Security Directory

L

Le Télégramme

letelegramme.fr

63

Le Télégramme is a prominent regional news media organization serving the Brittany region in France. The website provides comprehensive local news coverage, digital newspaper editions, and subscription services, targeting residents and readers interested in Brittany's current events. The business model relies on advertising and subscriptions, positioning it as a leading regional news provider with a strong brand presence and consistent content quality. Technically, the website employs modern web technologies including JavaScript, CSS, and privacy management SDKs, with a responsive design optimized for mobile devices. The security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and incident response policies could be improved. Overall, the site is professional, trustworthy, and compliant with GDPR, with no signs of blocking or malicious activity.

M

město Dobříš

mestodobris.cz

47

The website mestodobris.cz serves as the official online presence of the town of Dobříš, Czech Republic. It provides comprehensive information about the municipality, including local government activities, public services, events, and community resources. The site targets residents, visitors, and stakeholders interested in municipal affairs and local culture. The business model is that of a government entity providing public information and services digitally, with a well-established market position supported by a domain registered since 2003. Technically, the website employs a modern CMS platform (vismo), integrates Google Analytics and Google Tag Manager for analytics, and uses LimeTalk for live chat support. The site is mobile-optimized, accessible, and includes cookie consent mechanisms aligned with GDPR requirements. Hosting is provided by REG-ZONER, a reputable registrar and hosting provider. From a security perspective, the site enforces HTTPS and uses consent-based analytics tracking. However, explicit security headers are not clearly visible in the HTML source, and no published security policy or incident response contacts were found. No vulnerabilities or suspicious content were detected, and the WHOIS data confirms the domain's legitimacy and consistency with the municipal identity. Overall, the website demonstrates a solid digital presence with good privacy compliance and user engagement features. Strategic improvements could include publishing a formal security policy, enhancing security headers, and providing incident response contact information to strengthen trust and security posture further.

G

GoDaddy Operating Company, LLC

arawa.com

71

This website is a professional domain sales landing page operated by GoDaddy, offering the premium domain 'arawa.com' for purchase. It targets individuals and businesses interested in acquiring premium domain names, providing secure transactions, multiple payment options, and customer support. The site is well-branded and consistent with GoDaddy's domain aftermarket business model. Technically, the site uses modern web technologies including React and Next.js, hosted on GoDaddy infrastructure, and demonstrates good performance and mobile optimization. Security posture is strong with HTTPS, security headers, and reCAPTCHA integration, although explicit incident response and vulnerability disclosure information are not present. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting good privacy compliance. Overall, the site is trustworthy and professionally maintained, serving as a reliable platform for domain sales.

A

Adfinis

adfinis.com

63

Adfinis is a well-established open source IT solutions provider with over 25 years of experience, offering a broad range of services including cloud infrastructure, security, system automation, and digital sovereignty. The company operates globally with multiple locations and strong partnerships with industry leaders such as Red Hat, SUSE, GitLab, and HashiCorp. Their website reflects a mature digital presence with professional design, clear navigation, and comprehensive content focused on business transformation through open source technologies. Technically, the site is built on modern frameworks like Next.js and React, hosted on DigitalOcean, and optimized for performance and mobile devices. Security posture is strong with HTTPS, security headers, and secure forms, though some security policies and incident response information are not publicly disclosed. Privacy compliance is good with a detailed privacy policy, but lacks a cookie consent mechanism. The absence of WHOIS data for the domain is a notable concern, potentially indicating privacy protection or registration issues, which slightly impacts trustworthiness. Overall, the website and business present a credible and professional image with room for improvement in transparency and privacy controls.

U

Univention GmbH

univention.com

59

Univention GmbH is a German-based company specializing in open source Identity and Access Management (IAM) solutions primarily targeting the education sector and public administration. With over 20 years of experience and managing 35 million identities, Univention offers scalable, secure, and user-friendly IAM products such as Nubus, UCS@school, and UCS. Their business model focuses on providing software solutions, integration packages, and support services to organizations seeking digital sovereignty and efficient IT management. The company maintains a strong market position with a medium-sized footprint and a clear focus on open source transparency and reliability. Technically, the website is built on WordPress CMS with modern plugins like WPBakery Page Builder, Matomo Analytics for privacy-respecting tracking, and Borlabs Cookie for consent management. The site is well-optimized for performance, mobile responsiveness, and SEO, reflecting a mature digital infrastructure. Security best practices are observed with HTTPS enforcement, security headers, and no visible vulnerabilities. However, explicit security policies and incident response information are not publicly disclosed. The security posture is strong with good SSL configuration and privacy compliance, including GDPR-aligned privacy and cookie policies. Contact information is available via phone and contact forms, enhancing business credibility. The absence of WHOIS data for the domain reduces trust slightly but does not detract significantly from the overall legitimacy given the professional presentation and consistent branding. Overall, Univention GmbH presents a trustworthy and professional online presence with a focus on secure, open source IAM solutions for institutional clients. Strategic recommendations include publishing detailed security policies, incident response contacts, and vulnerability disclosure mechanisms to further enhance trust and compliance.

C

Centrum sociálních služeb Ostrava, o.p.s.

css-ostrava.cz

49

Centrum sociálních služeb Ostrava, o.p.s. is a well-established non-profit organization founded in 2006, providing a broad range of social services primarily in the Czech Republic. Their services focus on supporting families, children, and individuals in difficult social situations through shelters, crisis centers, family counseling, and social activation programs. The organization maintains a professional web presence with clear navigation and multiple physical locations integrated via Google Maps, enhancing accessibility for their target audience. The website encourages donations and donations with tax deduction benefits, indicating a transparent and community-focused business model. Technically, the website uses modern JavaScript libraries such as Swiper.js and Google Maps API, along with Google Tag Manager for analytics, reflecting a moderate level of digital maturity.

S

Svépomocná společnost Mlýnek, z. s.

klubmlynek.cz

53

Svépomocná společnost Mlýnek, z. s. is a small non-profit organization based in Ostrava, Czech Republic, dedicated to supporting individuals with mental illness. The organization focuses on enabling these individuals to lead meaningful and active lives within their natural environment through various supportive activities and services. The website reflects this mission with clear, relevant content and a consistent brand presence. Technically, the site is built on the Webnode CMS platform, hosted via AWS Cloudfront CDN, and uses Google Tag Manager for analytics. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security-wise, the website enforces HTTPS and uses Google Tag Manager but lacks important security headers and explicit privacy and terms of service documentation. The absence of WHOIS data for the domain raises concerns about transparency and legitimacy, although the website content and hosting appear legitimate. Overall, the site scores moderately on content quality, technical implementation, security posture, privacy compliance, and business credibility, with room for improvement in transparency and security best practices.

C

Centrum pro dítě s diabetem, z.s.

ditesdiabetem.cz

57

Centrum pro dítě s diabetem, z.s. is a Czech non-profit association established in 2004 to support children with type 1 diabetes and related autoimmune conditions. The organization provides educational services and collaborates with regional medical professionals to improve care and support for affected children and their families. The website reflects a small regional non-profit with a clear mission and target audience focused on healthcare education. Technically, the site is built on the Webnode CMS platform, hosted via AWS Cloudfront CDN, and uses modern web technologies with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced but lacks advanced security headers and privacy compliance mechanisms such as cookie consent and privacy policies. The absence of WHOIS data reduces domain trustworthiness, though the website content and business information appear legitimate. Overall, the site is safe, professional, and serves its niche audience effectively, but improvements in privacy compliance and security best practices are recommended.

R

Renarkon

renarkon.cz

47

Renarkon is a well-established Czech non-profit organization specializing in the prevention and treatment of addiction. Operating since 2003, it serves primarily the Moravian-Silesian region, offering a range of services including addiction treatment, accredited education for professionals, and participation in European projects. The organization maintains a transparent funding model with visible donation options and certifications, positioning itself as a trusted regional leader in healthcare services related to addiction. Technically, the website is built on WordPress with modern plugins such as Spectra Pro and Complianz GDPR for cookie management, ensuring compliance with European privacy laws. The site demonstrates good performance, mobile optimization, and basic accessibility features. Hosting appears to leverage Redis caching for enhanced speed. The technical infrastructure supports a professional online presence with clear navigation and relevant content. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms, reflecting a good security posture. However, it lacks explicit security policies, incident response contacts, and advanced security headers, which are recommended for further strengthening. No vulnerabilities or suspicious activities were detected in the content or scripts. Overall, Renarkon’s website reflects a credible, professional, and compliant organization with a strong focus on user privacy and content quality. Strategic improvements in security transparency and incident response readiness would enhance trust and resilience against emerging threats.

Salesiánské hnutí mládeže (SHM) is a Czech Christian non-profit organization dedicated to the education and upbringing of children and youth through various cultural, sports, and educational activities. The organization operates nationwide with over three thousand members across multiple clubs. The website serves as an information hub for events, news, and organizational details, targeting youth and their families. Technically, the site is built on the Vizus CMS platform, with a moderate performance profile and basic mobile optimization. Security measures include HTTPS and a comprehensive cookie consent mechanism, though security headers are not evident, suggesting room for improvement. The absence of WHOIS data reduces domain trust slightly, but the website content and structure indicate a legitimate and established organization. Overall, the site scores well in content quality, privacy compliance, and business credibility, making it a trustworthy resource for its audience.

U

Union des Associations L'Outil en Main

loutilenmain.fr

9

Union des Associations L'Outil en Main is a French non-profit organization dedicated to initiating young people to manual trades, craftsmanship, and heritage professions. Established in 1994, it operates a network of approximately 280 workshops across France, engaging volunteers and partnering with various governmental and private entities. The website reflects a well-structured educational mission with clear content targeting youth, volunteers, and partners interested in manual trades and artisan skills. Technically, the website employs modern web technologies including JavaScript, Ionic Framework, and Google Fonts, ensuring good mobile optimization and user experience. However, the absence of explicit privacy and cookie policies, as well as missing security headers, indicates areas for improvement in compliance and security posture. The site does not appear to use advertising or tracking technologies, suggesting a privacy-conscious approach. Security-wise, the site is accessible without WAF or blocking mechanisms, but lacks visible security headers and formal security policies. WHOIS data confirms the domain's legitimacy and long-standing presence consistent with the organization's history. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices. The overall risk is low given the non-profit educational nature and absence of suspicious indicators, but strategic improvements in privacy and security policies are recommended to strengthen compliance and user trust.

M

Mozilla

mozilla.com

72

Mozilla operates the Firefox web browser, a leading privacy-focused and open-source browser available across multiple platforms including Windows, Mac, Linux, Android, and iOS. The website serves as a central hub for downloading Firefox, learning about its features, and accessing support resources. Mozilla's non-profit status and commitment to internet health and privacy position Firefox as a trusted alternative to mainstream browsers. The site demonstrates a mature digital presence with excellent content quality, mobile optimization, and user experience. Technically, the site uses modern JavaScript frameworks, Sentry for error monitoring, and Google Tag Manager for analytics, reflecting a robust and well-maintained infrastructure. Security posture is strong with HTTPS enforced and privacy mechanisms like cookie consent banners implemented, though explicit security policies and incident response contacts are not published on the site. WHOIS data for the domain is unavailable, which is unusual but does not detract significantly from the site's legitimacy given Mozilla's global reputation and consistent branding. Overall, the site is professional, secure, and privacy-conscious, serving a broad audience effectively.

C

CV-Library LTD

cv-library.co.uk

64

CV-Library LTD operates one of the UK's largest independent job boards, offering a comprehensive platform for job seekers and recruiters. Founded in 2000, it provides services including job search, CV registration, job alerts, career advice, and a company directory. The website targets UK job seekers and recruitment professionals, maintaining a strong market position with over 123,000 live vacancies and more than 10,000 companies registered. Technically, the website employs modern JavaScript frameworks, Google Tag Manager, Amplitude analytics, and OneTrust for cookie consent management. It is well-optimized for mobile devices and accessibility, with structured data enhancing SEO. The site uses HTTPS with good SSL configuration, though some security headers could be improved. From a security perspective, the site follows best practices such as HTTPS enforcement and secure form handling. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. However, WHOIS data is unavailable due to domain naming rules errors, which slightly impacts trust but does not detract from the site's professionalism. Overall, CV-Library presents a secure, professional, and user-friendly platform with a solid business model and market presence. Strategic improvements in security headers and WHOIS transparency could further enhance trust and compliance.

L

L’Heureux Cyclage

heureux-cyclage.org

52

L’Heureux Cyclage is a French non-profit network dedicated to promoting participatory and solidarity-based bicycle workshops. The organization focuses on encouraging cycling through the reuse of unused bicycles and mechanical education. Their website serves as a hub for news, events, training, and resources aimed at cycling enthusiasts, community members, and educators. The network holds a reputable position within the sustainable transportation sector in France, offering certifications, advocacy, and cooperative events to support its mission. Technically, the website is built on the SPIP CMS platform and utilizes modern JavaScript libraries such as Leaflet for interactive GIS mapping and Matomo for privacy-conscious analytics. The site is well-structured, mobile-optimized, and provides a good user experience with clear navigation and relevant content. However, some improvements could be made in accessibility and performance optimization. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. It uses deferred and asynchronous loading for scripts, which is good practice. However, it lacks important security headers and does not provide a dedicated security policy or incident response contact information. Privacy compliance is partially addressed with a privacy policy page, but no cookie consent mechanism is present. Overall, the website is trustworthy and professional, with a strong business credibility score. The main risks relate to missing security headers and incomplete privacy compliance mechanisms. Strategic improvements in these areas would enhance the site's security posture and regulatory adherence.

F

Festival Emmaüs Solidarité

festivalemmaussolidarite.fr

50

Festival Emmaüs Solidarité is a cultural and solidarity-focused event scheduled for June 28, 2025, in Aubervilliers, France. The website provides detailed information about concerts, DJ sets, stand-up shows, workshops, and other activities, targeting a general audience interested in cultural events and social engagement. The business model centers on event organization and ticket sales, with tickets sold through an external platform. Technically, the website uses modern web technologies including React and Ionic Framework, with good mobile optimization and SEO practices. Security posture is strong with HTTPS enforced and no trackers requiring consent, though the absence of security headers and privacy policy pages are noted gaps. Overall, the site is professional and trustworthy but could improve privacy compliance and security best practices.

L

La Venelle

lavenelle-montreuil.org

56

La Venelle is a non-profit community organization based in Montreuil, France, focused on promoting solidarity-based reuse and circular economy practices. It hosts nine associations that operate reuse shops, repair workshops, and social insertion employment programs. The organization also offers a café-cantine and hosts cultural events, positioning itself as a local hub for ecological and social initiatives. The website reflects this mission with clear content, community-oriented messaging, and accessible navigation. Technically, the site uses modern web technologies such as Ionic and React, with a moderate performance profile and good mobile optimization. However, it lacks explicit privacy and security policies, and no security headers or vulnerability disclosures are present. The site does not use tracking or analytics scripts, aligning with its privacy-conscious stance. Overall, the website is professional and trustworthy but could improve in privacy compliance and security posture.

E

Emmaüs Epargne Solidaire

emmaus-epargne-solidaire.org

56

Emmaüs Epargne Solidaire is a French social finance organization focused on providing solidarity savings products to fund acquisition, renovation, and construction of facilities for Emmaüs groups. These facilities support social activities such as second-hand sales and repair workshops. The website positions itself as a niche player in the social finance sector with a clear social mission and the Finansol certification as a trust indicator. Technically, the website uses modern JavaScript frameworks including React and Ionic, with good mobile optimization and SEO practices. However, some standard compliance elements such as privacy policy and terms of service pages are missing. Security posture is moderate with cookie consent implemented but lacking advanced security headers and explicit incident response policies. Overall, the website is professional and trustworthy but could improve in privacy and security transparency.

B

Broadcast Jobs

broadcastjobs.com

57

Broadcast Jobs is a UK-focused online platform providing guidance and resources for job seekers in the TV, film, and media industries. It aggregates and directs users to job listings, professional recruiters, freelancing opportunities, and diversity initiatives. The site is positioned as a niche resource within the UK media job market, targeting professionals and freelancers seeking employment opportunities. Technically, the website is built on the Squarespace platform, leveraging its CMS and hosting infrastructure, with a moderate performance profile and good mobile optimization. Security-wise, the site enforces HTTPS with HSTS, indicating a strong SSL configuration, but lacks publicly available privacy, cookie, and security policies, which are areas for improvement. Overall, the website presents a professional and trustworthy front but would benefit from enhanced privacy compliance and explicit security disclosures.

N

Personlige Navneskilt, Høydemålere & Strikketilbehør i Tre – Håndlaget i Norge

nostenett.no

61

Nøstenett.no is a Norwegian e-commerce website specializing in handcrafted wooden products such as personalized nameplates, height charts, and knitting accessories. The business targets a general audience interested in personalized gifts and craft supplies, positioning itself as a niche artisan retailer within Norway. The website demonstrates a moderate level of digital maturity, utilizing modern tracking and marketing technologies including Google Tag Manager, Facebook Pixel, and customer chat integration. Security measures include CSRF token implementation in forms, but lack explicit security headers and privacy policies, indicating room for improvement in compliance and security posture. Overall, the site appears legitimate and functional with a good user experience and mobile optimization, but would benefit from enhanced transparency and security practices.

D

Dagen

dagen.no

66

Dagen.no is a Norwegian Christian and politically independent daily newspaper offering news, reportages, opinion pieces, podcasts, and digital e-paper services. The website targets Norwegian-speaking audiences interested in religious and general news content. It operates on a subscription and advertising business model, with a paywall and user authentication mechanisms in place. The site is professionally designed with consistent branding and good content quality, positioning it as a reputable media outlet in Norway. Technically, the site uses modern web technologies including Google Fonts, Google Publisher Tags for advertising, and custom paywall and authentication scripts. It integrates multiple advertising networks and tracking services, maintaining good performance and mobile optimization. Security-wise, the site enforces HTTPS, uses paywall authentication, and avoids exposing sensitive data, but lacks some advanced security headers and explicit security policies. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. WHOIS data is unavailable due to Norid's privacy policy, but the domain appears legitimate and consistent with the business. Overall, the site demonstrates a mature digital presence with moderate to high security and privacy posture, suitable for its media business model.

ParisHotelsfr.com operates as an online hospitality platform focusing on hotel listings and tourism information primarily for Paris and the Bourgogne region, including the Communauté d’agglomération de l’Auxerrois. The website provides rich cultural and economic insights about the Auxerrois area alongside extensive hotel listings with direct links, targeting tourists and business travelers. Technically, the site uses modern web technologies such as Leaflet.js for mapping and is served over HTTPS, ensuring secure connections. However, the absence of WHOIS data and security headers indicates areas for improvement in transparency and security hardening. Privacy compliance is partial, with a privacy policy present but lacking cookie consent mechanisms. Overall, the site is functional and professional but would benefit from enhanced security and compliance features.

D

Defi Mode

defimode.org

60

Defi Mode is an organization dedicated to supporting and accelerating the development and transformation of actors in the French fashion and apparel industry. The website presents a professional and consistent brand image, targeting industry stakeholders and professionals in France. The business model appears to be that of a non-profit or industry support entity, with a medium-sized presence established since at least 2016. Technically, the site is built on WordPress using modern plugins such as Yoast SEO, Divi Builder, and Cookie Law Info, indicating a mature digital infrastructure with good SEO and mobile optimization. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and explicit privacy policies are lacking. Overall, the site is trustworthy and safe, with no adult or questionable content detected.

E

Eiffage Infra-Bau SE

eiffage-infra.de

47

Eiffage Infra-Bau SE is a large, well-established infrastructure construction company with over 150 years of experience, operating primarily in Germany and Europe. The company offers a broad range of construction and engineering services including infrastructure, rail, noise protection, and specialized construction sectors. Their website is professionally designed using TYPO3 CMS, featuring multilingual support and comprehensive organizational information. The technical infrastructure is modern and includes GDPR-compliant cookie consent and analytics via Google Tag Manager. Security posture is good with HTTPS enforced and basic security best practices observed, though some HTTP security headers could be improved. Contact information and multiple company locations are clearly provided, enhancing business credibility. No adult or questionable content is present, making the site safe for general audiences.

E

Eiffage Sénégal

eiffage.sn

54

Eiffage Sénégal is a subsidiary of the multinational Eiffage Group, operating primarily in the construction, civil engineering, and energy sectors within Senegal. The company positions itself as a key player in infrastructure development, offering services such as road construction, building, and energy systems. The website reflects a professional corporate presence with clear branding and comprehensive information about its business activities and social commitments. Technically, the site is built on the Jahia CMS platform, uses modern web technologies including Typekit fonts and Google Analytics, and implements GDPR-compliant cookie consent mechanisms. Security posture is solid with HTTPS enforced and no visible vulnerabilities, although some security headers could be improved. The absence of explicit contact details and security policies on the homepage suggests areas for enhancement in transparency and user engagement. Overall, the website demonstrates a mature digital presence aligned with the company's market position in Senegal.

I

IONOS SARL

1and1.fr

65

IONOS SARL is a prominent web hosting and cloud services provider targeting both individual and professional customers primarily in France and Europe. The company offers a comprehensive portfolio including domain registration, web hosting, email solutions, cloud services, website building tools, and e-commerce hosting. Their market position is that of a large enterprise with a strong brand presence and consistent digital footprint across multiple country-specific domains. The website is professionally designed with excellent content quality, clear navigation, and mobile optimization, reflecting a mature digital infrastructure. Technically, the site leverages modern web technologies such as Next.js and React, ensuring a responsive and performant user experience. The presence of structured data and comprehensive meta tags supports good SEO practices. Security-wise, the website enforces HTTPS, implements key security headers, and uses secure forms, indicating a solid security posture. However, the absence of explicit security policies, incident response information, and vulnerability disclosure mechanisms suggests areas for improvement in transparency and security governance. The WHOIS data for the domain is notably missing or unavailable, which is unusual for a major enterprise and could be due to registry policies or privacy protection. While this does not directly indicate malicious intent, it reduces the transparency of domain ownership and registration details, slightly impacting trustworthiness. Overall, the website is safe, professional, and trustworthy, with no signs of adult or questionable content. Strategically, IONOS should enhance its security transparency by publishing detailed security policies and incident response contacts, and consider providing vulnerability disclosure channels. These steps will strengthen customer trust and compliance posture. Continued investment in technical modernization and privacy compliance will support sustained market leadership.

The website goldmangraff.si is currently inaccessible beyond a robot challenge screen designed to verify visitors are not automated bots. This challenge page uses JavaScript-based proof-of-work computations to mitigate automated access, indicating the presence of a Web Application Firewall or similar security mechanism. Due to this blocking, no substantive business content, contact information, or policies are available for analysis. The domain is newly registered in August 2023 and hosted by Plus Hosting Grupa d.o.o., a legitimate hosting provider in Slovenia. The technical infrastructure includes modern JavaScript cryptographic functions and Web Workers for client-side challenge processing, but lacks visible security headers or HTTPS enforcement details in the provided data. Overall, the site’s security posture shows basic bot mitigation but lacks transparency in privacy, cookie, and contact policies, limiting trust and compliance evaluation.

Crowe LLP is a large, established public accounting and consulting firm specializing in audit, tax, and consulting services for public and private entities. The website reflects a mature digital presence with comprehensive service descriptions, industry insights, and a strong emphasis on client engagement. The technical infrastructure leverages modern web technologies, including JavaScript frameworks, Google Tag Manager, and TrustArc for privacy compliance, hosted likely behind Cloudflare for performance and security. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers could be improved. The absence of WHOIS data is notable but does not detract from the professional presentation and trustworthiness of the site. Overall, Crowe LLP demonstrates a high level of digital maturity and compliance with privacy regulations.

C

Coface

coface.si

62

Coface Slovenia is a leading credit insurance and risk management company supporting business growth by offering credit insurance, debt collection, and business information services. Established in 1946 and part of the global Coface Group, it serves a broad B2B audience across Slovenia and internationally. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive business information. Technically, the site uses modern frameworks such as Symfony and is hosted on AWS infrastructure, with integrations for consent management and analytics. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the site is trustworthy, GDPR compliant, and well-optimized for SEO and accessibility.

K

Kulturzentrum Merlin

merlinstuttgart.de

63

Kulturzentrum Merlin is a non-profit socio-cultural center located in Stuttgart, Germany, focusing on providing a platform for concerts, literature, children's activities, films, and festivals. The website positions itself as a local cultural hub serving a general audience with family-friendly content. Technically, the site is built on WordPress using the Divi theme and several plugins including Yoast SEO and Contact Form 7, indicating a moderate level of digital maturity. The site is mobile optimized and uses HTTPS, but lacks some advanced security headers and explicit privacy and terms of service pages. Security posture is adequate but could be improved with better header implementation and explicit security policies. Overall, the website is trustworthy and professional, though it would benefit from enhanced privacy compliance and clearer contact information.

G

Give For Your Bones

giveforyourbones.org

7

Give For Your Bones appears to be a small non-profit or charitable organization focused on bone health or related causes. The website is built on the Wix platform, using standard Wix scripts and technologies, indicating a moderate level of technical infrastructure suitable for small organizations. The site content is minimal and primarily informational, with no detected forms, contact information, or advanced business features. Security posture is basic, with HTTPS implied but no advanced security headers or policies detected. Privacy compliance is lacking, with no privacy or cookie policies found, and the site is set to noindex, limiting search engine visibility. WHOIS data is unavailable due to a malformed request or privacy protection, which reduces trustworthiness from a domain registration perspective. Overall, the site is functional but lacks many professional and security best practices expected for organizations handling user data or donations.

R

Robert Bosch Stiftung

bosch-stiftung.de

53

The Robert Bosch Stiftung website represents a large, well-established non-profit foundation linked to the Bosch corporate group. The foundation focuses on funding and supporting projects in health, education, and global issues to promote a just and sustainable future. The website is professionally designed with excellent content quality, clear navigation, and consistent branding. It targets NGOs, educational institutions, policymakers, and the general public interested in social and global topics. Technically, the site uses Drupal 11 CMS with modern web technologies and moderate performance. Privacy compliance is strong, with clear cookie consent mechanisms and a comprehensive privacy policy. Security posture is good with HTTPS enforced and no visible vulnerabilities, though explicit security policies and incident response contacts are not publicly provided. Overall, the site is trustworthy, safe, and professionally maintained.

R

RAA Berlin

raa-berlin.de

41

RAA Berlin is a medium-sized non-profit organization based in Germany focused on diversity, inclusion, and community engagement. Their website highlights projects, publications, and educational offerings aimed at promoting social inclusion and addressing marginalization. The organization maintains a consistent brand presence and targets a general audience interested in social issues. Technically, the website is built on TYPO3 CMS, hosted by netcup, and integrates accessibility tools to enhance user experience. The site is well-structured, mobile-optimized, and provides multilingual options. Security posture is moderate with HTTPS assumed but lacking explicit security headers and incident response contacts. Privacy compliance is good with a comprehensive privacy policy but no visible cookie consent mechanism. Overall, the website is professional, trustworthy, and safe for general audiences.

E

Each One Teach One (EOTO) e.V.

eoto-archiv.de

44

Each One Teach One (EOTO) e.V. is a small non-profit community organization based in Berlin focused on education, empowerment, and cultural preservation for Black, African, and Afro-diasporic communities. Founded in 2012, it operates a neighborhood library and organizes events, workshops, and advocacy initiatives. The website reflects a well-structured and content-rich platform targeting its community with multilingual support and clear navigation. Technically, the site uses modern web technologies including HTTPS and JavaScript libraries like Swiper.js for interactive content. Security posture is good with HTTPS enabled and no exposed sensitive data, though it lacks some security headers and formal security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy, professional, and safe for general audiences.

T

Toimintakykyinen Suomi

toimintakykyinensuomi.fi

67

Toimintakykyinen Suomi is a Finnish non-profit initiative focused on promoting physical activity and improving functional capacity among the Finnish population. The website serves as a platform for campaigns, partner engagement, and public awareness, coordinated by the Finnish Olympic Committee (Suomen olympiakomitea). It targets a broad audience including individuals, workplaces, educational institutions, and organizations to foster healthier lifestyles and societal resilience. The initiative leverages partnerships with national organizations and integrates social media to amplify its message. Technically, the website is built on WordPress with modern JavaScript libraries and integrates third-party services such as Google Tag Manager, CookieHub for cookie consent, and Juicer for social media feeds. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital presence. Performance is moderate with room for optimization. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, but lacks explicit advanced security headers. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with a comprehensive privacy policy linked from the parent organization’s domain. Contact information is limited to email addresses and partner site links, with no direct phone numbers found. Overall, the website presents a trustworthy and professional front for a national health campaign. It demonstrates good digital maturity and compliance with privacy regulations, though it could improve security header implementation and provide clearer direct contact options.

The website www.otustanausta.com is a Bulgarian language forum platform focused on user-generated recommendations for various services, specialists, and businesses across different regions in Bulgaria. It serves as a community-driven resource for sharing trusted local information, with monetization primarily through Google Adsense advertising. The site uses the phpBB forum software and integrates common web technologies such as Google Fonts and Font Awesome. While the site is accessible over HTTPS and includes basic security headers, it lacks advanced security measures such as Content Security Policy and X-Frame-Options headers. The presence of session IDs in URLs poses a potential security risk. No privacy, cookie, or terms of service policies are explicitly found, indicating limited privacy compliance. The WHOIS data for the domain is missing or unavailable, which raises concerns about domain legitimacy and trustworthiness. Overall, the site provides useful community content but requires improvements in security and compliance to enhance trust and protect users.

П

ПАШОВИ КАРС ООД

pashovcars.com

57

Pashov Cars is a Bulgarian company specializing in the sale of high-quality used cars sourced from Europe, the USA, and Canada. The company offers a comprehensive range of services including free consultations, preferential leasing and credit terms, vehicle registration assistance, insurance services, and professional car servicing. Positioned as a trusted partner in the Bulgarian used car market, Pashov Cars targets individual and business customers seeking reliable automotive solutions. The website is professionally designed, mobile-optimized, and provides clear navigation and contact information, enhancing user experience and trust. Technically, the website employs modern web technologies including JavaScript, CSS, and HTML5, with integration of Google Tag Manager and Facebook Pixel for analytics and marketing. The platform is built on a custom e-commerce solution by Valival Commerce, with moderate performance and good SEO practices. Security posture is solid with HTTPS enabled and domain transfer protections, though some security headers could be improved. Privacy compliance is addressed with visible privacy and cookie policies and a consent mechanism. Overall, the security posture is adequate for the business size, with no critical vulnerabilities detected. The domain registration data aligns well with the business claims, indicating legitimacy and transparency. Strategic recommendations include enhancing security headers, publishing a formal security policy, and continuous monitoring of third-party scripts to maintain security and compliance standards.

S

SofDestroy.com

sofdestroy.com

59

SofDestroy.com is a small Bulgarian company specializing in demolition, cleaning, and construction waste removal services primarily in Sofia. The website presents a professional image with detailed service descriptions, pricing, and customer testimonials, positioning the company as a reliable local service provider. Technically, the site is built on WordPress using the Astra theme and Rank Math SEO plugin, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks advanced security headers and privacy compliance policies. The domain registration data is consistent and transparent, supporting the legitimacy of the business. Overall, the site is trustworthy and well-structured but would benefit from enhanced privacy and security measures.

А

Акаунт Консулт КО

acc-consultco.com

55

Акаунт Консулт КО is a professional accounting firm based in Sofia, Bulgaria, offering comprehensive accounting, tax, and payroll services tailored to various business sectors including transport, retail, healthcare, hospitality, and non-profit organizations. The company emphasizes personalized service, over 20 years of experience, and flexible solutions including remote service options. Their market position is strong within the Bulgarian accounting services sector, targeting small to medium-sized enterprises. Technically, the website is built on WordPress with standard plugins and demonstrates good SEO and mobile optimization, though some improvements in security headers and privacy compliance are recommended. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks explicit security policies and headers. Overall, the website is professional, trustworthy, and content-rich, though it lacks formal privacy and cookie policies which impacts compliance scoring.

S

Stämpfli Kommunikation

staempfli.ch

57

Stämpfli Kommunikation is a well-established Swiss communication agency and printing service provider founded in 1997. The company offers a range of services including web presence development, branding, editorial systems, and printing solutions, targeting businesses and organizations in Switzerland. The website is professionally designed, powered by TYPO3 CMS, and optimized for mobile devices, reflecting a moderate level of digital maturity. However, the absence of explicit privacy and cookie policies, as well as security headers, indicates areas for improvement in compliance and security posture. The domain registration data aligns well with the company's history, supporting its legitimacy. Overall, the website presents a professional business image but would benefit from enhanced privacy and security measures to strengthen trust and compliance.

D

Classic Lineage 2 Drop & Spoil Database

dropspoil.com

52

Dropspoil.com is a specialized online database dedicated to providing comprehensive drop and spoil information for the classic Lineage 2 MMORPG, covering chronicles from C1 to High Five. It serves a niche audience of classic server players and nostalgic gamers seeking detailed and accurate game data. The website operates primarily as an informational resource supported by advertising revenue, with no direct commercial transactions evident. Technically, the site employs standard web technologies including HTML, CSS, JavaScript, Google Fonts, Google Adsense, and Google Analytics. It features a cookie consent mechanism compliant with GDPR, ensuring user privacy preferences are respected. However, the absence of WHOIS registration data for the domain (likely a subdomain) and lack of security headers indicate areas for improvement in security posture. Overall, the site provides good content quality and user experience but could enhance trust and security by adding explicit contact details, security policies, and technical safeguards.

P

PMfun.com

pmfun.com

52

PMfun.com is a niche gaming resource website dedicated to providing comprehensive tools and databases for Lineage 2 players, including drop and spoil calculators, NPC drop rates, farming strategies, and quest walkthroughs. The site targets the Lineage 2 gaming community and offers a variety of content to enhance gameplay experience. Technically, the site uses standard web technologies with Google Fonts, Google Analytics, and Google Adsense for monetization and tracking. Privacy compliance is addressed with a cookie consent mechanism and GDPR-aligned policies. Security posture is moderate with HTTPS likely enabled but lacking explicit security headers and incident response information. The absence of WHOIS registration data raises concerns about domain legitimacy, although the active and content-rich website suggests operational stability. Overall, the site is functional and serves its audience well but would benefit from improved transparency and security practices.

M

Maze Creative

mazecreative.co.uk

61

Maze Creative is a small, remote creative agency specializing in branding and digital product design, operating studios in London and Valencia. The company offers a comprehensive range of services including creative direction, brand identity, UI/UX design, and no-code development. Their market position is that of a specialized boutique agency focused on long-term client relationships and delivering high-quality creative solutions. Technically, the website is built on modern web technologies including Webflow CMS, uses Google Analytics for visitor insights, and implements Google reCAPTCHA for bot protection. The site is well-optimized for mobile devices and provides a professional user experience with clear navigation and rich content. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers and policies are not publicly documented. The absence of WHOIS data for the exact domain queried introduces some uncertainty regarding domain registration legitimacy, but the website content and client testimonials strongly indicate a legitimate business. Privacy compliance is partial, with cookie consent present but no explicit privacy or terms of service pages found. Overall, the website is professional and trustworthy with room for improvement in transparency and security documentation.

С

Страна

stranabg.com

42

StranaBG is a Bulgarian-based multilingual news and press release digest platform established in 2007. It provides content primarily in Bulgarian, Russian, English, Hungarian, Romanian, Slovak, and Turkish, targeting regional audiences interested in news and PR content. The business operates as a small media entity focusing on content publishing and distribution without evident e-commerce or transactional services. Technically, the website runs on Joomla CMS and integrates common analytics tools such as Google Analytics and Statcounter. The site is moderately optimized for performance and mobile use but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but missing critical security headers and DNSSEC. No privacy or cookie policies are published, and no contact information is provided, which impacts trust and compliance. The domain registration is consistent with the business age and shows no suspicious patterns, indicating legitimacy.

B

BGtop.net

bgtop.net

45

BGtop.net operates as a Bulgarian web directory and ranking platform, providing a catalog of Bulgarian websites ranked by user votes. Established in 2002, it holds a strong market position as a popular resource for Bulgarian internet users seeking categorized website listings. The platform offers services such as site addition, editing, and statistical insights, targeting website owners and general users interested in Bulgarian web content. Technically, the site uses standard web technologies including HTML, CSS, JavaScript, Google Adsense for monetization, and Google Analytics for traffic analysis. Hosting appears to be managed via sureserver.com nameservers with domain registration through eNom, LLC. The website demonstrates basic mobile optimization and accessibility with moderate performance and good SEO practices. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers, and does not publish explicit security or incident response policies. Privacy and cookie policies are present with consent mechanisms, indicating basic GDPR compliance. Overall, the site is safe for general audiences with no adult content detected. The domain age and registration details support the legitimacy and stability of the service.

G

Greener Screen

greenerscreen.com

52

Greener Screen appears to be a small business website hosted on the Wix platform. The site content is minimal and lacks detailed business descriptions, contact information, and security or privacy policies. The domain WHOIS data is unavailable, which raises concerns about the legitimacy and registration status of the domain. Technically, the site uses standard Wix scripts and polyfills, indicating a basic but functional technical infrastructure. Security posture is weak due to the absence of security headers and policies. Overall, the site presents a low trust profile and requires significant improvements in transparency, security, and compliance to enhance credibility and user trust.

R

Rich Text Editor

richtexteditor.com

56

RichTextEditor.com is a mature software company specializing in a full-featured Javascript WYSIWYG HTML editor with over 21 years of development history. The company targets web developers and businesses seeking rich text editing solutions, offering multiple related products including Blazor and .NET editors. The website presents a professional image with clear navigation, product demos, and notable client logos, positioning itself as a trusted player in the technology sector. Technically, the site uses modern web technologies including Bootstrap, ASP.NET Web Forms, and Cloudflare DNS, delivering a moderately fast and mobile-optimized experience. Security posture is adequate with HTTPS and domain protections but lacks advanced security headers and incident response disclosures. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and business credible but could improve security and privacy transparency.

S

S-Markt & Mehrwert GmbH & Co. KG

s-reisewelt.de

68

S-Reisewelt is a German travel portal operated by S-Markt & Mehrwert GmbH & Co. KG, affiliated with the Sparkasse banking group. The website offers a wide range of travel services including package holidays, cruises, hotels, flights, car rentals, and travel insurance. It targets German-speaking travelers seeking quality and affordable travel options with a focus on customer service and personalized recommendations. The platform integrates multiple partners such as Booking.com, GetYourGuide, and PAYBACK to enhance user experience and loyalty benefits. Technically, the website is built using modern web technologies like React and Apollo GraphQL, hosted likely on T-Systems infrastructure, and optimized for mobile devices with good SEO practices. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, although no dedicated security policy or incident response contacts are published. Privacy and cookie policies are comprehensive and GDPR compliant. Overall, the site is professional, trustworthy, and well-positioned in the German travel market.

V

VGN Medien Holding GmbH

vgn.at

72

VGN Medien Holding GmbH is Austria's leading magazine publisher, established in 1992 with a strong portfolio of print and digital media brands. The company targets the Austrian population with content spanning politics, society, lifestyle, business, and entertainment. Their business model integrates traditional publishing with digital innovation and content marketing services, positioning them as a market leader in the Austrian media sector. Technically, the website employs modern web technologies including Google Tag Manager, Google Analytics, and OneTrust for cookie consent, ensuring a compliant and user-friendly experience. The site is mobile-optimized and SEO-conscious, reflecting a mature digital infrastructure. Security-wise, the website enforces HTTPS and uses cookie consent mechanisms, but lacks explicit security policy pages and incident response contacts, which are recommended for enhanced transparency and readiness. Overall, the website is professional, trustworthy, and compliant with GDPR, with no detected critical vulnerabilities or suspicious content.

R

Reformierte Kirche Kanton Luzern

reflu.ch

62

The website www.reflu.ch serves as the official online presence of the Reformed Church of the Canton of Luzern, Switzerland. It provides information about church services, pastoral care, community events, and regional church congregations. The site targets local German-speaking community members seeking spiritual support and church-related activities. The business model is non-profit and government-affiliated, focusing on community and religious services. The website is well-branded and consistent with the church's identity, featuring event calendars and news updates that demonstrate active engagement with its audience. Technically, the site employs modern web technologies including HTML5, CSS3, JavaScript, and integrates tracking pixels from TikTok, Facebook, and Google Tag Manager. The site is mobile-optimized and offers a good user experience with clear navigation and relevant content. However, it lacks explicit privacy and cookie policies, which is a notable compliance gap. Security posture is generally good with HTTPS enforced, but the absence of security headers and explicit incident response contacts reduces the overall security maturity. From a security and compliance perspective, the site does not present critical vulnerabilities or exposed sensitive data. The WHOIS data aligns well with the website's claims, showing consistent registrant information appropriate for a regional church organization. No WAF or blocking mechanisms were detected, allowing full content access. The site does not contain any adult or NSFW content, making it safe for general audiences. Overall, the website is credible and professionally maintained but would benefit from enhanced privacy compliance measures and improved security headers. Adding clear contact information for security incidents and a vulnerability disclosure policy would further strengthen trust and compliance.

F

Freaking Dad

freaking-dad.de

56

Freaking Dad is a German-language podcast platform focused on fatherhood, parenting, and family life, targeting parents with a special emphasis on fathers. The website hosts podcast episodes, blog content, and engages audiences via multiple social media channels. The business operates as a small media entity with a niche market position, leveraging LetsCast.fm for podcast hosting and distribution. The content is professionally presented with consistent branding and good quality, appealing to a general audience interested in parenting and related lifestyle topics. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and the Podlove Web Player for podcast playback. It uses Turbolinks for navigation and Tailwind CSS for styling. Hosting is via LetsCast.fm and domain DNS is managed through rzone.de. The site is mobile-optimized with good SEO practices but lacks some accessibility features. Performance is moderate with no major technical issues detected. From a security perspective, the site uses HTTPS and includes CSRF tokens in forms, indicating basic security hygiene. However, no explicit security headers were detected, and there is no published security policy or incident response information. Privacy compliance is partial, with a privacy policy linked to the podcast host but no cookie consent mechanism on the main site. Contact information is available via email and a contact form with anti-spam measures. Overall, the website is safe, professional, and trustworthy for its intended audience. It does not contain adult or explicit content. Recommendations include enhancing security headers, implementing cookie consent, and publishing security and incident response policies to improve compliance and trust.