Security Directory

Sonoma State University is a public higher education institution located in Northern California, part of the California State University system. The website provides comprehensive information about academic programs, campus life, admissions, and events, targeting prospective and current students, faculty, staff, and alumni. The university positions itself as a community-focused institution with strong graduation rates and student success. Technically, the website is built on Drupal 10, leveraging modern JavaScript libraries and analytics tools such as Google Tag Manager, Facebook Pixel, and TikTok Analytics. The site is mobile-optimized, accessible, and professionally designed, offering a positive user experience. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved and a vulnerability disclosure policy is absent. Privacy compliance is moderate with a comprehensive privacy policy but lacking a visible cookie consent mechanism. Overall, the site is trustworthy and professional, with minor areas for improvement in privacy and security transparency.

P

Paragon Global Brands

communisis.com

62

Paragon Global Brands is a prominent global outsourced services provider specializing in retail execution solutions that help brands succeed at critical consumer touchpoints. The company operates worldwide with expert teams that create integrated multi-agency ecosystems supported by data platforms to streamline retail processes, reduce costs, and improve brand compliance. Their offerings include strategy, design, procurement, fulfillment, and AI-driven insights, positioning them as a leader in retail services. The website reflects a mature digital presence built on Drupal 10, incorporating modern technologies such as Cookiebot for consent management and Cloudflare Insights for analytics. The site is well-optimized for mobile and accessibility, with professional design and clear navigation. Security posture is strong with HTTPS and consent mechanisms, though explicit security headers and incident response information are absent. WHOIS data is privacy protected, typical for corporate domains, and does not raise immediate concerns. Overall, the website and business demonstrate high professionalism and trustworthiness, with room for improvement in transparency and security policy disclosures.

GovInfo is the official public access portal operated by the U.S. Government Publishing Office, providing free and authoritative access to government publications from all three branches of the federal government. The website serves a broad audience including the general public, researchers, and government officials, positioning itself as a trusted source for official government documents. The business model is a government service focused on transparency and public dissemination of information. Technically, the site is built on Drupal 10 CMS with Bootstrap 5 for responsive design, leveraging modern web technologies such as jQuery and FontAwesome. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. The infrastructure appears stable and professionally maintained, consistent with a large government enterprise. From a security perspective, the site uses HTTPS and shows no signs of exposed sensitive data or vulnerable libraries. However, the absence of visible security headers and lack of published privacy, cookie, or incident response policies indicate areas for improvement. The WHOIS data is unavailable, likely due to government privacy policies, but the .gov domain and official branding strongly support legitimacy. Overall, GovInfo presents a secure, professional, and trustworthy government information portal with excellent content quality and user experience. Strategic enhancements in privacy compliance documentation, security header implementation, and incident response transparency would further strengthen its security posture and user trust.

D

Duel-Press s.r.o.

vasarnap.com

47

Vasarnap.com is the online presence of Vasárnap, a Hungarian language family magazine published by Duel-Press s.r.o., based in Slovakia. The website offers a variety of family-oriented content including news, lifestyle articles, multimedia, and advertising services. It targets Hungarian-speaking families and general audiences interested in family magazine content. The business is well-established with a domain age dating back to 2003, indicating a mature market presence. Technically, the site is built on Drupal 10, uses Cloudflare DNS, and integrates reputable analytics and advertising platforms such as Gemius, Google Tag Manager, and AdsInteractive. The site is mobile optimized, accessible, and SEO friendly, providing a good user experience. Security posture is solid with HTTPS enforced and clientTransferProhibited domain status, though DNSSEC is not enabled and some security headers could be improved. Privacy compliance is strong with a comprehensive GDPR policy and cookie consent mechanism. No critical vulnerabilities or blocking mechanisms were detected, and the domain registration is consistent and trustworthy. Overall, Vasarnap.com presents a professional, secure, and compliant media website with a clear business focus and good technical implementation.

H

HEKS - Hilfswerk der Evangelisch-reformierten Kirche Schweiz

heks.ch

64

HEKS is a well-established Swiss non-profit organization affiliated with the Evangelical Reformed Church of Switzerland. It focuses on humanitarian aid, development projects, and social integration, with key thematic areas including climate justice, land and food rights, migration, and inclusion. The organization targets a broad audience including donors, partners, and beneficiaries, operating both nationally and internationally. The website reflects a mature digital presence with multilingual support and clear calls to action for donations and engagement. Technically, the website is built on Drupal 10 with Commerce 2, integrating modern analytics and marketing tools such as Google Tag Manager, Facebook Pixel, and Crazy Egg. The site is mobile-optimized, accessible, and SEO-friendly, demonstrating good digital maturity. Security measures include HTTPS enforcement and standard security headers, though there is room for improvement in publishing explicit security policies and incident response information. The security posture is solid with no detected vulnerabilities or exposed sensitive data. Privacy compliance is strong, with a comprehensive privacy and cookie policy and consent mechanisms in place. Business credibility is high, supported by transparent contact information, certifications like ZEWO, and trust signals such as a whistleblowing platform and ACT Alliance membership. Overall, HEKS presents a trustworthy, professional, and secure online presence suitable for its non-profit mission. Strategic recommendations include enhancing security transparency and incident response readiness to further strengthen stakeholder confidence.

UW Medicine is a leading healthcare system based in Washington state, encompassing a nationally ranked medical center, extensive patient care services, medical research, and education programs. The website reflects a mature digital presence with comprehensive content targeting patients, medical professionals, researchers, and students. The organization is positioned as a top-tier healthcare provider with strong academic and research credentials, including Nobel laureates and large-scale clinical trials. Technically, the site is built on Drupal 10, uses modern JavaScript frameworks, and integrates multiple analytics and performance monitoring tools, indicating a well-maintained infrastructure. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security headers could be better documented. Privacy compliance is robust with clear privacy and cookie policies and GDPR adherence. Overall, the site demonstrates high professionalism, trustworthiness, and digital maturity.

G

Gold Price Group Inc

goldprice.org

70

GoldPrice.org is a well-established financial information website specializing in live gold price charts and historical data across multiple currencies. Founded in 2003, it serves investors and individuals interested in precious metals pricing worldwide. The site is positioned as a leading resource in its niche, offering fast-loading charts and market insights supported by advertising revenue. Technically, the site uses Drupal 10 CMS, Cloudflare for DNS and CDN, and integrates modern web technologies such as lazy loading and Google Tag Manager for analytics. Privacy compliance is robust with a comprehensive privacy policy and a Cookiebot consent mechanism enabling granular user control over cookies. Security posture is good with HTTPS and domain transfer protections, though DNSSEC is not enabled and security headers are not explicitly observed. No contact or incident response information is published, which could be improved. Overall, the site is professional, trustworthy, and safe for general audiences.

V

VOBACOM sp. z o.o.

vobacom.pl

51

VOBACOM sp. z o.o. is a well-established Polish technology company specializing in intelligent IT solutions for businesses and institutions. Their offerings include web and mobile solutions based on Drupal 10 CMS, augmented reality applications, teletechnical systems, and professional training through their NewTech Academy. The company has a strong regional presence with notable clients such as PKP, PGNiG, and several Polish cities, reflecting a solid market position. The website is professionally designed, accessible, and optimized for mobile devices, providing clear navigation and relevant content tailored to their B2B audience. Technically, the website leverages modern technologies including Drupal 10, Google Tag Manager, and Google Analytics, hosted by OVH SAS. The site demonstrates good performance and accessibility standards, with appropriate SEO and privacy compliance measures such as cookie consent banners and a comprehensive privacy policy. Security posture is good with HTTPS enforced and no visible vulnerabilities, though DNSSEC is not enabled and security headers could be improved. Overall, the security posture is robust for a medium-sized technology firm, with no critical vulnerabilities detected. The domain registration data is consistent with the business claims, showing a long operational history since 2005. Privacy compliance is strong, with GDPR-aligned policies and user consent mechanisms in place. The website content is safe for general audiences, with no adult or questionable material. Strategically, VOBACOM should consider enhancing DNS security by enabling DNSSEC and implementing additional HTTP security headers. Publishing a security.txt file could improve vulnerability disclosure transparency. These steps would further strengthen their security posture and trustworthiness in the market.

T

The Frick Collection

frick.org

67

The Frick Collection is a well-established non-profit art museum located in New York City, specializing in Renaissance to 19th-century art. The website serves as a comprehensive digital portal offering information on exhibitions, collections, educational programs, and membership opportunities. It targets art enthusiasts, researchers, students, and donors, positioning itself as a reputable cultural institution with a strong online presence. Technically, the website is built on Drupal 10, leveraging modern front-end technologies such as Tailwind CSS and Swiper.js for responsive design and user experience. It integrates Google Analytics and Tag Manager for visitor tracking and marketing insights. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and includes standard security headers, indicating a solid baseline security posture. However, the absence of a publicly available security policy, incident response contacts, and vulnerability disclosure mechanisms suggests room for improvement in transparency and readiness. The WHOIS data is unavailable or malformed, which slightly impacts domain trust assessment but does not detract significantly from the overall credibility given the professional website content. Overall, the Frick Collection website is a professional, secure, and user-friendly platform that effectively supports the institution's mission and audience engagement. Strategic enhancements in security transparency and domain registration clarity would further strengthen trust and compliance.

N

NBCUNIVERSAL MEDIA

peacocktv.com

64

NBCUniversal Media is a leading global media and entertainment company specializing in the development, production, and marketing of entertainment, news, and information to a worldwide audience. As a subsidiary of Comcast Corporation, NBCUniversal holds a strong market position with diversified services including sports broadcasting, theme parks, and film production. The website reflects a mature digital presence with rich multimedia content and consistent branding across social media platforms. Technically, the site is built on Drupal 10 and integrates modern analytics and consent management tools, indicating a robust infrastructure. Security posture is generally strong with HTTPS and cookie consent mechanisms, though explicit security headers and detailed privacy policies are not evident in the provided content. The absence of WHOIS data for the domain www.nbcuniversal.com is notable and warrants further investigation to confirm domain registration legitimacy. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its enterprise scale and industry.

O

Oxygen

oxygen.com

69

Oxygen is a well-established media brand specializing in true crime television shows, news, and podcasts. The website serves as a digital platform for streaming full episodes of popular true crime series and delivering crime-related news content. The brand targets a general audience interested in true crime entertainment. Technically, the site is built on Drupal 10 and integrates multiple modern analytics and advertising technologies including Adobe Analytics, Google Tag Manager, mParticle, and Amazon Ads. The site demonstrates good mobile optimization and SEO practices, with a cookie consent mechanism indicating attention to privacy compliance. However, the absence of WHOIS data and explicit privacy or security policies on the homepage suggests areas for improvement in transparency and trust. Security posture is moderate with HTTPS implied but lacking visible security headers or vulnerability disclosures. Overall, Oxygen's website is professional and content-rich but would benefit from enhanced security and compliance disclosures.

S

SYFY

syfy.com

68

SYFY is a well-established media brand specializing in science fiction, fantasy, and horror entertainment. The website serves as an official platform for streaming full episodes, exclusive videos, and providing news and schedules related to SYFY shows. It operates under the NBCUniversal umbrella, which positions it strongly in the cable and digital entertainment market. The site targets a general audience interested in genre entertainment and leverages a business model focused on content distribution and advertising revenue. Technically, the website is built on Drupal 10 and integrates multiple modern technologies including Adobe Launch, Google Tag Manager, mParticle, and Amazon Ads. The infrastructure supports extensive advertising and tracking mechanisms while maintaining good performance and mobile optimization. SEO and accessibility features are adequately implemented, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and employs a comprehensive set of security headers, indicating a mature security posture. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms. However, the absence of explicit security policies, incident response contacts, and vulnerability disclosure programs suggests areas for improvement. The WHOIS data is notably missing or unavailable, which is unusual for a major brand and slightly detracts from trustworthiness, though the site content and technical indicators strongly support legitimacy. Overall, SYFY's website demonstrates a strong digital presence with good security and privacy practices, serving its audience effectively. Strategic enhancements in transparency around security policies and registrant information would further strengthen trust and compliance.

N

NBCUniversal

nbcolympics.com

71

NBC Olympics is a premier digital media platform operated by NBCUniversal, providing comprehensive coverage of Olympic events including live streams, highlights, schedules, and athlete information. The website serves a broad audience of sports fans and general viewers interested in the Olympic Games, leveraging NBCUniversal's strong market position as the official US broadcaster. Technically, the site is built on Drupal 10 and integrates advanced advertising, analytics, and consent management technologies, reflecting a mature and modern digital infrastructure. Security practices are robust, with HTTPS enforcement, security headers, and cookie consent mechanisms in place, though no explicit security policy or incident response contact is publicly available. Overall, the site demonstrates high professionalism, excellent content quality, and strong trust indicators, though the lack of publicly available WHOIS data slightly limits domain trust analysis.

A

Association for Progressive Communications (APC)

giswatch.org

57

Global Information Society Watch (GISWatch) is a reputable non-profit initiative supported by the Association for Progressive Communications (APC) and Sida. It focuses on publishing comprehensive reports and fostering civil society advocacy around digital rights, internet governance, and information society issues globally. The website is multilingual and provides extensive resources and author profiles, targeting civil society, researchers, and policy makers. Technically, the website is built on Drupal 10, uses modern JavaScript libraries such as Leaflet.js for mapping, and employs Matomo analytics with privacy-conscious settings (no cookies, Do Not Track respected). The site is mobile-optimized and accessible, with good SEO practices. Security posture is solid with HTTPS enforced and domain registration locked against unauthorized changes. However, DNSSEC is not enabled, and there is no published security or incident response policy. Privacy compliance is basic, lacking a cookie consent mechanism. Contact information is limited to a contact form, with no explicit emails or phone numbers. Overall, the website presents a trustworthy and professional platform for its non-profit mission, with recommendations to enhance privacy compliance, security transparency, and contact accessibility.

A

Association for Progressive Communications

apc.org

10

The Association for Progressive Communications (APC) is a well-established global non-profit organization dedicated to advancing human rights, digital inclusion, and internet governance through advocacy, grants, and community support. Their website reflects a mature digital presence with comprehensive content targeting civil society organizations and digital rights advocates worldwide. Technically, the site is built on Drupal 10, employs modern web technologies, and integrates privacy-conscious analytics tools such as Matomo and Plausible. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers could be improved. The absence of WHOIS registrant data is mitigated by the professional and consistent branding and content, indicating legitimacy. Overall, the site demonstrates a strong commitment to privacy, accessibility, and user experience, positioning APC as a credible and trustworthy entity in the non-profit digital rights sector.

D

Duel-Press s.r.o.

ujszo.com

57

Új Szó is a well-established Hungarian language daily newspaper and online news portal serving the Hungarian-speaking community in Slovakia. Operated by Duel-Press s.r.o., the website has a strong market position as the leading Hungarian news source in the region. The site offers a broad range of news categories and multimedia content, supported by a modern Drupal 10 CMS infrastructure and integrated advertising and analytics technologies. The domain is longstanding and consistent with the business history, enhancing credibility. Technically, the site is well-optimized for mobile and SEO, with good accessibility features and a moderate performance profile. Security posture is adequate with HTTPS and transfer protection, though improvements like DNSSEC and enhanced security headers are recommended. Privacy compliance is strong with GDPR and cookie consent mechanisms in place. Overall, the site presents a professional and trustworthy media outlet with room for security enhancements.

T

The Chartered Institute of Building

ciob.org

67

The Chartered Institute of Building (CIOB) is a well-established professional body founded in 1834, dedicated to advancing the science, ethics, and practice of construction management and leadership globally. The organization offers membership services, professional development courses, events, and industry support, positioning itself as a leading authority in the built environment sector. The website reflects a mature digital presence with a clear focus on education, member support, and industry engagement. Technically, the site is built on Drupal 10, leveraging modern web technologies and Google Tag Manager for analytics and marketing. It demonstrates good mobile optimization, accessibility compliance (AA certified), and a professional design that supports user engagement and navigation. The presence of multiple certifications such as Cyber Essentials and Disability Confident further underscores its commitment to security and inclusivity. From a security perspective, the site enforces HTTPS and employs recognized certifications, though explicit security headers could be more visible. Privacy compliance is robust, with clear cookie and privacy policies and consent mechanisms in place. However, no explicit incident response or vulnerability disclosure information is provided, which could be improved. Overall, CIOB's website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enhancing security header implementation, publishing vulnerability disclosure policies, and providing clearer incident response contacts to further strengthen trust and security posture.

N

Nationale staalprijs

nationalestaalprijs.nl

46

Nationale staalprijs is a Dutch organization dedicated to promoting and awarding excellence in steel construction projects. The website serves as a platform to showcase nominations, winners, and project submissions related to steel construction within the Netherlands. It targets professionals and companies in the steel construction industry, providing information and recognition to encourage innovation and quality in this sector. The business model appears to be non-profit or industry promotional in nature, focusing on national recognition rather than commercial sales. Technically, the website is built on Drupal 10 CMS and integrates modern web technologies including Google Tag Manager, Google Analytics, YouTube and Vimeo APIs, and Google reCAPTCHA for form security. The site is mobile optimized with good navigation and SEO practices, although some accessibility features could be improved. Performance is moderate with asynchronous loading of scripts. From a security perspective, the site enforces HTTPS and uses Google reCAPTCHA on user registration and login forms to mitigate automated abuse. However, no explicit security headers were detected in the provided content, and there is no published security policy or incident response information. No vulnerabilities or exposed sensitive data were found in the analysis. Privacy compliance is limited as no privacy or cookie policies were found on the homepage content, which could be improved to meet GDPR standards. Overall, the website is professional, trustworthy, and well-targeted to its audience. The main risks relate to privacy compliance and security policy transparency. Strategic recommendations include publishing privacy and cookie policies, implementing security headers, and providing vulnerability disclosure information to enhance trust and compliance.

H

Hrvatske vode

voda.hr

54

Hrvatske vode is the official Croatian government agency responsible for managing water resources, flood protection, and related environmental projects. The website serves as a comprehensive portal providing information, public notices, project details, and access to e-services primarily targeting Croatian citizens, government bodies, and professionals in water management. The agency is well-established with a domain registered since 2011 and operates transparently with clear contact information and public tenders. Technically, the site is built on Drupal 10, uses modern web technologies, and integrates Google Analytics with privacy-conscious configurations. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers could be improved. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

B

Bouwen Met Staal

bouwenmetstaal.nl

50

Bouwen Met Staal is a Dutch knowledge and network organization dedicated to the application of steel in construction. The website serves professionals in the construction and infrastructure sectors by providing educational courses, research publications, events, and design tools. The platform is well-established with a consistent brand and a clear focus on steel construction knowledge dissemination. Technically, the site is built on Drupal 10, employs modern web technologies, and is optimized for mobile devices. Security posture is solid with HTTPS, security headers, and secure forms, though explicit privacy and security policies are lacking. The site uses Google Tag Manager for analytics and has a cookie compliance mechanism in place. Overall, the website is professional, trustworthy, and serves its target audience effectively.

G

Good Time Holding GmbH

gt-holding.de

48

Good Time Holding GmbH is a well-established German holding company specializing in children's and family entertainment, managing several subsidiaries and a portfolio of popular brands. The website reflects a professional and modern digital presence built on Drupal 10, with strong mobile optimization and clear navigation. Privacy compliance is well addressed through a comprehensive privacy policy and an integrated consent management system (Klaro). Security posture is solid with HTTPS enforced and no visible vulnerabilities, though additional security headers and explicit security policies could enhance trust. Overall, the website is trustworthy, safe, and well-aligned with the company's business focus.

C

CCI Business

ccibusiness.fr

44

CCI Business is a French B2B platform established in 2014 that facilitates connections between businesses and major market order givers, serving over 12,500 member companies. It operates through multiple regional territories and sector-specific communities, focusing on energy, manufacturing, and government sectors. The website is built on Drupal 10 and employs Matomo for analytics and tarteaucitron for cookie consent, reflecting a moderate level of digital maturity. While the site is well-structured and mobile-optimized, it lacks explicit privacy and terms of service pages, which are important for compliance and user trust. Security posture is solid with HTTPS and no visible vulnerabilities, but could be improved with additional security headers and clearer contact information for incident response. Overall, the site presents a professional and trustworthy business presence with room for enhancement in privacy and security transparency.

M

Mobimo Management AG

aeschbachquartier.ch

61

The website www.aeschbachquartier.ch represents the Aeschbachquartier Aarau, a mixed-use urban development project managed by Mobimo Management AG, a reputable Swiss real estate company. The site offers detailed information about residential, commercial, and community spaces, targeting residents, businesses, and visitors in Aarau. The business model centers on real estate development and management, with a medium-sized market presence in Switzerland. Technically, the website is built on Drupal 10 with Bootstrap 5, featuring embedded Vimeo videos and Matomo analytics configured to respect DoNotTrack settings. The site is mobile-optimized, accessible, and SEO-friendly, with moderate performance. Security posture is good with HTTPS enforced and some security headers present, though improvements are recommended in cookie consent and explicit security policies. No critical vulnerabilities or suspicious content were detected. Privacy compliance is adequate with a comprehensive privacy policy, but lacks a visible cookie consent mechanism. Contact information is clear, though no direct email addresses are published. Overall, the site is professional, trustworthy, and aligned with the parent company Mobimo Management AG.

N

National Bank of Belgium

nbb.be

77

The National Bank of Belgium operates as the central financial institution of Belgium, providing essential banking and monetary services. The website serves a broad audience including the general public, financial professionals, and researchers, offering multilingual support and comprehensive information about the bank's functions. The site is built on Drupal 10, leveraging modern web technologies and analytics platforms such as Matomo and Google Analytics, with a strong emphasis on privacy and cookie consent compliance. Technically, the website demonstrates a mature digital infrastructure with good mobile optimization, accessibility, and SEO practices. Security posture is robust with HTTPS enforced and cookie consent mechanisms in place, although explicit security headers could be improved. No vulnerabilities or suspicious activities were detected in the content or scripts. Overall, the domain WHOIS data is privacy protected, which is justified for a governmental financial institution. Despite the lack of WHOIS transparency, the website exhibits strong trust indicators and professionalism. The risk assessment is low, with recommendations focusing on enhancing security headers and publishing security policies to further strengthen trust and compliance.

C

Coop Eesti Keskühistu

coopkokad.ee

10

Coop Eesti Keskühistu operates the Coop Kokad website, a retail cooperative focused on selling food products in Estonia. The company is well-established with a domain age consistent with its founding year 2017. The website is built on a modern Drupal 10 CMS with Commerce 3, integrating advanced cookie consent management via Cookiebot and analytics tools such as Google Analytics and Hotjar. Advertising is managed through major networks including Adform and Meta Platforms, ensuring targeted marketing and retargeting capabilities. The website demonstrates good technical maturity with HTTPS, responsive design, and clear business information. Security posture is solid with encrypted connections and consent mechanisms, though some security headers could be improved. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

C

Coop Eesti

coop.ee

67

Coop Eesti is the oldest and largest retail cooperative group in Estonia, operating approximately 330 stores with around 6000 employees and serving about 70,000 client-owners. The website reflects a mature retail business with a cooperative model focused on Estonian consumers. Technically, the site is built on Drupal 10, integrating modern analytics and advertising tools such as Google Analytics, Hotjar, and Adform, with a robust cookie consent mechanism ensuring GDPR compliance. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit security policies and incident response contacts are not publicly available. Overall, the site is professional, secure, and compliant, supporting Coop Eesti's market position as a trusted retail cooperative.

E

European Diamond Capacity Hub (EDCH)

diamas.org

52

The European Diamond Capacity Hub (EDCH) is a newly established collective focused on supporting Diamond Open Access scholarly publishing in Europe. It provides a range of services including a registry and forum for community collaboration, training platforms, resources and guidelines, and quality assurance tools. The initiative is part of the OPERAS program and funded by the European Union, positioning it as a key regional player in the open access ecosystem. The website is professionally designed using Drupal 10, with good mobile optimization and accessibility features. Privacy compliance is well addressed with GDPR-compliant cookie consent management and clear policies. Security posture is solid with HTTPS and domain management best practices, though DNSSEC is not enabled and security headers are not detected. Overall, the site is trustworthy, informative, and well-aligned with its mission.

U

Urząd Miasta Torunia

torun.pl

56

The website www.torun.pl is the official online presence of the City of Toruń, Poland. It serves as a comprehensive portal for residents, tourists, and businesses, providing extensive information on city governance, cultural events, tourism, education, sports, and development initiatives. The site is well-structured with clear navigation and consistent branding, reflecting its role as a trusted government resource. The content is primarily in Polish, targeting local and regional audiences, with links to English tourism resources.

T

Triflex GmbH & Co. KG

triflex.com

66

Triflex GmbH & Co. KG is a specialized manufacturer and provider of waterproofing and marking solutions primarily targeting construction professionals and infrastructure managers. The company offers durable systems for waterproofing roofs, balconies, and parking decks, as well as road and cycle path markings. Their market position is that of a reputable specialist in their niche, with a medium-sized business footprint in Germany. The website reflects a professional and consistent brand image with good content quality and clear business focus. Technically, the website is built on Drupal 10 and integrates multiple modern analytics and marketing technologies including Google Tag Manager, Google Analytics, Facebook Pixel, Hotjar, and Mouseflow. The site is mobile optimized and demonstrates good SEO and accessibility practices. Cookie consent is managed via Cookiebot, ensuring compliance with GDPR and related privacy regulations. From a security perspective, the site enforces HTTPS and uses anti-bot cookies to enhance security. However, explicit security headers like Content-Security-Policy and X-Frame-Options were not clearly identified in the provided data. There is no visible security policy or incident response contact information, which could be improved. The absence of WHOIS data for the domain is a concern, reducing the overall trust score, though the website content and business presence appear legitimate. Overall, the website scores well in content quality, technical implementation, and security posture, but could benefit from improved transparency in domain registration and security policies. Strategic recommendations include publishing a security.txt file, enhancing security headers, and providing clear contact information for security incidents.

W

WEMAG Netz GmbH

wemag-netz.de

10

WEMAG Netz GmbH operates as a regional electricity and gas distribution network operator in Mecklenburg and parts of Brandenburg and Lower Saxony, Germany. The company manages extensive electricity and gas networks, providing services such as network connections, energy distribution, and customer portals. Their website reflects a professional and regionally focused utility business with clear service offerings and customer support channels. Technically, the site is built on Drupal 10, uses modern JavaScript libraries, and integrates GDPR-compliant cookie management via Usercentrics. Analytics are managed through Google Tag Manager, indicating a moderate level of digital maturity. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though the site lacks explicit security policy and incident response information. Overall, the website is well-structured, accessible, and trustworthy, supporting the company's business credibility in the energy sector.

M

Montpellier Méditerranée Métropole et ville de Montpellier

montpellier.fr

68

Montpellier Méditerranée Métropole and the city of Montpellier operate an official government website serving residents, visitors, and stakeholders with comprehensive information on local governance, public services, urban projects, and citizen participation. The website is well-structured, professionally designed, and targets a broad audience including citizens and businesses within the metropolitan area. Technically, the site is built on Drupal 10, employs modern JavaScript libraries, and integrates Matomo analytics with privacy considerations such as Do Not Track. Security posture is good with HTTPS enforced and no exposed sensitive data, though explicit security headers and privacy policies are not clearly present in the analyzed content. The absence of WHOIS data limits domain registration trust analysis, but the official .fr domain and consistent branding support legitimacy. Overall, the site demonstrates a mature digital presence appropriate for a large government entity.

V

Verlagsgruppe Oetinger Service GmbH

oetinger.de

56

Verlagsgruppe Oetinger Service GmbH is a well-established German publishing group specializing in children's and youth literature. Their website offers a broad catalog of books, including popular titles like Pippi Langstrumpf and Tintenwelt, targeting children and young readers. The company maintains a consistent brand presence with active social media channels and a professional online storefront. Technically, the website is built on Drupal 10 with the Thunder distribution, integrating modern analytics and marketing tools such as Google Analytics, Microsoft Clarity, and Cookiebot for GDPR-compliant cookie management. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. Security-wise, the site enforces HTTPS, employs standard security headers, and uses a cookie consent mechanism, though it lacks a publicly stated security policy or incident response contact. WHOIS data aligns well with the business claims, indicating legitimacy and consistent domain registration. Overall, the website is professional, secure, and compliant with privacy regulations, serving its target audience effectively.

K

KIDDINX Media GmbH

kiddinx.de

47

KIDDINX Media GmbH is a reputable German media company specializing in children's entertainment, particularly audio plays and licensing of popular brands such as Bibi Blocksberg and Benjamin Blümchen. The company operates under the parent company GT-Holding and maintains a strong market position in the children's media sector. The website is built on Drupal 10, featuring modern consent management and analytics integration, reflecting a mature digital infrastructure. Security posture is solid with HTTPS, anonymized analytics, and cookie consent mechanisms, though some security headers could be improved. Privacy compliance is well addressed with clear policies and GDPR-aligned consent. Overall, the site presents a professional and trustworthy digital presence with good content quality and user experience.

B

Bureau Veritas

bureauveritas.com

77

Bureau Veritas is a globally recognized leader in testing, inspection, and certification services, offering a broad portfolio of solutions across multiple industries including energy, transportation, manufacturing, and government sectors. The website reflects a mature digital presence built on Drupal 10, with modern consent management and analytics integration, demonstrating a commitment to privacy and compliance. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, although explicit security policies and incident response contacts are not published. Overall, the site is professional, trustworthy, and well-optimized for user experience and mobile devices.

J

Johnson & Johnson Medical Devices Companies

e-ifu.com

55

The website www.e-ifu.com serves as a digital portal for accessing Instructions for Use (IFU) documents related to Johnson & Johnson Medical Devices. It targets medical professionals and patients, providing multilingual support and a structured interface for document retrieval. The site is branded consistently with Johnson & Johnson Medical Devices Companies and uses modern web technologies including Drupal 10, Bootstrap 5, and various JavaScript libraries for enhanced user experience and functionality. Despite the professional presentation and clear business focus, the absence of WHOIS registration data raises questions about domain legitimacy, although the content and branding strongly suggest a legitimate enterprise presence. From a technical perspective, the site employs a robust technology stack with good mobile optimization and accessibility features. The use of Google Analytics, Google Tag Manager, and Qualtrics indicates moderate user tracking and marketing analytics integration. However, the site lacks visible privacy and cookie policies, which impacts its privacy compliance rating. Security best practices such as HTTPS usage and secure form handling are observed, but security headers and incident response contact information are not evident. Overall, the security posture is moderate with no critical vulnerabilities detected in the provided content. The missing WHOIS data and lack of explicit privacy documentation are notable gaps. The website is safe for general audiences, with no adult or questionable content detected. Strategic recommendations include publishing comprehensive privacy and cookie policies, enhancing security headers, and providing clear contact information for security incidents to improve trust and compliance.

Johnson & Johnson MedTech operates a professional website dedicated to Medical Information Requests (MIR) for healthcare providers. The company is a large multinational healthcare technology entity, providing medical devices and related services. The website is well-structured, using modern technologies such as Drupal 10 and React, and offers multilingual support with downloadable forms. Privacy and cookie policies are present and GDPR compliant, reflecting a mature approach to data protection. However, WHOIS data for the domain is not publicly available, which may be due to privacy protection or proxy registration, but the website content and branding strongly indicate legitimacy. Security posture is strong with HTTPS, security headers, and CAPTCHA protections on forms.

The website represents DePuy Synthes, a leading medical device company specializing in orthopedic solutions, particularly hip replacement via the ANTERIOR ADVANTAGE™ approach. It is part of the Johnson & Johnson MedTech division, indicating a strong market position and enterprise scale. The site targets patients seeking treatment information and educational materials. Technically, the site is built on Drupal 10 with React components and integrates modern video and analytics technologies, demonstrating a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, though explicit security policies and incident response contacts are absent. WHOIS data is missing, which slightly reduces trust but the overall branding and content quality support legitimacy. Strategic recommendations include publishing security policies, improving transparency on incident response, and adding terms of service.

J

Johnson & Johnson (implied by DNS and name servers)

getsmartaboutafib.com

67

The website getsmartaboutafib.net is a professionally developed healthcare education platform focused on providing comprehensive information about Atrial Fibrillation (AFib), its symptoms, treatment options, and patient experiences. The site targets patients and the general public seeking to understand AFib better and make informed decisions about their care. The branding and DNS infrastructure strongly suggest ownership or sponsorship by Johnson & Johnson, a major healthcare corporation, lending credibility and trust to the platform. Technically, the website leverages modern technologies including Drupal 10 as the CMS and React for interactive components, supported by standard marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and Hotjar. The site is mobile optimized, accessible, and SEO friendly, providing a good user experience. Cookie consent is implemented via OneTrust, indicating compliance with GDPR and privacy regulations. From a security perspective, the site uses HTTPS with a good SSL configuration and has domain transfer protections in place. However, DNSSEC is not enabled, and security headers are not explicitly detected in the provided data, suggesting room for improvement. No direct contact information or security policies are found, which could be enhanced to improve transparency and incident response readiness. Overall, the website presents a low-risk profile with strong business credibility and good technical maturity. Strategic recommendations include enabling DNSSEC, publishing privacy and security policies, and adding clear contact channels for security incidents to further strengthen trust and compliance.

J&J MedTech operates as a global healthcare technology and medical devices provider, targeting healthcare professionals with localized content for multiple regions worldwide. The website demonstrates a mature digital presence built on modern technologies such as Drupal 10 and React, with good mobile optimization and accessibility features. Privacy and cookie policies are well implemented, reflecting GDPR compliance. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers and incident response information are absent. The lack of WHOIS data is unusual but likely due to privacy protection or recent domain registration, not detracting significantly from the site's legitimacy given the strong brand presence. Overall, the site is professional, trustworthy, and well-structured, supporting the enterprise's market position.

The website www.jnjmedtech.com represents DePuy Synthes, a division of Johnson & Johnson MedTech, specializing in orthopedic medical devices such as knee replacement solutions. The site provides patient-focused educational content and product information, positioning itself as a trusted healthcare resource. The business operates at an enterprise scale within the healthcare sector, leveraging the strong brand equity of Johnson & Johnson. Technically, the site is built on Drupal 10 with React components, integrating modern analytics and consent management tools, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforcement, security headers, and cookie consent mechanisms, though the absence of visible security contact or vulnerability disclosure pages suggests room for improvement. The missing WHOIS data for the domain is a notable anomaly but does not detract significantly from the overall legitimacy given the strong brand presence and consistent content. Overall, the site is professional, secure, and compliant with privacy regulations, serving a general audience with safe and relevant healthcare content.

DePuy Synthes, a Johnson & Johnson MedTech company, operates a professional and well-branded website focused on patient education for robotic-assisted joint replacement technologies under the VELYS™ Enabling Tech platform. The site targets patients seeking information about knee and hip replacement surgeries, offering detailed content and resources. Technically, the website leverages modern frameworks such as Drupal 10 and React, integrates multiple analytics and tracking tools with user consent, and demonstrates good mobile optimization and accessibility. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers could be further verified. The absence of WHOIS data for the domain introduces some transparency concerns, but the overall trustworthiness is supported by consistent branding and comprehensive privacy policies. Contact information and incident response details are not prominently available, which could be improved to enhance user trust and compliance.

DePuy Synthes, a Johnson & Johnson company, operates as a leading global provider of orthopaedic medical devices and solutions. The website targets healthcare professionals and showcases a broad portfolio of orthopaedic implants and surgical instruments. The business model is primarily B2B, focusing on medical institutions and professionals. The site reflects a strong market position within the healthcare sector under the Johnson & Johnson MedTech umbrella. Technically, the website is built on a modern stack including Drupal 10 and React, with integration of Brightcove for video content and Google Tag Manager for analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices, indicating a mature digital infrastructure. Cookie consent and privacy policies are implemented, reflecting compliance with GDPR and other privacy regulations. From a security perspective, the site enforces HTTPS with strong SSL configuration and includes standard security headers. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are not publicly available, representing areas for improvement. No vulnerabilities or exposed sensitive data were detected during analysis. Overall, the website is professional, trustworthy, and well-maintained, with a strong business credibility score. The absence of WHOIS data limits domain registration trust analysis but does not detract from the evident legitimacy of the site as a corporate entity of Johnson & Johnson. Strategic recommendations include publishing detailed security policies and incident response information to enhance transparency and trust.

MENTOR, a brand under Johnson & Johnson MedTech, specializes in breast implant solutions with a strong commitment to quality and experience. The website presents professional healthcare-related content targeting healthcare professionals. The technical infrastructure is built on Drupal 10 CMS with modern analytics and marketing tools integrated, ensuring a robust digital presence. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and vulnerability disclosures are absent. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the corporate branding and content quality. Strategic recommendations include publishing explicit security and incident response policies and enhancing contact transparency.

J

Johnson & Johnson Institute

jnjinstitute.com

68

Johnson & Johnson Institute operates as a global leader in professional medical education and training, providing both physical and virtual learning centers worldwide. The website reflects a mature enterprise-level organization with consistent branding and a clear focus on healthcare professionals as its target audience. The business model centers on delivering high-quality educational resources and training programs to medical practitioners globally. Technically, the website is built on Drupal 10 CMS, leveraging modern JavaScript libraries and analytics tools such as Google Tag Manager and Hotjar, indicating a well-maintained and digitally mature infrastructure. Security posture is solid with HTTPS enforcement and domain transfer protections, though there is room for improvement in DNSSEC implementation and explicit security headers. Privacy compliance is well addressed with comprehensive privacy and cookie policies and consent mechanisms in place. Overall, the website presents a trustworthy and professional digital presence aligned with the Johnson & Johnson brand.

M

Médecins Sans Frontières (MSF) International

msf.org

63

Médecins Sans Frontières (MSF) is a globally recognized independent humanitarian organization providing medical assistance to populations affected by conflict, epidemics, disasters, and exclusion from healthcare. The website reflects MSF's mission and global presence with comprehensive content, clear navigation, and multilingual support. The organization targets donors, humanitarian workers, and the general public interested in medical humanitarian aid. Technically, the site is built on Drupal 10, leveraging modern analytics and tracking tools such as Google Tag Manager, Hotjar, and Facebook Pixel, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit security policies and incident response contacts are not publicly detailed. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations, supporting MSF's reputation as a leading humanitarian NGO.

Œ

Œuvre Nationale de Secours Grande-Duchesse Charlotte

oeuvre.lu

46

Œuvre Nationale de Secours Grande-Duchesse Charlotte is a well-established Luxembourg non-profit organization dedicated to supporting associations in social, cultural, environmental, sport & health, and heritage projects. Funded primarily by the Luxembourg National Lottery, it has a long history dating back to 1944 and holds a reputable position in the local community. The website reflects a professional and accessible digital presence, leveraging Drupal 10 and modern web technologies, with strong emphasis on accessibility and user experience. Security posture is good with HTTPS and secure embedding practices, though explicit security headers could be improved. The lack of WHOIS data limits domain trust analysis but does not detract from the organization's evident legitimacy. Overall, the site is safe, well-designed, and compliant with privacy regulations.

M

Mubea U-Mobility

mubea-umobility.com

37

Mubea U-Mobility is a German-based company specializing in the manufacture and sale of robust electric cargo bikes targeted at B2B customers such as parcel delivery services, campus logistics, advertising platforms, and service providers. The website presents a professional image with consistent branding and clear business focus on transportation solutions. The technical infrastructure is built on Drupal 10 CMS, utilizing modern web technologies including Google Tag Manager and Cookiebot for analytics and cookie consent management. The site is mobile-optimized and provides a good user experience with relevant content and SEO optimizations. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks visible security headers and explicit privacy and terms of service pages. The WHOIS data is missing or indicates the domain may not be registered, which raises concerns about domain legitimacy despite the professional website presence. Overall, the website scores well on business credibility and content quality but should address privacy compliance and security best practices to improve trust and compliance.

F

Foire de Metz

foiredemetz.com

61

Foire de Metz is a regional event organizer hosting a prominent fair in Metz, France, providing exhibition spaces and entertainment to a broad public audience. The website is professionally designed using Drupal 10, integrating modern analytics and marketing tools such as Matomo and Google Tag Manager. The site demonstrates good mobile optimization, accessibility, and SEO practices, supporting a positive user experience. Security posture is solid with HTTPS enforcement and standard security headers, although explicit security policies and incident response contacts are not published. The WHOIS data is notably absent or unregistered in the queried database, which raises concerns about domain legitimacy despite the professional appearance and content of the website. Overall, the site is safe, trustworthy, and compliant with GDPR, but the domain registration inconsistency warrants further verification.

F

Accueil | Foire St-Etienne

foiredesaintetienne.com

56

The website www.foiredesaintetienne.com represents the Foire de Saint-Etienne, an event held at Parc Expo from September 19 to 29, 2025. The site is built on Drupal 10 and uses modern web technologies including FontAwesome, Leaflet for maps, Slick Carousel for UI elements, and Matomo for analytics. It is targeted primarily at a French-speaking audience interested in attending the event. The website is professionally designed with good mobile optimization and accessibility features, providing a positive user experience. However, the absence of WHOIS data raises concerns about domain legitimacy and ownership transparency. Security posture is moderate with HTTPS enabled and cookie consent implemented, but lacks comprehensive security headers and published security policies. Privacy compliance is basic, with no explicit privacy or terms of service pages found. Overall, the site is functional and informative but would benefit from enhanced transparency and security documentation.