Security Directory

C

Concrete CMS

concrete5.org

74

Concrete CMS is an open source content management system designed for teams including content creators, designers, and developers. It offers a website builder with built-in tools to simplify content editing and management. The company behind Concrete CMS, PortlandLabs, positions itself as a provider of secure, compliant, and enterprise-ready CMS solutions, serving notable clients such as the U.S. Army, BASF, and Home Depot. Their business model includes offering the open source CMS software alongside hosting, support, and custom development services. The website demonstrates strong branding consistency, professional design, and clear navigation, targeting medium-sized to enterprise organizations in technology and government sectors. Technically, the website leverages modern web technologies including jQuery, Bootstrap, Vue.js, and integrates analytics and marketing tools such as Google Tag Manager, Matomo, ZoomInfo, Leadfeeder, and Pipedrive LeadBooster. The CMS platform itself is Concrete CMS, hosted likely by PortlandLabs. The site is mobile optimized and performs moderately well, with good SEO and accessibility features. From a security perspective, Concrete CMS emphasizes compliance with ISO 27001, SOC 2, and HIPAA standards, offering role-based access control, workflow approvals, and version control. The site uses HTTPS and has cookie consent mechanisms. However, explicit security headers are not detected, and there is no public vulnerability disclosure or incident response contact information, which are areas for improvement. Overall, the website is professional, trustworthy, and content safe for general audiences. The main concern is the lack of WHOIS registration data, which raises questions about domain legitimacy despite the strong business presence. Strategic recommendations include improving security header implementation, publishing vulnerability disclosure policies, and clarifying domain registration details to enhance trust.

P

PortlandLabs

concretecms.org

72

Concrete CMS is an established open source content management system developed and maintained by PortlandLabs since 2008. It targets web developers and content editors seeking an easy-to-use, flexible CMS platform with built-in features and a strong community backing. The website positions Concrete CMS as a trusted solution used by governments and Fortune 500 companies, emphasizing security, extensibility, and user-friendly editing experiences. The business model revolves around open source software distribution complemented by community engagement and commercial support services. Technically, the website employs a modern technology stack including jQuery, Bootstrap, Vue.js, FontAwesome, and analytics tools such as Matomo and Google Analytics. The CMS itself is Concrete CMS, which is also the product being promoted. The site is mobile optimized, well-structured, and uses responsive design techniques. Performance is moderate with room for improvement in accessibility features. SEO practices are good with proper meta tags and Open Graph data. From a security perspective, the site enforces HTTPS and includes a dedicated security page. Cookie consent mechanisms and a comprehensive privacy policy demonstrate compliance with privacy regulations including GDPR. However, explicit security headers are not detected, and no public vulnerability disclosure or incident response contacts are published. No vulnerabilities or exposed sensitive data were found in the HTML content. Overall, the website is professional, trustworthy, and well-maintained with a high level of content quality and business credibility. The lack of WHOIS data limits domain registration trust analysis, but the site’s branding and external trust signals strongly support legitimacy. Strategic recommendations include enhancing security headers, publishing vulnerability disclosure policies, improving accessibility, and maintaining transparency in data protection practices.

D

Deutsch-Griechische Industrie- und Handelskammer

german-chamber.gr

48

The Deutsch-Griechische Industrie- und Handelskammer (German-Greek Chamber of Industry and Commerce) serves as a bilateral business network fostering trade and cooperation between Germany and Greece. With approximately 900 members, it offers a range of services including market entry consulting, legal and tax advice, delegation support, job portals, and translation services. The organization also hosts social events and networking opportunities to strengthen business ties. The website reflects a professional and consistent brand image aligned with its institutional partners such as BMWK, DIHK, and IHK. Technically, the site is built on the Ibexa DXP CMS with Vue.js and Swiper.js for frontend interactivity, delivering a good user experience with mobile optimization and accessibility considerations. Security posture is solid with HTTPS and no exposed sensitive data, though improvements could be made by adding security headers and explicit incident response information. Privacy compliance is partially met with a clear privacy policy but lacks a cookie consent mechanism. Overall, the site is trustworthy and well-positioned within its niche, serving a medium-sized organization focused on government and non-profit sectors.

1

104人力銀行

104.com.tw

64

104人力銀行 is a leading Taiwanese online job recruitment platform providing comprehensive job search and talent acquisition services. The platform targets a broad audience including job seekers, students, fresh graduates, senior professionals, middle-aged workers, and foreigners. It holds a strong market position supported by recognized certifications and awards, reflecting its commitment to social value and work-life balance. The company operates multiple service verticals and partner domains to cater to diverse employment needs. Technically, the website employs modern frontend technologies such as Vue.js and integrates multiple analytics and advertising tools, indicating a mature digital infrastructure. The site is mobile optimized and offers a professional user experience with clear navigation and rich content. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers are not explicitly detected. Privacy compliance is supported by a comprehensive privacy policy, but lacks a visible cookie consent mechanism. Overall, the website demonstrates high business credibility and trustworthiness with consistent branding and transparent company information.

V

VIPARIS

viparis.com

70

VIPARIS is a leading European business tourism company based in Paris, specializing in hosting shows, trade shows, conventions, seminars, and conferences across 12 venues. The website presents a professional and well-branded digital presence targeting business professionals and event organizers. The technical infrastructure leverages modern JavaScript frameworks such as Vue.js and Nuxt.js, with integration of Google Tag Manager for analytics. The website is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS enabled, but lacks visible security headers and public security policies. The absence of WHOIS data and privacy/cookie policies reduces transparency and privacy compliance confidence. Overall, the site is trustworthy and professional but could improve in privacy and security disclosures.

D

Divadlo D21

divadlod21.cz

50

Divadlo D21 is a well-established theatre organization based in Prague, Czech Republic, founded in 2012. It offers theatrical performances, educational projects, and cultural events targeting the general public and schools. The website reflects a professional cultural institution with a clear focus on community engagement and artistic offerings. Technically, the site uses a mix of JavaScript libraries including jQuery, Vue.js, and Google Analytics for tracking, with a responsive design and moderate performance. Security-wise, the site implements GDPR compliance and cookie consent mechanisms but lacks visible HTTP security headers in the provided data, indicating room for improvement in security hardening. Overall, the domain registration and WHOIS data align well with the business profile, supporting legitimacy and trustworthiness.

U

Upian

upian.com

46

Upian is a French media company specializing in digital storytelling, offering studio services to media companies, institutions, and brands, as well as producing documentaries and magazines for web and television. The company positions itself as a creative and editorially focused production house with an international footprint. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, providing a responsive and user-friendly experience. Security posture is adequate with HTTPS enabled, but lacks visible security headers and formal privacy and cookie policies, which could be improved to enhance compliance and trust. Overall, the website is professional and trustworthy, though the absence of WHOIS data slightly reduces domain trustworthiness. Strategic improvements in privacy compliance and security headers are recommended to strengthen the security posture and regulatory adherence.

A

AIA7

aia7.fr

50

AIA7 is a French online community platform dedicated to members of ENSIACET, including students, alumni, teachers, and recruiters. It offers networking, career services, event management, and news updates to foster engagement within the academic and professional community. The platform supports multiple OAuth login providers and integrates social media for broader connectivity. Technically, the site uses modern web technologies such as Vue.js, Google Analytics, Google Maps API, and Leaflet.js, providing a responsive and user-friendly experience. Security is reasonably well implemented with HTTPS and OAuth authentication, though some security headers could be improved. Privacy compliance is addressed with clear privacy and cookie policies, including GDPR considerations. The absence of WHOIS data reduces domain trust slightly, but the website content and structure indicate a legitimate and professional organization.

S

Service Public d’Information en Santé

sante.fr

63

Santé.fr is the official French public health information portal managed under the Ministry of Health. Established in 2016, it serves as a comprehensive and reliable source of health information for the general public and health professionals. The website offers extensive editorial content, a large directory of health professionals and establishments, and personalized health advice services. It is positioned as a leading government-backed health information platform in France. Technically, the site is built on Drupal CMS with modern frontend technologies including Vue.js and FontAwesome. It implements strong privacy and cookie consent mechanisms using tarteaucitron.js and supports mobile and accessibility standards well. The site is served over HTTPS with no detected blocking or WAF interference, indicating good operational maturity. From a security perspective, the site enforces HTTPS and secure login via OpenID Connect but lacks explicit HTTP security headers and a published security policy or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with a comprehensive privacy policy and cookie management. Overall, Santé.fr presents a trustworthy, professional, and secure public health information service with excellent content quality and user experience. The domain WHOIS data is not publicly available, consistent with government domain privacy practices, and the site aligns well with its stated mission and branding.

Srovnejto.cz is a Czech Republic-based online comparison platform specializing in insurance, energy, and loan products. It serves Czech consumers by providing a user-friendly interface to compare offers and find optimal deals. The website is positioned as a trusted local player with a professional design and comprehensive service offerings. Technically, the site leverages modern frontend frameworks such as Nuxt.js and Vue.js, combined with Tailwind CSS for styling and Font Awesome for icons, indicating a mature digital infrastructure. Security-wise, the site enforces HTTPS and includes essential security headers, though it lacks a dedicated security policy or vulnerability disclosure page. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates a solid security posture and business credibility, with room for improvement in transparency around security policies and incident response.

YesWiki.net is a French open-source platform providing a no-code wiki and collaborative database solution aimed at users without technical skills. Founded in 2009, it offers tools for creating collaborative workspaces, form-based data entry, and various content visualization modules. The platform is community-driven with active documentation, forums, and a newsletter. Technically, the site uses PHP, Bootstrap, jQuery, Vue.js, and integrates third-party services like Matomo for analytics and MailerLite for marketing. The website is well-structured, mobile-optimized, and uses HTTPS with a stable domain registration. However, it lacks some modern security headers and cookie consent mechanisms, which are areas for improvement. Overall, the site is trustworthy, professional, and serves a niche market of collaborative content creators.

K

KPMG

kpmg-discovery.cz

67

KPMG Česká republika is a leading professional services firm offering audit, tax, advisory, and legal services. The website reflects a mature, enterprise-level business with a strong market position supported by global brand recognition. The content is tailored to clients and potential clients in the Czech Republic, emphasizing the integration of advanced technologies and expert knowledge to deliver excellent results efficiently. The site is well-structured, professionally designed, and optimized for multiple devices and languages, indicating a high level of digital maturity. Technically, the website leverages modern JavaScript frameworks (Vue.js), a robust CMS (Adobe Experience Manager), and a global CDN (Akamai) to ensure fast performance and scalability. Privacy and cookie compliance are well implemented, with clear policies and consent mechanisms. Security posture is strong, with HTTPS enforced, domain registration protections, and no visible vulnerabilities or exposed sensitive data. However, explicit security policies and incident response contacts are not prominently published, representing an area for improvement. Overall, the risk profile is low with no signs of malicious activity or suspicious content. The website demonstrates a high degree of professionalism, trustworthiness, and compliance with relevant regulations. Strategic recommendations include enabling DNSSEC, publishing security and incident response policies, and enhancing transparency around data protection officer contacts to further strengthen trust and security posture.

N

Nature et Progrès

natureetprogres.org

67

Nature et Progrès is a well-established French non-profit association founded in 1964, dedicated to promoting agroecology and organic production through a participatory guarantee system. The website serves as an informational and community platform for producers, consumers, and local groups involved in sustainable agriculture and related sectors. The organization holds a credible market position within the organic certification space in France, supported by a domain registered since 2002 with a reputable registrar, OVH sas. Technically, the website is built on the YesWiki CMS platform, leveraging Bootstrap, jQuery, and Vue.js for a responsive and modern user experience. Hosting is provided by OVH, a known hosting provider. The site demonstrates good mobile optimization and accessibility, though SEO and privacy compliance could be improved. No major performance issues were detected. From a security perspective, the site uses HTTPS and has domain-level protections such as clientDeleteProhibited and clientTransferProhibited statuses. However, it lacks DNSSEC and explicit security headers, and no published security or incident response policies were found. The absence of privacy and cookie policies indicates a gap in compliance with GDPR and related regulations. Overall, the website is trustworthy and professional, with a strong business credibility score. The main risks relate to privacy compliance and security best practices, which should be addressed to enhance user trust and regulatory adherence.

Edisun Power Europe AG is a Swiss-based publicly listed company specializing in the financing and operation of solar power plants across Europe. Established in 1997, it has grown to become a pioneer in medium to large-scale photovoltaic projects, contributing significantly to the renewable energy sector and the energy transition. The company targets investors and stakeholders interested in sustainable energy solutions, leveraging its broad European presence and expertise. Technically, the website is built on Concrete CMS with modern frontend technologies such as Vue.js and Bootstrap, providing a good user experience with mobile optimization and basic accessibility features. The site employs Google Tag Manager for analytics and includes a GDPR-compliant cookie consent mechanism. Security-wise, the website enforces HTTPS and uses cookie consent but lacks explicit security headers and detailed security policies. The absence of WHOIS registration data raises concerns about domain legitimacy, although the business information and public listing support its credibility. Overall, the website is professional and trustworthy but would benefit from enhanced security practices and clearer domain registration transparency.

I

Inferential

inferential.fr

43

Inferential is a French company specializing in healthcare-related data management, biostatistics, and methodological expertise. Founded in 2010, it serves over 60 clients across 12 countries with a strong portfolio of projects and deliverables. The company targets healthcare and research organizations requiring advanced statistical and data services. The website reflects a professional and consistent brand image with clear service offerings and contact information. Technically, the website is built on WordPress with modern technologies such as Tailwind CSS, Vue.js, and Axios. It is mobile optimized and uses Google Analytics for user tracking. However, some security best practices like security headers are not evident, and privacy and cookie policies are missing, which impacts compliance and trust. Security posture is generally good with HTTPS enforced and secure form handling, but the absence of WHOIS data and domain registration details raises concerns about domain legitimacy. No WAF or blocking mechanisms were detected, allowing full content access. Overall, the website is professional and functional but would benefit from improved transparency in privacy compliance and enhanced security headers. Verification of domain registration is recommended to strengthen trust.

The Observatoire Europe Climat website is a non-profit transparency platform operated by Réseau Action Climat, focused on monitoring and evaluating the climate commitments of European elected officials and the French government in Europe. The site provides legislative tracking and ratings to promote accountability in climate policy. The business operates primarily in the energy and transportation sectors within the non-profit industry, targeting citizens interested in European climate governance. The domain is registered since 2019, consistent with the organization's timeline. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as Vue.js and Axios, with Google Analytics and Google Tag Manager for tracking. The site is hosted by OVH and enforces HTTPS with redirects, indicating a baseline of security. Performance and mobile optimization are moderate to good, though accessibility features are basic. SEO is adequately addressed with meta tags and structured data. From a security perspective, the site enforces HTTPS but lacks important security headers like Content-Security-Policy and X-Frame-Options. No forms or input fields were detected, reducing attack surface, but no explicit security or incident response policies are published. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. No contact information or vulnerability disclosure policies are provided, limiting transparency. Overall, the website presents a moderate risk profile with good business credibility but room for improvement in security posture and privacy compliance. Strategic recommendations include implementing security headers, adding cookie consent, publishing security and incident response policies, and improving accessibility and contact transparency.

A

Autonomie Paris Saint-Jacques, Maison des Aînés et des aidants Paris Centre

centraider.fr

45

Centr'aider® is a specialized resource website dedicated to supporting caregivers (aidants) in the Île-de-France region. It provides comprehensive information on caregiver rights, available aids, activities, and professional resources. The platform is funded by the Agence Régionale de Santé Île-de-France and initiated by the association Autonomie Paris Saint-Jacques, reflecting a strong governmental and non-profit backing. The website targets caregivers, professionals working with caregivers, and organizations offering aid services, positioning itself as a trusted regional support hub. Technically, the site is built on WordPress with modern JavaScript libraries such as Vue.js and Axios, and uses FontAwesome for icons. It employs a GDPR-compliant cookie consent mechanism via the Complianz plugin and integrates Google Analytics for user behavior insights. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the website enforces HTTPS and uses cookie consent management, but lacks explicit security headers and a published security policy or incident response information. No vulnerabilities or exposed sensitive data were detected in the provided content. The WHOIS data is not publicly available, which is common for .fr domains, but the website's legitimacy is supported by its official funding and professional presentation. Overall, Centr'aider® presents a secure, professional, and privacy-conscious platform with a clear mission to support caregivers in the Île-de-France region. Strategic improvements could include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to further strengthen trust and compliance.

R

Réseau TEPOS (animated by réseau Cler)

tepos.fr

54

The website tepos.fr represents the TEPOS network, a French energy transition network animated by the larger association réseau Cler. It serves over 150 local actors including municipalities and project leaders engaged in positive energy transition initiatives. The site provides news, events, resources, and a newsletter subscription to support and coordinate these actors. The business model focuses on network facilitation and knowledge sharing within the energy sector in France. Technically, the site is built on WordPress, uses modern JavaScript libraries like Vue.js and Axios, and is hosted by OVH, a reputable provider. The site is well-structured, mobile-optimized, and includes SEO best practices. Security posture is solid with HTTPS, cookie consent, and no visible vulnerabilities, though it lacks explicit security policies or incident response contacts. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, making it a reliable resource for its target audience.

I

InfluenceWP

influencewp.com

62

InfluenceWP is a recently established platform (founded in 2024) dedicated to helping WordPress product creators boost their presence and reach more customers. The platform differentiates itself by offering trusted, exclusive, and non-affiliated deals and giveaways, focusing on genuine relationships rather than affiliate commissions. Its target audience includes WordPress product creators, agencies, freelancers, DIYers, and consumers seeking reliable WordPress resources. The business model centers on providing value through free partner memberships and consumer memberships, supported by marketing services such as YouTube exposure and viral giveaway campaigns. Technically, the website is built on WordPress using Elementor and WooCommerce, leveraging modern web technologies including jQuery and Vue.js. Hosting and DNS services are provided via Cloudflare, ensuring good performance and security. The site is mobile-optimized, accessible, and SEO-friendly, with comprehensive metadata and structured data enhancing discoverability. From a security perspective, the site employs HTTPS with a strong SSL configuration and benefits from Cloudflare's CDN and DNS services. However, it lacks DNSSEC and some recommended security headers. No explicit security or incident response policies are published, and there is no cookie consent mechanism despite GDPR compliance indications. The WHOIS data is consistent with the business claims, showing a new domain registered publicly without privacy protection, appropriate for a startup. Overall, InfluenceWP presents a professional, trustworthy, and well-structured platform with a clear niche focus. Strategic improvements in security policies, cookie consent, and DNS security would enhance its compliance and trustworthiness further.

G

GlaxoSmithKline plc

stiefel.com

66

GlaxoSmithKline plc (GSK) is a leading global healthcare company specializing in pharmaceuticals, vaccines, and consumer healthcare products. The company maintains a strong market position with a comprehensive portfolio targeting healthcare professionals, investors, and consumers worldwide. Their website reflects a mature digital presence with excellent content quality, clear navigation, and consistent branding aligned with their corporate identity. Technically, the site leverages modern frameworks such as Nuxt.js and Vue.js, ensuring fast performance and mobile optimization. Security posture is robust, with HTTPS enforcement, security headers, and published security policies including incident response and vulnerability disclosure programs. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the website demonstrates high professionalism and trustworthiness, supporting GSK's reputation as a major healthcare enterprise.

L

La Cooperative des Tilleuls

les-tilleuls.coop

67

Les-Tilleuls.coop is a French technology cooperative specializing in API, web, and cloud expertise. They are creators of the API Platform framework and FrankenPHP, and maintainers of Symfony. The company operates as a self-managed, egalitarian cooperative with over 70 employees and multiple offices across France. Their market position is strong within the open source and enterprise technology sectors, serving over 200 partners with consultancy, development, training, and cloud services. Technically, the website is built on modern frameworks including Next.js, Symfony, Laravel, and Vue.js, hosted with Cloudflare DNS and CDN, ensuring good performance and mobile optimization. Security posture is solid with HTTPS and no exposed sensitive data, though improvements are recommended in DNSSEC and security headers. Privacy compliance is basic, lacking explicit cookie consent and detailed privacy policies. Overall, the company demonstrates high business credibility and trustworthiness with certifications like B Corp and a transparent WHOIS record.

T

Teamwork

teamwork.com

76

Teamwork is a well-established SaaS company specializing in project and resource management software designed for busy teams. The company offers a comprehensive suite of tools including project management, resource allocation, collaboration, time tracking, and helpdesk solutions. Positioned strongly in the technology sector, Teamwork targets business teams and project managers globally, with a focus on improving productivity and workflow efficiency. The website reflects a mature digital presence with professional branding and clear messaging aligned with its business objectives. Technically, the website leverages modern JavaScript frameworks such as Vue.js and Nuxt.js, ensuring a fast, responsive, and accessible user experience across devices. The infrastructure appears robust with good SEO practices and performance optimizations. Security measures are well implemented, including HTTPS enforcement and multiple security headers, although explicit security policies and incident response details are not publicly disclosed. From a security standpoint, the site demonstrates strong baseline protections but lacks transparency in vulnerability disclosure and incident response readiness. The absence of WHOIS data reduces domain trust slightly but does not detract significantly from the overall legitimacy given the professional web presence and external trust signals. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, Teamwork presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include publishing detailed security policies, incident response contacts, and vulnerability disclosure programs to enhance trust and compliance further.

G

GlaxoSmithKline (GSK)

gsk.com

74

GlaxoSmithKline (GSK) is a leading global healthcare company specializing in pharmaceuticals, vaccines, and consumer healthcare products. The company maintains a professional and comprehensive website targeting healthcare professionals, investors, and consumers worldwide. Their market position is strong, supported by a broad portfolio of products and subsidiaries such as ViiV Healthcare and Stiefel Laboratories. The website content is rich, well-structured, and professionally presented, reflecting the company's enterprise scale and global reach. Technically, the site leverages modern frameworks like Nuxt.js and Vue.js, with good performance and mobile optimization. Security posture is robust with HTTPS enforcement and strong security headers, although explicit security policy and incident response information are not prominently published. Privacy compliance is well addressed with clear privacy and cookie policies including consent mechanisms. Overall, the website demonstrates high professionalism, trustworthiness, and digital maturity.

B

BOSA

publicprocurement.be

48

The website www.publicprocurement.be appears to be a government-related eProcurement platform operated by BOSA, a Belgian government entity. However, the website content is currently inaccessible, showing only a JavaScript loading spinner and a message indicating that JavaScript is required. No meaningful content, contact information, or policies are available on the landing page. The WHOIS data for the domain is not accessible and returns a 'NOT ALLOWED' status, preventing extraction of registrar, creation, expiry, or registrant details. This lack of WHOIS transparency reduces trust and legitimacy verification. Technically, the site uses modern frontend technologies such as Vue.js and Vuetify, indicating a contemporary tech stack. However, due to the blocked content, performance, accessibility, and SEO aspects cannot be assessed. Security headers and SSL configuration details are not available from the provided data, and no security or privacy policies are detected. The security posture is weak due to the lack of accessible content and missing security headers. Privacy compliance cannot be confirmed as no privacy or cookie policies are found. The domain's WHOIS data inconsistency and blocked content suggest potential access restrictions or security controls limiting public visibility. Overall, the site is likely intended for authenticated or internal users only, limiting public access. Strategic recommendations include improving public-facing transparency, publishing privacy and security policies, ensuring WHOIS data availability for trust, and implementing robust security headers and SSL configurations.

L

La note touristique

lanotetouristique.com

52

La Note Touristique is a small French business founded in 2020 that provides environmental labeling services for furnished tourism accommodations. The website presents a professional and consistent brand image focused on sustainability in the hospitality sector. Technically, the site is built using modern frameworks such as Nuxt.js and Vue.js and is hosted by OVH sas, a reputable provider. The site is accessible without any WAF or security challenges and implements HTTPS with a good SSL configuration. However, it lacks explicit privacy and terms of service policies, contact information, and security headers, which are important for compliance and trust. Cookie consent is implemented, indicating some attention to privacy regulations. Overall, the security posture is moderate but could be improved with additional headers and policies.

CoachCopro is a French public service platform dedicated to supporting co-ownerships in their energy renovation projects. It operates as part of the national energy renovation service, France Rénov'. The website provides informational resources and accompaniment services tailored to co-ownership renovation needs. Technically, the site is built using modern JavaScript frameworks such as Nuxt.js and Vue.js, with integration of the TinyMCE editor for content management. The site demonstrates good design quality and user experience, optimized for mobile devices, but lacks comprehensive privacy and cookie policies, which are critical for compliance. Security posture is moderate due to absence of visible security headers and unknown SSL configuration. WHOIS data is unavailable, which raises concerns about domain registration transparency. Overall, the platform appears legitimate and focused on its public service mission but would benefit from enhanced compliance and security measures.

Demcon is a well-established technology group headquartered in the Netherlands, specializing in innovative product development and manufacturing across diverse sectors such as aerospace, healthcare, energy, and smart industry. The company operates through multiple specialized subsidiaries, leveraging collective expertise to deliver advanced technological solutions that create social impact. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to technology-minded audiences. Technically, the site uses modern frameworks like Nuxt.js and Vue.js, integrates Google Tag Manager and reCAPTCHA for analytics and security, and employs a cookie consent mechanism ensuring GDPR compliance. Security posture is strong with HTTPS enforced and bot protection in place, though some security headers and explicit policies could be improved. Overall, Demcon demonstrates high business credibility and digital maturity with room for enhanced transparency in security policies and incident response.

G

GEISTER MEDIZINTECHNIK GMBH

gbluelabel.de

41

GEISTER MEDIZINTECHNIK GMBH is a well-established German company specializing in the manufacture and supply of premium surgical instruments under the G BLUE LABEL™ brand. With a heritage spanning approximately 100 years, the company targets medical professionals and institutions requiring high-quality, innovative surgical tools. Their business model is primarily B2B, focusing on product excellence and custom solutions to meet surgical needs. The website reflects a professional and consistent brand image, supporting their market position as a premium instrument provider. Technically, the website employs modern JavaScript frameworks such as Vue.js and Axios, alongside jQuery and FontAwesome for UI elements. The site is mobile-optimized with good navigation and SEO practices, though performance is moderate. The CMS appears custom-built with PHP components. Analytics are implemented via Google Analytics and Tag Manager, indicating moderate user tracking. From a security perspective, the site uses HTTPS and includes verification meta tags for Google and Facebook, but lacks visible security headers and explicit cookie consent mechanisms. No sensitive data exposure or vulnerabilities were detected in the content. The WHOIS data is minimal but consistent with the business, showing no suspicious patterns. However, contact information is not explicitly provided on the main page, which could impact user trust. Overall, the website is professional and trustworthy with room for improvement in privacy compliance and security best practices. Strategic enhancements in cookie consent, security headers, and contact transparency would strengthen their security posture and user confidence.

BeSignal is a specialized software provider offering whistleblowing reporting platforms tailored to meet the requirements of the European Whistleblowing Directive and data protection standards. Founded in 2021 and based in France, the company targets organizations in both the corporate and public sectors, including schools, to streamline whistleblowing report management and resolution. Their business model is primarily SaaS, delivering compliance-focused solutions with multi-language support and a professional online presence. Technically, the website leverages modern JavaScript frameworks such as Vue.js, integrates HubSpot for marketing and analytics, and employs Cookiebot for cookie consent management. The hosting is provided by OVH sas, a reputable European hosting provider. Security-wise, the site enforces HTTPS and has domain protections against unauthorized transfers or deletions, but lacks DNSSEC and some security headers. No explicit privacy policy or terms of service were found, which is a compliance gap. Overall, the website is professional and functional with moderate security posture and good business credibility.

G

GlaxoSmithKline plc

gsk.cz

72

GlaxoSmithKline plc (GSK) is a leading global healthcare company specializing in pharmaceuticals, vaccines, and consumer healthcare products. The Czech Republic location page reflects GSK's strong presence in the region, targeting healthcare professionals, patients, and partners with comprehensive information about their operations. The website is professionally designed, mobile-optimized, and provides clear navigation and contact information, reinforcing GSK's market position as a large multinational enterprise in the healthcare sector. Technically, the site leverages modern JavaScript frameworks such as Nuxt.js and Vue.js, ensuring a responsive and performant user experience. Analytics and marketing tools like Google Analytics and Google Tag Manager are used responsibly with privacy compliance in mind. Security-wise, the website enforces HTTPS, implements key security headers, and shows no signs of vulnerabilities or exposed sensitive data, indicating a mature security posture. However, the absence of WHOIS data for the domain is noted, likely due to registry restrictions rather than malicious intent. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations.

U

Uscreen

uscreen.io

65

Uscreen is a technology company providing a SaaS platform for creators and entrepreneurs to build and monetize their own video streaming services. The website analyzed is the admin login page, featuring modern web technologies such as Vue.js and Tailwind CSS, and integrates multiple analytics and marketing tools including Google Tag Manager, Facebook Pixel, and Sentry for error monitoring. The platform targets content creators seeking to launch subscription or pay-per-view video services and positions itself as an established player with over 25,000 creators. The technical infrastructure is robust, leveraging CDN hosting and modern JavaScript frameworks, ensuring good performance and mobile optimization. Security posture is strong with HTTPS enforcement, CSRF protection, and monitoring tools, although explicit privacy and cookie policies are not directly linked on this page, indicating room for improvement in compliance transparency. Overall, the site is professional and trustworthy, with no signs of malicious content or adult material.

O

OnlyFans

onlyfans.com

68

OnlyFans is a well-established subscription-based social platform founded in 2013, specializing in enabling content creators, particularly in adult entertainment, to monetize their content and engage with fans. The platform holds a leading market position in the creator economy, offering services that facilitate direct fan support and content monetization. Technically, the website employs modern JavaScript frameworks such as Vue.js, is hosted on Amazon AWS infrastructure, and integrates Cloudflare Insights for analytics and performance monitoring. The site demonstrates good mobile optimization and a consistent branding approach. Security-wise, OnlyFans enforces HTTPS, employs domain transfer locks, and provides cookie consent mechanisms, although DNSSEC is not enabled, representing a minor security gap. Privacy policies and terms of service are comprehensive and GDPR compliant, but explicit incident response contacts and vulnerability disclosure mechanisms are not publicly available. Overall, the platform maintains a strong security posture suitable for its business model, with recommendations to enhance DNS security and transparency in security incident handling.

G

GEISTER MEDIZINTECHNIK GMBH

geister.com

54

GEISTER MEDIZINTECHNIK GMBH is a German-based manufacturer specializing in premium reusable surgical instruments, including titanium instruments and various clamps for cardiovascular and thoracic surgery. The company emphasizes German craftsmanship, precision, and sustainability, targeting medical professionals and OEM partners globally. Their website reflects a mature digital presence with multilingual support and detailed product highlights. Technically, the site uses modern JavaScript frameworks such as Vue.js and integrates Google Tag Manager for analytics, indicating a moderate level of digital maturity. Security posture is generally good with HTTPS enforced and cookie consent mechanisms in place, though the absence of explicit security headers and incident response information suggests room for improvement. The WHOIS data is notably missing, which raises some concerns about domain registration transparency but does not directly contradict the professional business presence. Overall, the website is trustworthy and well-maintained but would benefit from enhanced security disclosures and contact transparency.

F

Finapres Medical Systems

finapres.com

74

Finapres Medical Systems is a specialized healthcare technology company focused on providing continuous non-invasive hemodynamic monitoring solutions. Their flagship product, the Finapres NOVA, offers accurate blood pressure monitoring using finger cuff technology, serving clinical diagnostics, hemodynamic evaluation, and educational purposes. The company operates as a medium-sized entity under the Demcon group, targeting healthcare professionals and researchers. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, with integrations for analytics and privacy compliance tools like Google Tag Manager and Cookiebot. Security posture is strong with HTTPS enforcement, security headers, and bot protection via reCAPTCHA, though there is room for improvement in publicly disclosing security policies and incident response contacts. The absence of WHOIS data slightly impacts trust but is mitigated by professional branding and certifications. Overall, the website demonstrates a mature digital presence with good content quality, technical implementation, and privacy compliance.

B

Barenboim-Said Akademie

barenboimsaid.de

67

The Barenboim-Said Akademie website represents a well-established educational and cultural institution focused on music education and cultural exchange. The site offers a range of services including masterclasses, concerts, and digital content, targeting students, music professionals, and cultural enthusiasts. The business model is non-profit and niche, with a strong cultural and educational focus primarily in Germany. The website is professionally designed with consistent branding and good content quality, supporting its mission effectively. From a technical perspective, the website employs modern technologies such as Vue.js, integrates with multiple third-party platforms like Vimeo, Google Analytics, Spotify, and Bandcamp, and uses Cookiebot for GDPR-compliant cookie management. Hosting appears to be stable and secure, likely leveraging Cloudflare services. Performance and mobile optimization are good, though accessibility features are basic. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place. However, explicit security headers like X-Frame-Options and X-Content-Type-Options are not clearly identified and could be improved. No public security policy or incident response contacts are found, which could enhance trust and preparedness. No vulnerabilities or critical issues were detected. Overall, the website is safe, trustworthy, and compliant with privacy regulations. It does not contain adult or questionable content and is accessible without WAF or security challenges. Strategic recommendations include enhancing security headers, publishing a security policy, and improving accessibility features to further strengthen the site’s security and user experience.

P

Palais de Tokyo

palaisdetokyo.com

60

Palais de Tokyo is a prominent cultural institution based in Paris, France, dedicated to contemporary art. It is recognized as the largest center for contemporary art in Europe, offering exhibitions, performances, educational workshops, and a retail boutique. The website reflects a mature digital presence with a modern tech stack including Nuxt.js and Vue.js, and incorporates privacy compliance tools such as tarteaucitron for cookie consent and Sibforms for newsletter subscriptions. The site is well-designed, mobile-optimized, and provides clear navigation and rich content relevant to its audience. Security posture is solid with HTTPS enforced and domain transfer protections, though some improvements like enabling DNSSEC and publishing a security policy could enhance trust further. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, serving a general audience interested in art and culture.

T

The Coding Machine

thecodingmachine.com

66

The Coding Machine is a French-based technology company specializing in custom web and mobile application development, serving entrepreneurs, startups, and large enterprises. Established in 2004, it has a mature market presence and offers a comprehensive suite of services including technical conception, UX/UI design, development, maintenance, audits, and generative AI solutions. The company emphasizes adherence to deadlines and budgets, positioning itself as a reliable partner in digital transformation projects. Technically, the website is built on WordPress with a modern tech stack including Laravel, Symfony, React, Vue.js, and various No Code and blockchain technologies, hosted on Amazon AWS. The site is well-optimized for SEO and mobile, with good performance and accessibility standards. Security posture is solid with HTTPS, domain locks, and CAPTCHA-protected forms, though DNSSEC is not enabled and some security headers could be improved. Privacy compliance is strong with clear GDPR-aligned policies and cookie consent mechanisms. Overall, the website reflects a professional, trustworthy, and technically competent organization with a strong digital presence.

P

Political Watch

parlamento2030.es

55

Parlamento2030 is a specialized platform developed and supported by Political Watch and the Spanish Ministry of Foreign Affairs to provide transparent, accessible information on parliamentary activities related to the Sustainable Development Goals (SDGs) in Spain. The platform leverages advanced automatic tagging technology to classify and present parliamentary data, enabling researchers, policymakers, journalists, and the public to monitor progress on the Agenda 2030. The website is well-structured, professionally designed, and offers multilingual support, enhancing accessibility and user engagement. Technically, the site is built using modern frontend technologies such as Vue.js and Vite, ensuring a responsive and performant user experience. While no explicit CMS or hosting provider information is available, the site demonstrates good SEO practices and mobile optimization. Security-wise, HTTPS is enforced, but the absence of visible security headers and vulnerability disclosure mechanisms suggests room for improvement in hardening the platform against potential threats. The security posture is moderate with no evident vulnerabilities or exposed sensitive data, but the lack of detailed WHOIS information due to registrar restrictions limits full trust verification. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place, aligning with GDPR requirements. Business credibility is supported by government affiliation, open source transparency, and clear contact information. Overall, Parlamento2030 presents a trustworthy, well-maintained platform with a clear mission and target audience. Strategic recommendations include enhancing security headers, adding a security.txt file, improving accessibility features, and maintaining regular audits of third-party components to sustain and improve the security and compliance posture.

The Ultomiris Pregnancy Registry Study website serves as a clinical research platform focused on enrolling and informing pregnant or breastfeeding women who have been prescribed ULTOMIRIS for autoimmune conditions. The site is professionally designed and targets both patients and healthcare providers in the United States. It provides detailed information about the study, medication, and participation methods, supported by links to official prescribing information and medication guides. The parent company IQVIA is prominently referenced, lending credibility to the site. Technically, the website employs a modern technology stack including jQuery, Bootstrap, Vue.js, and Google Tag Manager, with Sitecore CMS inferred from cookie names. The site is mobile-optimized and includes accessibility features, though some improvements could be made. Security measures include HTTPS enforcement, Google reCAPTCHA integration, and a comprehensive cookie consent mechanism. However, explicit security headers are not detected, and no incident response or security policy pages are present. From a security and compliance perspective, the site demonstrates good privacy compliance with clear privacy and cookie policies and user consent mechanisms. The absence of WHOIS data for the domain is a notable anomaly, reducing trust slightly, but the professional content and association with IQVIA mitigate concerns. No vulnerabilities or exposed sensitive data were detected. Overall, the website is a credible and professionally maintained clinical research registry with moderate to good technical and security posture. Strategic improvements in security headers, incident response transparency, and domain registration clarity would enhance trust and compliance.

U

Ultahost

ultahoststatus.com

53

Ultahost Status is a dedicated status monitoring website for Ultahost's server infrastructure, providing real-time updates and historical incident reports to its customers. The site is relatively new, consistent with the domain registration date in 2024, and targets Ultahost users who require transparency about service availability and outages. The business model focuses on enhancing customer communication and trust through timely incident reporting. Technically, the website employs modern web technologies such as Vue.js and is hosted with Cloudflare DNS services. The site is moderately optimized for performance and mobile responsiveness but lacks advanced SEO and accessibility features. The absence of DNSSEC and security headers indicates room for improvement in security hardening. From a security perspective, the site uses HTTPS, ensuring encrypted communications, but lacks explicit security policies, vulnerability disclosures, and contact channels for incident response. No privacy or cookie policies are present, which may affect compliance with data protection regulations. The site does not employ tracking or advertising technologies, minimizing privacy risks. Overall, the website is functional and serves its purpose as a status page but requires enhancements in privacy, security policies, and contact transparency to improve trust and compliance. Strategic improvements in security headers, DNSSEC, and policy disclosures are recommended to elevate the site's security posture and regulatory adherence.

P

Watch The Best Premium HD Porn Videos | Pornhub Premium home

pornhubpremium.com

68

Pornhub Premium operates as a leading subscription-based adult entertainment platform offering high-definition, ad-free pornographic videos featuring popular performers. The website targets adult audiences exclusively and employs age verification modals and explicit disclaimers to ensure compliance with legal requirements. Technically, the site uses modern web technologies including Vue.js and jQuery, with a focus on performance and mobile optimization. Privacy and cookie consent mechanisms are robust, reflecting good GDPR compliance practices. However, the absence of publicly available WHOIS data and lack of explicit security policies or incident response contacts present transparency and trust challenges. Overall, the platform demonstrates a mature digital infrastructure but could improve in security communication and registrant transparency.

F

Framasoft

framalibre.org

55

Framalibre is a French-language directory website operated by the non-profit association Framasoft, dedicated to promoting free and libre software, tools, and hardware. The platform serves a niche audience interested in digital emancipation, privacy, and open-source alternatives. It offers categorized listings, mini-sites for specific user needs, and community engagement features. The website is well-branded and consistent with the parent organization's mission and values. Technically, the site uses modern frontend technologies including Vue.js and Bootstrap, hosted under the Gandi SAS registrar. The site is mobile-optimized with good design and navigation clarity, though some SEO and accessibility features could be improved. Security posture is adequate with HTTPS enforced and domain transfer protections, but lacks DNSSEC and advanced security headers. Privacy compliance is basic with privacy and terms pages available on the parent domain but no explicit cookie consent mechanism. Overall, the security posture is moderate with no critical vulnerabilities detected, but improvements are recommended in DNS security and security policy transparency. The site exhibits minimal user tracking and no advertising, aligning with its non-profit ethos. The domain registration is consistent and trustworthy, supporting the legitimacy of the site. Strategic recommendations include enabling DNSSEC, adding security headers, publishing a vulnerability disclosure policy, and implementing a cookie consent mechanism to enhance privacy compliance and user trust.

F

Framasoft

framapad.org

55

Framasoft is a French non-profit organization dedicated to promoting digital autonomy and popular education through free and open-source software projects such as Framapad, a collaborative real-time text editor. The organization operates on a donation-based model, emphasizing ethical hosting and user data protection. The website reflects a mature digital presence with multilingual support, clear navigation, and a strong community focus. Technically, the site uses modern frameworks like Vue.js and hosts Etherpad-lite software, ensuring a responsive and performant user experience. Security posture is solid with HTTPS and domain transfer protections, though improvements could be made by enabling DNSSEC and adding security headers. Privacy compliance is good, with clear terms of use and a privacy policy, but lacks a cookie consent mechanism despite minimal tracking. Overall, the site is trustworthy, professional, and aligned with its mission of digital emancipation.

S

Scramble Ireland

scrambleireland.com

65

Scramble Ireland operates as a specialized e-commerce retailer focused on Brazilian Jiu-Jitsu and grappling apparel and equipment, serving primarily the Irish market. The company offers a range of products including rashguards, shorts, kimonos, belts, and related accessories. Positioned as Ireland's leading BJJ and grappling store, it leverages the Square Online platform for its digital storefront, integrating payment and shipping functionalities seamlessly. The website demonstrates a professional design with good user experience and mobile optimization, supporting both in-store pickup and shipping options. Technically, the site employs modern web technologies including Vue.js and integrates third-party services such as Cookiebot for cookie consent management, Snowplow for analytics, and Sentry for error monitoring. Hosting is managed via Square's CDN infrastructure, ensuring reliable performance. Security posture is strong with HTTPS enforcement and standard security headers, although explicit security policies and incident response information are absent. From a security and compliance perspective, the site implements GDPR-compliant cookie consent mechanisms but lacks a dedicated privacy policy and terms of service pages, which are critical for full compliance and user trust. The absence of WHOIS registration data raises concerns about domain legitimacy, although the professional site presence and integration with reputable payment partners mitigate some risk. No vulnerabilities or exposed sensitive data were detected in the analysis. Overall, Scramble Ireland presents a credible and professionally managed online retail presence with room for improvement in privacy documentation and domain registration transparency. Strategic enhancements in compliance documentation and security disclosures would strengthen trust and regulatory adherence.

O

ONF Vegetis

onf-vegetis.fr

52

ONF Vegetis is a French company specializing in sustainable management and maintenance of natural spaces, vegetation control, and wooden furniture for natural and urban environments. The company targets professionals seeking expert services in arboriculture, vegetation management, and infrastructure maintenance. The website reflects a mature digital presence with modern technologies such as Vue.js, jQuery, and GSAP, and integrates analytics tools like Matomo and Google Analytics via Google Tag Manager. Privacy and cookie policies are well implemented with a consent mechanism, demonstrating GDPR compliance. However, the site lacks a dedicated security policy and incident response information, which are recommended for enhanced trust and compliance. Overall, the website is professional, secure with HTTPS, and provides clear navigation and relevant content for its audience.

O

ONF-Agir pour la forêt

onf-agirpourlaforet.fr

54

ONF-Agir pour la forêt is a French non-profit organization dedicated to raising funds to support projects of general interest in public forests managed by the Office National des Forêts (ONF) and its partners. The website presents a professional and well-structured platform aimed at individuals and enterprises interested in sustainable forest management and biodiversity preservation. The organization positions itself as a key player in environmental conservation within France, leveraging public engagement and corporate sponsorships to finance its initiatives. Technically, the website employs a modern technology stack including Vue.js, jQuery, GSAP, and integrates analytics tools such as Matomo and Google Tag Manager. It uses a proprietary or custom CMS platform and implements cookie consent mechanisms compliant with GDPR. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. From a security perspective, the site enforces HTTPS and uses cookie consent tools, but lacks explicit security policies or incident response information. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data confirms the domain's legitimacy and consistency with the organization's profile. Overall, the website is trustworthy, professionally maintained, and compliant with privacy regulations, making it a reliable source for donors and partners interested in forest conservation efforts in France.

S

Smart Industry

smartindustry.com

65

Smart Industry is a professional media platform focused on the digital transformation of manufacturing and the Industrial Internet of Things (IIoT). It provides industry professionals with news, webinars, podcasts, white papers, and membership services, positioning itself as a key information source in the Industry 4.0 space. The website demonstrates a mature digital presence with modern web technologies such as Nuxt.js and Vue.js, and integrates marketing and advertising tools like BlueConic and Google Ad Manager. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. The absence of WHOIS data for the domain is a notable anomaly that impacts trust assessment. Overall, the site is professional, content-rich, and well-structured, targeting industrial professionals and manufacturing sectors.

F

fnordserver.eu

fnordserver.eu

53

fnordserver.eu is a small managed hosting provider based in Germany, offering full-service managed hosting solutions focused on high performance and support for the latest web technologies. The website presents a professional and well-structured digital presence built on modern frameworks such as Vue.js and Nuxt.js, ensuring good performance and mobile optimization. Contact information is clearly provided, including a support email and phone number, enhancing business credibility. However, the site lacks visible privacy, cookie, and terms of service policies, which are critical for compliance and user trust. Security posture is moderate with no detected security headers or incident response information, indicating room for improvement in security best practices. Overall, the website is functional and professional but would benefit from enhanced privacy and security disclosures.

F

Framasoft

framaprout.org

56

Framaprout.org is a niche, playful web project operated by the French non-profit organization Framasoft, known for promoting free software and digital commons. The site offers an interactive 'Prout-o-mètre' application with humorous content and browser extensions to engage users in a lighthearted manner. The project targets a general audience interested in digital culture and community-driven initiatives. Technically, the site uses modern frontend technologies including Vue.js and Bootstrap, hosted by OVH sas, with good mobile optimization and privacy-respecting analytics. Security posture is adequate with HTTPS enforced and domain protections, though DNSSEC is not enabled and explicit security policies are not published. Privacy compliance is partial, with privacy and terms policies available on the parent site but no cookie consent mechanism on this site. Overall, the site is trustworthy, professionally presented, and aligned with Framasoft's mission.

F

Framasoft

framalab.org

58

Framasoft operates Framalab as an experimental platform offering privacy-respecting, open-source alternatives to popular proprietary web services. The organization is a French non-profit established in 2011, focusing on community-driven digital tools such as forms, petitions, shared expense management, diagramming, and PDF handling. The website is well-structured, multilingual, and targets users seeking ethical and privacy-conscious digital services. Technically, the site uses modern frontend technologies like Vue.js and FontAwesome, hosted by OVH sas, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and domain protections in place, but lacks DNSSEC and security headers, and no cookie consent mechanism is present. Privacy compliance is supported by comprehensive privacy and terms pages on the parent site, though explicit cookie policies are missing. Overall, the site is trustworthy and professional, with minimal tracking and strong community engagement via social media and forums.