site employs modern web technologies including Google Analytics, Google Tag Manager, jQuery, and Bootstrap components. It is mobile-optimized, accessible, and includes SEO best practices such as meta tags and structured data (JSON-LD). The site uses HTTPS and implements cookie consent mechanisms compliant with GDPR, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS and uses consent-based tracking scripts. However, it lacks explicit security headers and a published security.txt or incident response contact, which are recommended for transparency and vulnerability management. No WAF or blocking mechanisms were detected, and no obvious vulnerabilities were found in the content or scripts. Overall, the site presents a trustworthy and professional government portal with good content quality and technical implementation. The absence of WHOIS registration data slightly reduces trust but is mitigated by the official nature and consistent branding. Strategic improvements in security headers and incident response disclosures would enhance the security posture and trustworthiness further.

K

Klépierre Management Česká Republika s.r.o.

klepierre.cz

54

Klépierre Management Česká Republika s.r.o. operates prominent shopping centers in the Czech Republic, including Nový Smíchov in Prague and Plzen Plaza in Plzeň. The company is part of the larger Klépierre group based in France, specializing in retail real estate management. Their website provides information about their centers, compliance mechanisms including a whistleblowing system, and cookie consent management, reflecting a commitment to regulatory compliance and user privacy. Technically, the website is built using modern web technologies such as Next.js and React, hosted via Gandi registrar's infrastructure. The site includes a comprehensive cookie consent mechanism using tarteaucitron.js and integrates Google Tag Manager for analytics. The website is mobile-optimized and provides a good user experience with clear navigation and branding consistency. From a security perspective, the site enforces HTTPS and uses a high privacy cookie consent mode. It features a whistleblowing system for incident reporting, demonstrating a mature compliance posture. However, explicit security headers and a dedicated security policy page are absent, and no vulnerability disclosure or security.txt file was found. These gaps suggest room for improvement in formalizing security communication and transparency. Overall, the website is professional, trustworthy, and compliant with GDPR requirements. The domain age and WHOIS data align with the business claims, indicating legitimacy. Strategic recommendations include enhancing security headers, publishing a security policy, and adding a vulnerability disclosure mechanism to strengthen security posture and trust.

N

Nadace Naše dítě

nasedite.cz

44

Nadace Naše dítě is a well-established Czech non-profit foundation dedicated to supporting handicapped, abused, and socially disadvantaged children. With over 31 years of operation, it provides financial aid, legal assistance, and runs awareness campaigns to improve children's lives. The website reflects a professional and consistent brand image, targeting donors and beneficiaries alike. Technically, the site uses modern JavaScript libraries and Google services, ensuring good mobile responsiveness and SEO optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and explicit policies could be improved. The absence of WHOIS data limits domain trust analysis but does not detract from the site's apparent legitimacy. Overall, the foundation demonstrates a strong commitment to transparency and user privacy.

O

OBRAZ – Obránci zvířat, z. s.

albertovakrutost.cz

54

The website albertovakrutost.cz is a campaign platform run by the non-profit organization OBRAZ – Obránci zvířat, z. s., focused on raising awareness and advocating against animal cruelty in supermarket Albert's chicken supply chain in the Czech Republic. The site provides detailed information about the campaign, including calls to action such as signing petitions. The organization positions itself as an animal welfare advocate with a clear mission and target audience of concerned consumers and animal rights supporters. Technically, the site uses modern frontend technologies including Vue.js, Alpine.js, and SwiperJS, supported by analytics and tracking tools like Google Analytics, Microsoft Clarity, and Ecomail. Hosting and DNS are managed via Cloudflare, ensuring good performance and security. The security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers could be improved. Privacy compliance is strong, with comprehensive GDPR-aligned privacy and cookie policies presented in Czech language. Contact information is transparent, including emails, phone number, and physical address. No terms of service or vulnerability disclosure policies were found. The domain is newly registered but consistent with the campaign's recent launch. Overall, the website is professional, trustworthy, and well-structured for its advocacy purpose.

D

Duvel Moortgat

duvelmoortgat.be

71

Duvel Moortgat is a historic, fourth-generation family-owned brewing company founded in 1871, recognized globally for its high-quality specialty beers and multiple iconic brands. The company emphasizes tradition, quality, and sustainability, operating 13 breweries worldwide and targeting beer consumers, partners, and employees. The website reflects a mature digital presence with multilingual support, clear branding, and comprehensive corporate responsibility content. Technically, the site uses modern web technologies including Google Tag Manager and a cookie consent framework, with good mobile optimization and accessibility. Security posture is solid with HTTPS enforced and cookie consent mechanisms, though the absence of visible security headers and a public security policy suggests room for improvement. WHOIS data is unavailable, which is unusual for a well-established brand, indicating possible privacy protection or registrar issues. Overall, the site is professional, trustworthy, and compliant with privacy regulations, but could enhance transparency in security and contact information.

G

GUN PRODUCTIONS

gutterdammerung.com

54

Gutterdämmerung.com is the official website for a niche entertainment project combining rock music, film, and live immersive experiences. The site promotes the Gutterdämmerung concept created by visual artist Bjorn Tagemose, featuring legendary rock artists. The business operates primarily in the media sector, targeting rock music fans and live event attendees. The website content is rich with artist information, multimedia, and event details, supporting fan engagement through newsletters and contests. Technically, the site uses standard web technologies including jQuery, Google Analytics, YouTube API, and MailChimp for marketing. Hosting is provided by One.com, with a domain registered since 2014, consistent with the business timeline. Security posture is moderate with HTTPS implied but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is functional and professional but could improve in privacy and security practices.

B

Barefoot Luxury

barefootluxury.be

52

Barefoot Luxury is a niche real estate and hospitality company specializing in luxury villas for sale on São Vicente island, Cabo Verde. The company offers 36 private villas blending natural beauty with modern comfort, targeting affluent investors and lifestyle buyers. The website reflects a strong market position within the luxury real estate sector, emphasizing exclusivity, privacy, and a unique lifestyle experience. Technically, the site is built on WordPress with Elementor and Gravity Forms, hosted by Combell nv, and employs modern web technologies with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and secure form handling, though some security headers are missing and no explicit security or incident response policies are published. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional, trustworthy, and well-aligned with the business goals.

F

Fosbury & Sons

fosburyandsons.com

50

Fosbury & Sons operates as a premium coworking and office space provider primarily serving the Brussels and Groot-Bijgaarden regions, with additional presence in Amsterdam. The company targets a broad audience including startups, entrepreneurs, and established companies seeking flexible workspaces, meeting rooms, and event spaces. Their market position is that of a high-quality, human-centric workspace provider emphasizing community and collaboration. Technically, the website employs modern web technologies including Google Tag Manager and Google Analytics, hosted with Cloudflare DNS services, and is optimized for mobile and SEO. Security posture is solid with HTTPS enforced and domain transfer protections in place, though DNSSEC is not enabled and additional security headers could be implemented. Privacy compliance is strong with clear cookie consent mechanisms and comprehensive privacy and terms policies. However, no explicit security policy or incident response contacts are published, and no vulnerability disclosure program is evident. Overall, the website is professional, trustworthy, and well maintained, with room for improvement in security transparency and DNS security.

E

EnlightED

enlighted.education

67

EnlightED is a globally oriented educational conference platform focused on the intersection of education, technology, and innovation. The website serves as a hub for event information, speaker details, and agenda for their annual conferences. It is supported by reputable partners such as Fundación Telefónica, IE University, South Summit, and Fundación La Caixa, indicating a strong market position in the education sector. The platform targets educators, technology professionals, and innovators in education, offering hybrid event editions and a variety of talks and lectures. Technically, the website is built on WordPress using Elementor and Yoast SEO, with integrations for Google Tag Manager and OneTrust for cookie consent. The site demonstrates good mobile optimization and SEO practices, though performance is moderate. Accessibility features are basic but present. The SSL configuration is excellent, ensuring secure HTTPS connections. From a security perspective, the site employs HTTPS and cookie consent mechanisms but lacks visible security headers and published privacy or terms of service policies. No contact information for security incidents or vulnerability disclosures are found. WHOIS data is not publicly available, likely due to privacy protection, but the presence of trusted partners supports legitimacy. Overall, the security posture is good but could be improved with additional transparency and security best practices. The overall risk is moderate with recommendations to publish privacy and terms policies, implement security headers, and provide clear contact channels for security and privacy concerns to enhance trust and compliance.

P

ProFuturo

profuturo.education

56

ProFuturo is a well-established global digital education program supported by Fundación Telefónica and Fundación la Caixa, focused on reducing educational inequality by providing quality digital education to children and teachers in vulnerable environments. The website reflects a mature digital presence with multilingual support, a proprietary educational platform, and extensive educational content. Technically, the site is built on WordPress with modern tracking and consent tools, showing good performance and mobile optimization. Security posture is solid with HTTPS and bot protection, though improvements in DNS security and security headers are recommended. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its non-profit educational mission.

T

Telefónica México

telefonica.com.mx

51

Telefónica México is a major telecommunications company providing innovative connectivity and telecom solutions to businesses and consumers in Mexico. The website reflects a strong market position with clear branding and comprehensive content tailored to its audience. The company leverages WordPress CMS with modern SEO and analytics tools, indicating a mature digital infrastructure. Security posture is solid with HTTPS and secure forms, though explicit security policies and incident response contacts are not published. Privacy compliance is good with a comprehensive privacy policy and terms of service, but lacks a cookie consent mechanism. Overall, the site is professional, trustworthy, and well-optimized for users and search engines.

W

Wanna Marketing

wannamarketing.es

50

Wanna Marketing is a small marketing agency based in Málaga, Spain, specializing in web design, client acquisition campaigns, graphic design, and content creation. The company positions itself as a strategic and innovative partner for businesses seeking tailored marketing solutions. It holds a recognized position in the Spanish independent media agency rankings, indicating a credible market presence. Technically, the website is built on WordPress using Elementor and Yoast SEO, with performance optimizations via WP Rocket and GDPR compliance mechanisms in place. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though additional security headers and explicit privacy policies would enhance trust. Overall, the site is professional, well-structured, and user-friendly, targeting businesses in Málaga and surrounding regions.

F

FlexiSystems s.r.o.

edituj.cz

33

FlexiSystems s.r.o. operates the website flexisite.cz, specializing in delivering modern, custom web solutions including complex web projects, e-commerce platforms, and visual editing content management systems. The company targets businesses requiring tailored web development services primarily within the Czech Republic. The website demonstrates a professional design with clear navigation and relevant content, supporting its position as a specialized technology provider. Technically, the site employs common JavaScript libraries such as jQuery and Slick Carousel, integrates Google Tag Manager for analytics, and uses a custom CMS with visual editing capabilities. Mobile optimization and SEO practices are adequately addressed, though accessibility features are basic. Security posture is moderate with HTTPS implied but lacking explicit security headers and documented policies. The absence of WHOIS data limits domain trust verification, but the presence of clear company contact details and client logos supports business credibility. Overall, the site is functional and professional but would benefit from enhanced privacy compliance and security practices.

S

SIMPLO s.r.o.

simplo.cz

49

SIMPLO s.r.o. is a Czech Republic based custom software development studio specializing in bespoke web development, e-shops, and web applications. They emphasize tailored solutions built on proprietary CMS and e-commerce platforms, serving a primarily Czech-speaking business clientele. The company demonstrates strong market positioning with long-term client relationships and notable projects such as the Úřad pro ochranu osobních údajů and Salming ČR e-shop. Technically, the website leverages modern AMP technology for fast, mobile-optimized performance and integrates tracking tools like Google Tag Manager and Leady. Security posture is solid with HTTPS and no exposed sensitive data, though explicit security headers and policies are absent. Privacy compliance is partially addressed with privacy and cookie policies present but lacking a consent mechanism. WHOIS data is unavailable, which impacts domain trustworthiness assessment. Overall, the site is professional, performant, and credible, but could improve transparency in security and privacy practices.

Y

YouGov

yougov.co.uk

66

YouGov is a well-established UK-based market research and data analytics company founded in 2000. It provides public opinion polling, market research, and data analytics services to a broad audience including businesses, media, and political organizations. The company holds a strong market position with a large user base and international presence. The website reflects a mature digital infrastructure with modern technologies such as Angular, AWS Cloudfront CDN, and multiple analytics and marketing tools integrated for performance and user insights. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms implemented via OneTrust. Security posture is strong, leveraging HTTPS, security headers, and monitoring tools like New Relic, though a dedicated security policy and incident response contact are not publicly found. Overall, the website is professional, trustworthy, and technically sound, supporting the company's credibility and business operations.

Kantar Worldpanel operates as a leading global provider of consumer panel research and consumer behavior insights, offering services such as retail surveys and shopper research. The website content reflects a professional and consistent brand presence targeting businesses seeking market research data. Technically, the site employs modern JavaScript libraries like MooTools and integrates Google Tag Manager and Cookiebot for analytics and privacy compliance, though no major CMS or hosting provider is explicitly identified. Security posture is moderate, with HTTPS implied but no explicit security headers detected, and privacy compliance is partial with a cookie consent mechanism but no visible privacy policy page. Overall, the domain WHOIS data is unavailable, which reduces trust but the website content aligns with the known Kantar brand. Strategic recommendations include enhancing privacy disclosures, improving security headers, and publishing clear contact and incident response information.

R

Redwall OÜ

redwall.ee

58

Redwall OÜ is a well-established Estonian web agency with over 13 years of experience, specializing in full-service web solutions including design, development, maintenance, and consulting. The company targets businesses and organizations seeking professional and user-centric digital presence. Their market position is solid within the local Estonian market, supported by a consistent brand and a comprehensive portfolio of services. Technically, the website is built on WordPress with modern performance optimizations such as WP Rocket, lazy loading, and deferred scripts. The site is mobile-optimized and accessible, integrating advanced analytics and marketing tools with GDPR-compliant consent mechanisms. Security posture is strong with HTTPS enforced, CAPTCHA on forms, and no visible vulnerabilities, though explicit security policies and incident response documentation are absent. Overall, the website reflects a professional, trustworthy, and technically mature digital presence.

L

Lumi Capital OÜ

luminamai.lt

43

Lumi Namai is a Lithuanian real estate rental business specializing in modern apartments located in the 'Naujasis Skanseno' quarter of Vilnius. The company offers a range of 1 to 4-room apartments fully furnished with kitchen appliances and storage solutions. The website is professionally designed using Joomla CMS and integrates modern technologies such as Google Maps for location visualization, Google reCAPTCHA for form security, and GDPR-compliant cookie consent mechanisms. Social media presence is established on Facebook and Instagram, enhancing customer engagement. The domain is newly registered in 2024, consistent with the business launch timeline, and the WHOIS data aligns with the company identity.

L

Lumi Capital OÜ

lumimajas.lv

50

Lumi Majas, operated by Lumi Capital OÜ, is a regional real estate rental service specializing in long-term apartment and commercial space leasing primarily in Latvia, with partner sites in Estonia and Lithuania. The website provides detailed rental options, terms, and contact mechanisms targeting individuals seeking flexible and long-term housing solutions. The business model focuses on providing accessible rental properties with additional services to enhance tenant experience. Technically, the website is built on Joomla CMS with modern front-end frameworks and integrates Google reCAPTCHA and cookie consent mechanisms to ensure user privacy and security. The site demonstrates good digital maturity with multi-language support and social media integration. Security posture is solid with HTTPS enforcement and spam protection on forms, though it lacks explicit security policies and incident response contacts. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, though improvements in security headers and transparency could enhance its posture further.

T

Telema AS

telema.lt

43

Telema AS is a well-established technology company specializing in Electronic Data Interchange (EDI) services, facilitating automated and accurate electronic document exchange between businesses. With over 25 years in the market and a strong presence in Lithuania and the Baltic region, Telema serves thousands of stores and suppliers, positioning itself as a trusted partner in business process automation and ERP integration. The website reflects a mature digital presence with comprehensive service descriptions, client testimonials, and a network of certified software partners. Technically, the site is built on WordPress with modern libraries and tools, including robust analytics and marketing integrations. Security posture is strong, supported by ISO 27001 certification and HTTPS enforcement, though some security headers could be improved. Privacy compliance is well addressed with Cookiebot consent management and clear privacy policies. Overall, the site projects professionalism, trustworthiness, and technical competence.

T

Telema AS

telema.lv

46

Telema AS is a technology company specializing in Electronic Data Interchange (EDI) and supply chain optimization solutions, targeting businesses seeking to automate and improve their trading document workflows. The company holds a strong regional presence in the Baltics with multilingual websites and certified partners, positioning itself as a reliable and trusted provider in its niche. The website demonstrates a mature digital infrastructure built on WordPress with modern front-end libraries and comprehensive marketing and analytics integrations. Security posture is robust, supported by ISO 27001 certification and HTTPS enforcement, with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well managed through Cookiebot and clear privacy policies. Overall, the website reflects a professional, trustworthy, and business-focused digital presence.

T

Telema AS

telema.ee

42

Telema AS is a well-established Estonian technology company specializing in Electronic Data Interchange (EDI) and e-invoicing services, primarily serving the Baltic region. The company positions itself as a market leader and standard developer with a strong focus on seamless and automated business document exchange. Their services cater to businesses seeking efficient and reliable data exchange solutions, supported by a network of certified software partners and global roaming capabilities. The website reflects a mature digital presence with multi-language support and regional domains. Technically, the site is built on WordPress with modern front-end libraries and integrates advanced marketing and analytics tools, including consent management for GDPR compliance. Security posture is strong, evidenced by ISO 27001 certification and HTTPS enforcement, though some security headers could be improved. Overall, the site is professional, trustworthy, and well-optimized for its target audience.

X

xMoney

utrust.com

72

xMoney is a financial technology company offering a comprehensive payment ecosystem that empowers businesses to accept global payments, manage finances, and issue branded cards. The platform targets merchants and enterprises across Europe and beyond, providing services such as payments, recurring billing, marketplaces, invoicing, and crypto payment acceptance. The company positions itself as a licensed and compliant entity with certifications including PCI DSS Level 1 and MiCA compliance, regulated by the Bank of Romania. The website reflects a mature digital presence with professional design, clear navigation, and extensive product information. Technically, xMoney leverages modern web technologies including Webflow CMS, Google Tag Manager, Microsoft Clarity, and Bing Ads for analytics and marketing. The site is well-optimized for performance, mobile responsiveness, and accessibility. Security practices are strong, with HTTPS enforced, advanced fraud prevention powered by AI, and compliance with payment security standards. However, explicit security headers and incident response disclosures could be improved. The security posture is robust but slightly diminished by the absence of WHOIS registration data, which raises questions about domain legitimacy. No WAF or blocking mechanisms were detected, and the site is fully accessible. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Overall, xMoney presents a trustworthy and professional payment platform with strong technical and security foundations. Strategic recommendations include enhancing visible security headers, publishing vulnerability disclosure and incident response information, and clarifying domain registration details to improve trust and compliance transparency.

B

BCS itera

crmlahendused.ee

42

BCS itera is an Estonian technology company specializing in providing modern CRM and ERP solutions, including Microsoft Business Central and customer insights services. The company targets businesses seeking to manage customer journeys and sales processes effectively. The website reflects a professional B2B service provider with a clear focus on CRM-related offerings and digital transformation. The presence of a Finnish language partner site indicates regional market expansion. Technically, the website is built on WordPress with Elementor, integrating multiple analytics and marketing tools such as Google Analytics, Microsoft Clarity, and MonsterInsights. The site is served over HTTPS with a good SSL configuration, but lacks some security headers and explicit privacy or cookie policies, which are critical for GDPR compliance. No contact emails or phone numbers were found in the provided content, limiting direct communication channels. Overall, the website demonstrates moderate digital maturity with room for improvement in privacy compliance and security best practices.

H

HRM4Baltics

hrm4baltics.com

51

HRM4Baltics is a technology company offering a modern HRM and payroll management solution targeted at medium to large enterprises primarily in the Baltic region. The company provides a comprehensive software platform that automates personnel and payroll processes across Estonia, Latvia, and Lithuania, emphasizing integration, automation, and user experience. The website demonstrates a strong market position with over 100 trusted clients and multilingual support, reflecting regional focus and business maturity. Technically, the website is built on WordPress with modern performance optimizations such as WP Rocket, Google Fonts, and integration with analytics tools like Google Analytics and Microsoft Clarity. The site is mobile-optimized and SEO-friendly, with structured data and Open Graph metadata enhancing discoverability. However, some security best practices like DNSSEC and security headers are missing, and privacy compliance elements such as privacy and cookie policies are not present. From a security perspective, the site uses HTTPS with anonymized IP tracking in analytics, but lacks explicit security headers and incident response information. No critical vulnerabilities or exposed sensitive data were detected. The domain registration is recent but consistent with the business age and shows no suspicious patterns. Overall, the security posture is moderate but could be improved with additional policies and technical controls. The overall risk assessment indicates a professionally managed website with good technical and business credibility but with gaps in privacy compliance and security policy transparency. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, enabling DNSSEC, adding security headers, and publishing incident response and vulnerability disclosure information to enhance trust and compliance.

B

Business Central

businesscentral.ee

42

Business Central is a technology company specializing in Microsoft Dynamics 365 Business Central ERP solutions, targeting medium and large enterprises primarily in Estonia. The company positions itself as a market leader with a comprehensive ERP offering recognized by Forbes as the best ERP in 2024. Their services include ERP implementation, support processes, and consulting, supported by a professional and content-rich website. The website demonstrates a mature digital presence with modern technologies such as WordPress CMS, Google Fonts, Microsoft Clarity, and Google Tag Manager for analytics. Hosting is provided by Zone Media OÜ, a reputable Estonian hosting provider. Security posture is solid with HTTPS enabled and no visible vulnerabilities, though security headers and explicit security policies are absent. Privacy compliance is weak due to missing privacy and cookie policies and lack of consent mechanisms. Contact information is limited to a contact form without direct emails or phone numbers. Overall, the website is professional and trustworthy but would benefit from enhanced privacy and security disclosures.

C

Cult Pens

cultpens.com

71

Cult Pens is a well-established UK-based e-commerce retailer specializing in pens and pencils, boasting a wide product range of over 24,000 items. The website positions itself as a trusted online pen shop offering secure ordering, expert knowledge, and excellent customer service with free UK delivery and worldwide shipping. Technically, the site is built on the Shopify platform, leveraging modern JavaScript libraries such as jQuery and Owl Carousel, and integrates third-party services including Klevu for search, Trustpilot for reviews, and OneTrust for cookie consent management. The site demonstrates good digital maturity with mobile optimization and SEO best practices. Security-wise, the site uses HTTPS with a domain status of clientTransferProhibited, indicating domain transfer protection. However, explicit security headers are not fully implemented, and no public security or incident response policies are found. Privacy compliance is partially addressed through cookie consent mechanisms, but no explicit privacy or terms of service pages were detected in the provided content. Overall, the website is professional and trustworthy but could improve transparency around privacy and security policies.

F

Funky Pigeon

funkypigeon.com

70

Funky Pigeon is a UK-based e-commerce retailer specializing in personalized greeting cards, gifts, and flowers. The company operates under the parent company WH Smith PLC, positioning itself as a significant player in the UK retail market for personalized gifting solutions. The website offers a broad range of products tailored for various occasions, targeting consumers seeking unique and personal gift options. Technically, the site is built using modern web technologies including React and Next.js, with integrations for customer data platforms and marketing analytics, reflecting a mature digital infrastructure. Security-wise, the website enforces HTTPS, employs standard security headers, and provides comprehensive privacy and cookie policies with consent mechanisms, indicating a strong commitment to user data protection. However, the absence of WHOIS registration data is a notable anomaly, though the overall site professionalism and parent company association mitigate concerns. Strategic recommendations include publishing explicit security policies and incident response contacts, enhancing accessibility, and maintaining vigilance on third-party scripts to sustain security posture.

R

Rahva Raamat

rahvaraamat.ee

56

Rahvaraamat.ee is the leading Estonian bookstore chain offering a comprehensive selection of books and media products through both online and physical retail channels. The company is well-established with a domain age since 2010 and operates under Zone Media OÜ. Their website is built on modern technologies such as Next.js and React, providing a responsive and user-friendly experience. The integration of Cookiebot ensures GDPR compliance with a detailed cookie consent mechanism. Security posture is strong with HTTPS enforced and appropriate security headers in place, although explicit security policies and incident response contacts are not publicly disclosed. Overall, the website demonstrates a mature digital presence with extensive analytics and advertising integrations, supporting a robust e-commerce business model.

C

Coolbet

coolbet.se

64

Coolbet is an online gambling platform offering casino games, sports betting, and poker services primarily targeting the Finnish market. The website is professionally designed with consistent branding and uses modern web technologies including React and third-party services for geolocation compliance and analytics. The platform operates under multiple licenses and employs geolocation restrictions to comply with regulatory requirements. Security posture is generally good with HTTPS enforced and error monitoring via Sentry, but lacks explicit security headers and detailed privacy or cookie policies. The absence of WHOIS data reduces domain transparency and trustworthiness, although the website content and technology usage indicate a legitimate business. Strategic recommendations include enhancing privacy compliance, publishing clear contact and security policies, and improving security header implementation.

C

Coolbet

coolbet.mx

59

Coolbet is a multi-jurisdictional online gambling operator offering casino games, poker, and sports betting services primarily targeting regulated markets including Mexico. The platform leverages modern web technologies such as React and integrates third-party services for geolocation compliance and betting functionalities. While the website demonstrates good technical implementation and security posture with HTTPS and security headers, it lacks visible privacy and cookie policies, incident response documentation, and explicit contact information, which are critical for compliance and user trust. The WHOIS data aligns well with the business claims, supporting legitimacy. Strategic improvements in privacy compliance and transparency would enhance overall trust and regulatory adherence.

C

Coolbet

coolbet.ca

62

Coolbet operates as an online gambling platform offering sports betting, casino games, and poker services across multiple regulated markets including Canada, Estonia, Malta, and Sweden. The website demonstrates a modern technical infrastructure leveraging React, third-party integrations such as GeoComply for geolocation compliance, Playtech for poker, and BetRadar for sports data. The platform is designed with a professional and consistent branding approach, targeting online gamblers in regulated jurisdictions. Security posture is generally good with HTTPS enforced and error tracking via Sentry, though explicit security headers and privacy policies are not evident in the provided content. The absence of WHOIS data for the domain www.coolbet.com is a notable gap, reducing transparency and trustworthiness. Overall, the website is functional and professional but would benefit from enhanced privacy compliance and clearer contact information.

V

Vejle Idrætshøjskole

vih.dk

67

Vejle Idrætshøjskole is a Danish educational institution specializing in sports-focused high school courses, targeting young people in sabbatical years or summer courses. The website presents a professional and modern digital presence built on React and Next.js, with good mobile optimization and SEO practices. The site implements a comprehensive cookie consent mechanism via Cookiebot, ensuring GDPR compliance and user privacy awareness. Security posture is strong with HTTPS enforced and appropriate security headers, though explicit security and incident response policies are not publicly visible. WHOIS data is unavailable, which is typical for Danish domains, but no suspicious indicators are found. Overall, the site reflects a trustworthy and well-managed educational service with moderate to good digital maturity.

P

POMPdeLUX FI Oy

pompdelux.com

70

POMPdeLUX FI Oy operates a professional e-commerce platform specializing in Scandinavian children's clothing, targeting parents and caregivers seeking quality kidswear. The company has established a solid market presence since its domain registration in 2011, offering seasonal collections through a well-branded and user-friendly Shopify-based website. The site demonstrates a mature digital infrastructure with integration of modern marketing and analytics tools such as Klaviyo and Facebook Pixel, ensuring effective customer engagement and data-driven marketing strategies. Security posture is strong with HTTPS enforcement, security headers, and no visible vulnerabilities, although formal security policies and incident response contacts are not publicly disclosed. Privacy compliance is well addressed with comprehensive privacy and cookie policies and consent mechanisms. Overall, the website reflects a trustworthy and professional retail business with room for improvement in explicit security transparency and incident readiness.

E

Estonian Defence and Aerospace Industry Association

defence.ee

42

The Estonian Defence and Aerospace Industry Association is a medium-sized, essential government-related entity representing over 130 companies in Estonia's defence, aerospace, and security sectors. The association focuses on creating market opportunities, advocacy, and fostering cooperation among its members. The website is built on WordPress and uses standard analytics and marketing tools such as Google Analytics and Mailchimp. The technical infrastructure is modern but shows some server-side PHP warnings that could impact stability and security. Security posture is moderate with HTTPS enabled but lacks advanced security headers and published security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Contact information is available but limited to email and physical address, with no phone numbers or incident response contacts published. The website is professionally designed with good navigation and mobile optimization, supporting the association's credibility and trustworthiness.