Security Directory

D

Data Protected

kottke.org

0

kottke.org is a long-established independent media blog focused on curated hypertext content, culture, art, and technology. It operates a membership model supported by Memberful and affiliate marketing. The site is hosted by Arcustech and uses Cloudflare DNS. Technically, it employs a custom CMS with legacy jQuery and modern JavaScript libraries for enhanced user experience. Security posture is good with HTTPS and security headers, though DNSSEC is not enabled and privacy compliance is incomplete due to missing policies. The site is accessible without WAF blocking and contains safe, general audience content.

P

Pixel Envy

pxlnv.com

0

Pixel Envy is an independent technology and policy weblog authored by Nick Heer, focusing on topics such as Apple, Silicon Valley, privacy, and broader technology policy issues. The site operates primarily as a content publishing platform with monetization through Patreon subscriptions and sponsorships. It targets technology enthusiasts, policy followers, and privacy advocates, primarily in Canada. Technically, the site is built on WordPress with a custom theme, uses SVG logos, and employs Piwik/Matomo for privacy-conscious analytics. The site is well-structured, mobile-optimized, and provides rich, high-quality content with consistent branding. Security posture is moderate with HTTPS usage implied but lacking explicit security headers and formal privacy or cookie policies, representing compliance gaps. Overall, the site is trustworthy, professional, and safe for general audiences.

C

Contact Privacy Inc. Customer 0155950127

glass.photo

0

Glass.photo is a niche, paid global community platform dedicated to photographers, emphasizing an ad-free and algorithm-free environment. It offers a clean, distraction-free interface for photo sharing and community engagement, targeting photography enthusiasts who seek meaningful interaction and inspiration. The platform is relatively young, founded in 2019, and positions itself as a premium alternative to mainstream social media photo sharing apps. Technically, the website is built using modern frameworks such as Next.js and React, hosted on AWS infrastructure, and integrates Stripe for payment processing. The site demonstrates excellent design quality, mobile optimization, and user experience, supported by positive testimonials and media coverage. Security-wise, the site enforces HTTPS and domain transfer protections but lacks DNSSEC and security headers, and does not publish privacy or cookie policies, which are areas for improvement. Overall, Glass.photo presents a trustworthy and professional platform with room to enhance privacy compliance and security posture.

N

Numeric Citizen Space

numericcitizen.me

0

Numeric Citizen Space is a personal technology blog operated by an individual contributor focused on Apple products, software, apps, photography, and personal stories. The site targets Apple enthusiasts, digital nomads, and technology readers, offering regularly updated articles and a subscription-based newsletter model. The business model is content-driven with donation support and subscription options. Technically, the website is built on the Ghost CMS platform, hosted and DNS managed by Cloudflare, and uses modern web technologies including JavaScript and CSS. The site is mobile-optimized, fast-loading, and includes privacy-focused analytics services such as Plausible and Cloudflare Web Analytics. Security posture is good with HTTPS enforced and domain transfer protection, but lacks some security headers and DNSSEC. Privacy compliance is limited due to absence of privacy and cookie policies. Overall, the website is professional and trustworthy but could improve compliance and security transparency.

P

Pixelfed

pixelfed.social

0

Pixelfed.social is the original and main instance of the decentralized photo sharing social media platform Pixelfed, operated by the lead developer known as @dansup. The platform offers a federated social media experience focusing on photo posts, albums, filters, and video support, targeting general users interested in privacy-respecting social media alternatives. The website is professionally designed with good content quality and clear navigation, supporting mobile optimization and modern web technologies such as Vue.js and Plyr media player. Hosting and DNS are managed by Cloudflare, ensuring reliable performance and security. The domain is well-established since 2018, consistent with the business history. From a security perspective, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and some security headers. There is no explicit public security or incident response policy, and no cookie consent mechanism was detected, which may impact GDPR compliance. The platform enforces community rules prohibiting hate speech, harassment, explicit content, and illegal activities, contributing to a safe user environment. Overall, the security posture is good but could be improved with enhanced policies and technical controls. The business model centers on providing a decentralized, federated photo sharing service with a strong community focus. The site maintains transparency with contact email and clear rules but lacks some formal compliance disclosures. The platform is positioned as a privacy-conscious alternative to mainstream social media, appealing to users valuing decentralization and open-source principles. Strategic recommendations include implementing cookie consent, enabling DNSSEC, publishing security policies, and adding security headers to strengthen trust and compliance.

J

Jason Cameron

jasoncameron.dev

0

Jason Cameron's website is a professional personal portfolio showcasing his expertise in backend web development, scalable systems, DevOps, and cybersecurity. The site highlights his contributions to major open source projects and organizations, positioning him as a credible and skilled developer with a focus on security and automation defenses. The portfolio targets developers, technology professionals, and organizations seeking expertise in these areas. Technically, the site is built with modern frameworks like SvelteKit, uses Golang and other technologies for projects, and demonstrates good performance and mobile optimization. Security-wise, the site uses HTTPS and avoids exposing sensitive data, but lacks explicit security headers and formal privacy or cookie policies. Overall, the site is trustworthy and professional but could improve compliance and security posture by adding relevant policies and contact information.

J

Jason Cameron

jsn.cam

0

Jason Cameron's website is a professional portfolio showcasing his expertise as a software engineer specializing in backend web development, scalable systems, DevOps, and cybersecurity. The site highlights his contributions to major organizations and open source projects, positioning him as a credible and skilled developer. The technical infrastructure is modern, leveraging SvelteKit for frontend and Golang for backend projects, with good performance and mobile optimization. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit security headers and privacy policies are missing. Overall, the site is trustworthy and professional but could improve compliance and security transparency.

I

INKAS Armored Vehicles, Bulletproof Cars, Special Purpose Vehicles

inkasarmored.com

0

INKAS Armored Vehicles is a well-established manufacturer specializing in armored and bulletproof vehicles including SUVs, sedans, trucks, limousines, and special purpose vehicles. With over 30 years of experience and a domain registered since 2005, the company holds a leading market position in North America and serves a global clientele. Their product offerings are supported by certifications such as CEN 1063, and they provide comprehensive services including maintenance, spare parts, and custom fabrication. The website reflects a professional and consistent brand image with clear navigation and extensive product information. Technically, the website is built on WordPress with modern frameworks like Bootstrap 5 and integrates multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, and Microsoft Clarity. The site is hosted with reputable providers and uses Cloudflare DNS, ensuring good performance and security. Mobile optimization and SEO practices are well implemented, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and employs domain status protections to prevent unauthorized changes. However, there is room for improvement by enabling DNSSEC and implementing additional security headers. The absence of a published security policy or incident response contact is noted. Privacy compliance is addressed with visible privacy and cookie policies, including consent mechanisms, aligning with GDPR requirements. Overall, the website demonstrates a strong security posture, high business credibility, and excellent content quality. Strategic recommendations include enhancing DNS security, publishing security policies, and adding vulnerability disclosure mechanisms to further strengthen trust and compliance.

R

Race Roster

raceroster.com

0

Race Roster is a well-established technology company founded in 2011, specializing in providing a comprehensive SaaS platform for event organizers, timers, and fundraising coordinators globally. Their platform offers a full suite of products including registration, fundraising, timing tools, CRM, onsite applications, and virtual event management, positioning them as a key player in the event management technology sector. The website reflects a mature digital presence with professional design, clear navigation, and strong content relevance tailored to their target audience. Technically, the website is built on WordPress with modern web technologies such as jQuery, Google reCAPTCHA, and Bootstrap, hosted on Amazon AWS infrastructure. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate and could benefit from further optimization. Privacy and cookie compliance are well implemented with clear policies and user consent mechanisms. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms, but lacks visible security headers and published security policies or incident response information. DNSSEC is not enabled, which is a recommended improvement. No vulnerabilities or suspicious activities were detected in the analysis. Overall, Race Roster presents a trustworthy and professional online presence with a strong business model and good compliance posture. Strategic improvements in security transparency and technical optimizations could further enhance their security posture and user trust.

M

Marathon-Photos.com Limited

marathonphotos.live

0

Marathon Photos Live is a globally recognized leader in mass participation event sports photography, operating in 70 countries and serving millions of athletes. The company specializes in capturing and delivering live race images, positioning itself as a key service provider in the sports media sector. Their website reflects a professional and consistent brand image with a focus on user experience and accessibility for athletes and event organizers worldwide. Technically, the site is built on modern frameworks such as Vue.js, with good mobile optimization and SEO practices, although some accessibility features could be enhanced. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and published security policies. The domain is privacy protected but consistent with the business profile, and no suspicious indicators were found. Overall, the website demonstrates a mature digital presence with room for security and compliance improvements.

S

🌸 Lily's Moon Garden 🌸

sapphicyearn.ing

0

The website 'Lily's Moon Garden' is a personal hobby site currently under construction, primarily serving as a stable host for a small 88x31 button image. The site is minimalistic with basic HTML and CSS, no dynamic content or forms, and no evident business operations. The owner appears to be an individual named Lily, with a personal Mastodon social link provided. The site content is safe, non-commercial, and targeted at a general audience. Technically, the site uses simple static web technologies with no detected CMS or advanced frameworks. There is no evidence of HTTPS or security headers, and no privacy or cookie policies are present, indicating a low level of privacy compliance and security posture. The domain WHOIS is privacy protected, which is reasonable for a personal site. Overall, the site has a basic design and limited content, with room for improvement in security and compliance.

The Forest website is a small-scale creative project launched in 2021, designed to offer users an unpredictable and exploratory web experience. It encourages users to 'walk the forest' of the internet and includes a link to a tree planting initiative, reflecting a creative and environmentally conscious theme. The site is simple, with minimal content and no commercial business model or extensive services. Technically, the site uses modern HTML5 and CSS3 with custom variable fonts and is hosted on Hover.com. It is mobile-optimized and performs well with a clean, consistent design. Security posture is basic; the domain is privacy protected and has domain status flags to prevent unauthorized changes, but lacks DNSSEC and security headers. No privacy or cookie policies are present, and no contact or incident response information is provided, limiting compliance and trust signals. Overall, the site is safe, free of adult or questionable content, and accessible without WAF or blocking mechanisms.

099 Supply is a small Canadian e-commerce business specializing in digital tools for creatives, offering Photoshop mockups and Framer components to enhance design workflows. The website is professionally designed with a clear focus on creative professionals and digital designers, providing both free and premium digital assets. The platform leverages modern technologies including React, Next.js, and Ecwid for e-commerce functionality, hosted on DigitalOcean with CDN support for performance optimization. The site is mobile-optimized and SEO-friendly, providing a good user experience. Security posture is solid with HTTPS enforced and domain transfer locks, though DNSSEC is not enabled and some security headers are missing. Privacy compliance is basic with a privacy policy present but lacking explicit GDPR adherence and no cookie consent mechanism. Contact information is minimal with no direct emails or phone numbers published, which may impact user trust. Overall, the site is legitimate and functional but could improve in privacy and security transparency.

The website niko.lgbt is a personal portfolio site belonging to a 19-year-old trans and enby developer from Canada. It serves as a platform to share personal information, coding and non-coding projects, and contact options. The site is simple and straightforward, targeting a general audience interested in the developer's work and identity. The domain is registered under Private by Design, LLC, a US-based privacy-focused organization, which aligns with the personal and privacy-conscious nature of the site. Technically, the website uses standard web technologies including HTML5, CSS3, and JavaScript, with privacy-friendly GoatCounter analytics integrated. The site is lightweight, fast-loading, and mobile-optimized with basic accessibility and SEO features. DNS is managed via Desec.io, but DNSSEC is not enabled, representing a minor security gap. No CMS or advanced frameworks are detected, indicating a custom or static site. From a security perspective, the site benefits from domain status protections preventing unauthorized transfers or deletions. However, no security headers are detected, and there is no evidence of privacy or cookie policies, which limits compliance with GDPR and other privacy regulations. The absence of contact emails or phone numbers reduces direct communication options, though a contact page is linked. No vulnerabilities or suspicious content are identified, and the site does not contain adult or questionable material. Overall, niko.lgbt is a legitimate, small-scale personal website with a moderate security posture and limited privacy compliance. Strategic improvements in security headers, privacy documentation, and contact transparency would enhance trust and compliance.

F

FreshBooks

freshbooks.com

0

FreshBooks is a well-established Canadian company providing cloud-based accounting software tailored for small businesses and freelancers. Their platform offers invoicing, expense tracking, time management, and payment processing services, positioning them as a leading SaaS provider in the small business finance sector. The website reflects a mature digital presence with modern technologies such as React and Next.js, hosted on AWS, ensuring fast performance and mobile optimization. Security posture is strong with HTTPS enforcement, comprehensive security headers, and SOC 2 certification, although explicit security and incident response policies are not publicly detailed. Privacy compliance is robust with clear policies and consent mechanisms. Overall, FreshBooks presents a trustworthy and professional online presence with minor gaps in publicly disclosed security policies.

H

Hush Communications USA Inc.

hushmail.com

0

Hush Communications USA Inc. operates the Hushmail website, providing encrypted email and e-signable forms primarily targeted at healthcare practitioners and small businesses requiring HIPAA-compliant communication solutions. The company positions itself as a trusted provider with over 25 years of experience, offering subscription-based services that emphasize privacy and security. The website is professionally designed, mobile-optimized, and rich in content, including customer testimonials and Trustpilot reviews that reinforce trust. Technically, the site leverages modern web technologies such as HubSpot CMS, Google Analytics, Google Tag Manager, and reCAPTCHA Enterprise, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforced and privacy mechanisms like cookie consent banners implemented, though explicit security headers and public security policies could be improved. The absence of WHOIS data reduces transparency but is mitigated by the professional presentation and business claims. Overall, the website demonstrates a high level of professionalism, security awareness, and compliance focus suitable for its target market.

A

Home

ammar.win

0

The website ammar.win is a newly registered personal or small project site created in June 2024. It features minimal content primarily focused on visual effects using JavaScript libraries such as particles.js and typed.js. The site is hosted on Cloudflare with HTTPS enabled, indicating basic security measures. However, it lacks critical compliance elements such as privacy and cookie policies, terms of service, and contact information, which limits its business credibility and privacy compliance. The technical implementation is moderate with modern libraries but could benefit from improved accessibility and SEO optimization. Security posture is basic with no DNSSEC and missing security headers, though no vulnerabilities or malicious content were detected. Overall, the site is safe for general audiences but scores low on business credibility and privacy compliance due to missing policies and contact details.

H

Hart House

harthouse.ca

0

Hart House is a well-established student-focused centre affiliated with the University of Toronto, offering arts, wellness, dialogue, and event hosting services. The website reflects a mature digital presence with rich content, clear navigation, and professional design, targeting university students and the broader community. Technically, the site uses modern JavaScript libraries and frameworks, integrates multiple analytics and marketing tools, and is hosted with Cloudflare DNS, ensuring good performance and availability. Security posture is solid with HTTPS and domain transfer protections, though improvements are recommended in DNSSEC and security headers. Privacy compliance is limited due to missing explicit privacy and cookie policies. Overall, the site is trustworthy, professional, and safe for general audiences.

H

HEC Montréal

hec.ca

0

HEC Montréal is a leading Quebec-based university-level management school recognized for its excellence in teaching and research. The institution offers a wide range of programs including degree courses, continuing education, and executive training, targeting students, faculty, alumni, and business partners. It holds prestigious triple accreditation (AMBA, AACSB, EQUIS), positioning it strongly in the global education market. The website reflects a professional and consistent brand image with rich content and clear navigation, supporting its educational mission. Technically, the website employs modern web technologies such as jQuery, FontAwesome, and Google Tag Manager, with a responsive design optimized for mobile devices. The presence of cookie consent mechanisms and privacy policies indicates a mature approach to privacy compliance. Performance is moderate with room for optimization, and accessibility features are well implemented. From a security perspective, the site uses HTTPS with good SSL configuration and secure form practices. However, explicit security headers are missing, and no public security policy or incident response contacts are provided, which could be improved. No vulnerabilities or exposed sensitive data were detected. The domain WHOIS data is unavailable due to privacy protection, which is justified for this type of institution. Overall, the website is trustworthy, professional, and secure with minor areas for improvement in security transparency and technical optimization. The risk profile is low, and the institution demonstrates strong digital maturity aligned with its business goals.

U

University of Calgary

ucalgary.ca

0

The University of Calgary website represents a large, well-established Canadian educational institution focused on providing undergraduate, graduate, and continuing education programs. The site emphasizes its entrepreneurial spirit and research excellence, targeting prospective and current students, alumni, faculty, and staff. The digital infrastructure is built on Drupal 10, integrating modern analytics and marketing tools, and is optimized for mobile and accessibility. Security posture is solid with HTTPS and domain transfer protections, though some security headers and explicit policies could be enhanced. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting a mature privacy stance. Overall, the website is professional, trustworthy, and well-positioned to serve its academic community.

U

University of Toronto

utoronto.ca

0

The University of Toronto website represents a globally recognized public research university based in Toronto, Canada. The site provides comprehensive information about academic programs, research initiatives, campus life, and community engagement. It targets a broad audience including prospective and current students, faculty, staff, alumni, donors, and visitors. The university maintains a strong market position as a top-ranked institution with a large scale of operations and a rich history dating back to 1827. Technically, the website is built on Drupal 10 CMS, leveraging modern web technologies and analytics tools such as Google Tag Manager, Microsoft Clarity, and New Relic Browser monitoring. The site demonstrates excellent performance, mobile optimization, and accessibility features, ensuring a high-quality user experience. SEO practices are well implemented with proper metadata and structured data. From a security perspective, the site enforces HTTPS with strong SSL configuration and security headers including CSP, HSTS, and X-Frame-Options. No vulnerabilities or exposed sensitive data were detected. However, explicit security policies and incident response information are not prominently published, and no vulnerability disclosure or security.txt file was found. Privacy compliance is strong with clear privacy and cookie policies, including consent mechanisms and GDPR adherence. Overall, the website is highly professional, trustworthy, and secure, reflecting the stature of the University of Toronto. The absence of WHOIS data is likely due to privacy protection policies common for large institutions. Strategic recommendations include publishing detailed security policies, incident response contacts, and vulnerability disclosure information to further enhance trust and transparency.

N

New Vector Ltd

riot.im

0

Element.io is a leading secure collaboration and messaging platform built on the open Matrix protocol. Founded in 2011 and operated by New Vector Ltd, the company offers end-to-end encrypted communication solutions that emphasize data sovereignty and interoperability. Their offerings include the Element App for users and the Element Server Suite for backend customization, targeting enterprises, governments, and organizations requiring secure real-time communication. The website reflects a mature, professional digital presence with comprehensive content and multilingual support. Technically, the site uses modern web technologies, is mobile-optimized, and integrates marketing and analytics tools such as HubSpot. Security posture is strong, supported by industry certifications like ISO/IEC 27001:2022 and Cyber Essentials Plus, though DNSSEC is not enabled. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, Element.io demonstrates high business credibility and trustworthiness.

C

Creative Destruction Lab

creativedestructionlab.com

0

Creative Destruction Lab (CDL) is a well-established nonprofit organization founded in 2012 at the Rotman School of Management, University of Toronto. It operates a global accelerator program focused on seed-stage, science- and technology-based companies, offering mentorship and objectives-based support across multiple streams and international locations. The website reflects a mature digital presence with strong academic partnerships and a professional brand image. The content is rich, relevant, and targeted at entrepreneurs and innovators in technology sectors. Technically, the website is built on WordPress with a modern tech stack including Yoast SEO, Google Analytics, and various marketing and tracking tools. Hosting is via DigitalOcean, and the site is mobile-optimized with good accessibility and SEO practices. However, some security enhancements such as enabling DNSSEC and implementing HTTP security headers are recommended to strengthen the security posture. Security-wise, the site uses HTTPS and employs multiple third-party analytics and marketing scripts, indicating extensive user tracking. While no critical vulnerabilities or exposed sensitive data were found, the absence of cookie consent mechanisms and explicit security policies suggests room for improvement in privacy compliance. The WHOIS data is consistent and trustworthy, supporting the legitimacy of the domain and organization. Overall, CDL's website demonstrates a strong business credibility and digital maturity, with minor technical and security improvements recommended to enhance trust and compliance.

F

Homepage - flewkey

flewkey.com

0

The website flewkey.com is a personal portfolio and blog site operated by Ryan Fox, a computer programmer from Canada. The site features blog posts related to software and personal interests, as well as music tracks created by the owner. The business model is that of a personal brand and content sharing platform, targeting a general audience interested in technology and programming. The website is small in scale and was established in 2019, consistent with the domain registration data. The site is hosted via GoDaddy and uses basic HTML and CSS technologies without advanced frameworks or CMS platforms. From a technical perspective, the website is simple and functional but lacks modern enhancements such as security headers, analytics, or advanced SEO features. Mobile optimization and accessibility are basic but present. The site does not employ any tracking or advertising technologies, indicating a minimal digital footprint. Security posture is limited; the domain is registered with standard protections against unauthorized changes but lacks DNSSEC and security headers. No privacy or cookie policies are present, which impacts compliance with GDPR and other privacy regulations. No contact or incident response information is provided, limiting transparency and trust. Overall, the website is safe and appropriate for general audiences, with no adult or questionable content detected. The risk level is low given the personal nature of the site, but improvements in security and privacy compliance are recommended to enhance trust and professionalism.

C

Contact Privacy Inc. Customer 0169240283

pony.directory

0

Pony.directory is a niche community directory website dedicated to the My Little Pony fandom. It aggregates and categorizes a wide variety of fan-related websites including blogs, art boards, fanfiction, games, conventions, and community forums. The site targets MLP fans seeking a centralized resource for fandom content and community engagement. Technically, the site is built using modern web technologies such as SvelteKit and modular JavaScript, hosted with DNS services from NS1 and Squarespace DNS. The site is mobile optimized and offers clear navigation and well-structured content. Security posture is moderate; the site uses HTTPS but lacks DNSSEC and security headers, and does not publish privacy or cookie policies. The domain is recently registered with privacy protection, which is typical for small community sites. Overall, the site is functional, safe, and serves its community well but would benefit from improved privacy and security disclosures.

V

Varun Biniwale

varun.ch

0

The website varun.ch is a personal portfolio and blog of Varun Biniwale, a software engineer and cybersecurity researcher about to start undergraduate studies at the University of Waterloo. The site highlights Varun's projects, contributions to open source, and participation in bug bounty programs, positioning him as an emerging professional in the technology and cybersecurity space. The website targets students, developers, and cybersecurity enthusiasts, serving as a platform to showcase skills and share knowledge. Technically, the website is well-implemented using modern web standards including custom web components for efficient YouTube embedding, hosted on Vercel for performance and reliability. The site is mobile optimized, accessible, and SEO friendly with proper meta tags and structured content. No CMS is detected, indicating a custom or static site approach. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks security headers and formal policies such as privacy, cookie, or vulnerability disclosure statements. No forms or data collection mechanisms are present, reducing attack surface. The WHOIS data aligns well with the website content, showing a legitimate registration without privacy protection, consistent with a personal site. Overall, the site is trustworthy and professional but would benefit from adding privacy and cookie policies to improve compliance and user trust. Implementing security headers and a vulnerability disclosure policy would further enhance its security posture.

The website t-ch.net is a personal hobbyist site operated by an individual named Tech, who is a former medical pathology professional and currently a mental health professional. The site primarily serves as a portfolio and informational hub for personal projects, including Java development related to Minecraft, community chatroom participation, and legal information about name changes in Ontario. The site targets developers, Minecraft enthusiasts, and individuals interested in mental health or legal name changes. It operates on a small scale without commercial business operations or formal market positioning. Technically, the site is built using the Nuxt.js framework with modern JavaScript ES modules and is hosted on Cloudflare infrastructure. The site demonstrates moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. No CMS or complex backend systems are detected. Security-wise, the site enforces HTTPS and uses Cloudflare for hosting but lacks DNSSEC and security headers, which could be improved. No privacy or cookie policies are present, and no contact information or incident response details are provided, limiting transparency and compliance. Overall, the security posture is moderate with no critical vulnerabilities detected, but improvements are recommended in security headers, privacy compliance, and contact transparency. The site content is safe for general audiences with no adult or explicit material. The domain registration is consistent with the site’s nature and age, showing no suspicious patterns. The site’s AI score reflects basic content quality and technical implementation but is penalized for missing privacy and contact information. Strategic recommendations include enabling DNSSEC, adding security headers, publishing privacy and cookie policies, and providing clear contact and incident response information to enhance trust and compliance.

C

catvibers.me

catvibers.me

0

The website catvibers.me is a personal website belonging to an individual named DanKGooGLy, serving primarily as a personal blog or portfolio. The site is built using the Astro framework and hosted via Cloudflare, indicating a modern and performant technical infrastructure. The content is minimal but accessible, with a focus on personal expression rather than commercial activities. The site includes a Mastodon social media link, suggesting engagement with decentralized social platforms. Security posture is basic; while HTTPS is presumably enabled via Cloudflare, no advanced security headers or policies are present. Privacy and cookie policies are absent, which may impact compliance with data protection regulations. Overall, the site is low risk but would benefit from improved security and privacy practices.

The website m6.wtf currently serves as a placeholder with minimal content, displaying only a 'SOON™️' message and a brief description stating 'srry, nothing here yet'. There is no substantive business information, contact details, or policies available, indicating that the site is either under development or inactive. The domain is registered through Porkbun LLC with a Canadian registrant and uses Cloudflare DNS services, suggesting a basic level of infrastructure readiness. The technical stack includes Next.js and React frameworks, which are modern and capable of supporting a robust web presence once fully developed. From a security perspective, the site lacks critical security headers and DNSSEC is not enabled, which are areas for improvement. No forms or data collection mechanisms are present, reducing immediate privacy risks but also indicating a lack of user engagement features. The absence of privacy, cookie, or terms of service policies means the site is currently non-compliant with GDPR and other privacy regulations. No contact or incident response information is provided, limiting transparency and trust. Overall, the site scores low on content quality, security posture, privacy compliance, and business credibility due to its placeholder status and lack of substantive information. There are no indications of malicious content or adult material, and the site is accessible without WAF or security challenges. Strategic recommendations include enabling DNSSEC, adding standard security headers, publishing privacy and cookie policies, and providing clear contact information to improve trust and compliance.

The Brainmade.org website is a small-scale creative project launched in 2024 by an individual named Tris, who is a writer and producer of technical videos and audio fiction. The site promotes the Brainmade mark, a logo intended to signify artwork predominantly created by humans rather than AI generative tools. The business model is non-commercial, focusing on awareness and branding for human-made art, targeting artists and consumers who value human creativity. The site offers free downloadable logo assets and explanatory content emphasizing a positive message about human creativity. Technically, the website is built using modern frontend technologies such as Tailwind CSS and JavaScript, hosted on Hover's DNS services. The site is a static content site with no detected CMS or complex backend. Performance and mobile optimization are good, though accessibility and SEO optimizations are basic. There are no analytics or tracking scripts, indicating minimal user tracking. From a security perspective, the site lacks advanced security headers and policies, and no privacy or cookie policies are present, indicating low compliance maturity. The domain is newly registered with privacy protection, consistent with a small personal project. No vulnerabilities or suspicious patterns were detected, but security posture is limited. No contact information or incident response channels are provided. Overall, the website is a well-structured, niche creative project with good content quality and moderate technical implementation but limited security and privacy compliance. Strategic improvements in security headers, privacy policies, and contact information would enhance trust and compliance.

F

fediverse.info

fediverse.info

0

fediverse.info is a community-driven project dedicated to providing a comprehensive guide and people directory for the fediverse, a decentralized social media ecosystem. The website targets users interested in decentralized social platforms, offering educational content and links to popular fediverse projects. The business model is informational and community-focused, positioning itself as a niche resource within the broader decentralized social media landscape. The site is relatively new, founded in 2021, and hosted via Cloudflare with a Canadian registration.

S

Shopify Inc.

remix.run

0

Remix.run is a modern full stack web framework focused on delivering fast, resilient, and user-friendly web applications by leveraging web standards and modern UX principles. Owned by Shopify Inc., a large Canadian technology company, Remix targets web developers seeking to build better websites with improved performance and developer experience. The website showcases extensive documentation, code examples, and testimonials from industry professionals, positioning Remix as an innovative and competitive player in the web development framework market. Technically, the site uses React, TypeScript, and runs on Cloudflare Workers, supporting serverless and Node.js environments, indicating a mature and scalable infrastructure. Security posture is good with HTTPS enabled and domain protections in place, but lacks DNSSEC and explicit security headers. Privacy and cookie policies are not found, indicating room for compliance improvements. Overall, the site is professional, well-designed, and trustworthy, but could enhance privacy compliance and security transparency.

J

Jellyfin

jellyfin.org

0

Jellyfin.org is the official website for Jellyfin, a volunteer-built, open source media server software that empowers users to manage and stream their media content from their own servers. The project positions itself as a leading free-software entertainment system, targeting end users who prefer self-hosted media solutions without vendor lock-in. The website is professionally designed, content-rich, and provides comprehensive documentation and community engagement channels such as forums and blogs. Technically, the site leverages modern web technologies including React and Docusaurus, hosted via Gandi SAS, with good performance and mobile optimization. Security posture is strong with HTTPS enforced and appropriate security headers, though DNSSEC is not enabled and no explicit security or incident response policies are published. Overall, Jellyfin.org demonstrates a mature digital presence with high trustworthiness and a clear focus on privacy and user control.

N

Negate

nonbinary.wiki

0

Nonbinary Wiki is a community-driven educational platform dedicated to nonbinary gender identities. Founded in 2017, it serves a niche audience within the LGBTQ+ community by providing a comprehensive wiki with nearly 1,000 articles. The site is maintained by a small group of contributors and supported through donations. Technically, the website runs on MediaWiki, hosted and DNS-managed by Cloudflare, with Matomo analytics for user tracking. The site is accessible, uses HTTPS, and has basic privacy and cookie policies, though lacks formal terms of service and detailed security policies. Security posture is adequate but could be improved by enabling DNSSEC and adding security headers. Overall, the website is trustworthy, safe, and professionally maintained, with a clear focus on community engagement and education.

C

Contact Privacy Inc. Customer 0156208441

comradery.co

0

Comradery is a cooperatively owned subscription platform launched in 2019, targeting independent creators, artists, workers, and activists who want democratic control over their payment platform. The business model emphasizes low fees, community governance, and an alternative to venture capital-backed platforms. The website is professionally designed with clear messaging and consistent branding, positioning Comradery as a niche cooperative alternative in the subscription payment space. Technically, the site uses modern JavaScript libraries including Stripe for payment processing, Google Analytics for tracking, and Cloudflare for DNS and likely CDN services. The site is mobile optimized and performs moderately well. Security posture is adequate with domain locking and HTTPS usage, but lacks DNSSEC and explicit security headers. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the domain registration is privacy protected but consistent with a legitimate startup cooperative. The site content is safe for general audiences and no suspicious domains or content were detected.

Suricrasia Online is a small, Toronto-based niche ISP with a satirical and community-driven approach, featuring anthropomorphic shark mascots and unique internet delivery concepts such as River Basin Network Architecture. The website serves as a portal for their demosene projects, online library, and social media presence. Technically, the site is a simple static HTML/CSS/JS implementation hosted on NearlyFreeSpeech.NET, with basic mobile optimization and moderate performance. Security posture is basic with HTTPS enabled but lacking security headers and formal policies. No privacy or cookie policies are present, and no contact information is provided, limiting trust and compliance. The WHOIS data shows privacy protection and a domain age inconsistent with the claimed founding date, indicating a hobbyist or satirical nature rather than a commercial ISP. Overall, the site is safe, accessible, and content-rich but lacks professional security and compliance features.

The website reimu.info is a personal hobbyist site titled "Ezio's webpage" that hosts various files useful for outdated operating systems and shares personal interests such as anime reviews and VR Google Earth pictures. It targets a niche audience of technology enthusiasts and hobbyists rather than commercial customers. The site is small in scale, with no evident business model or commercial intent, and was registered in 2022 with privacy protection enabled. Technically, the site is simple, built with basic HTML and CSS, and uses Cloudflare for DNS hosting without DNSSEC enabled. There is no evidence of a CMS or advanced frameworks. The site performance is moderate with basic mobile optimization and accessibility. SEO optimization is minimal, and no analytics or tracking services are detected. From a security perspective, the site lacks HTTPS confirmation in the provided data, has no security headers, and does not implement privacy or cookie policies. No forms or data collection mechanisms are present, reducing attack surface but also indicating minimal user engagement features. The WHOIS data shows privacy protection, which is justified given the personal nature of the site. No vulnerabilities or suspicious patterns were detected. Overall, the site is low risk but also low in professionalism and compliance. Strategic recommendations include enabling HTTPS with strong TLS, adding security headers, publishing privacy and cookie policies, and improving technical SEO and accessibility to enhance user experience and trust.

B

Brunch

brunch.work

0

Brunch is a Montreal-based creative agency specializing in brand identity, product design, web design and development, content strategy, and operational consulting. The company positions itself as an extension of client teams, focusing on user-centric digital solutions and operational excellence. Their market presence is regional with a focus on Montreal and surrounding areas, targeting businesses seeking creative and operational consulting services. The website reflects a professional and modern digital presence built on Next.js and hosted on Vercel, indicating a mature technical infrastructure with good performance and mobile optimization. Security posture is moderate with HTTPS implied but lacking explicit security headers and published policies. The absence of WHOIS data limits domain trust assessment, but the professional presentation and social media presence support moderate legitimacy. Overall, the site is well-designed and functional but would benefit from enhanced privacy compliance and security transparency.

C

Canadian Football League

cfl.ca

0

The Canadian Football League's official website, CFL.ca, serves as the primary digital platform for delivering news, opinions, video highlights, schedules, scores, and statistics related to Canadian football. Positioned as the authoritative source for CFL content, the site targets sports fans and media consumers interested in Canadian football. The business model centers on media content delivery and fan engagement, leveraging digital channels to maintain and grow its audience. Technically, the website is built on WordPress CMS and incorporates a modern technology stack including jQuery, Materialize CSS, Google Tag Manager, and various analytics and advertising scripts. The site demonstrates good mobile optimization and SEO practices, though accessibility features are basic. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS, employs standard security headers, and integrates a cookie consent mechanism compliant with privacy regulations. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of an explicit privacy policy and terms of service pages, as well as lack of visible contact information for security or business inquiries, represent areas for improvement. Overall, the website is trustworthy and professional, with strong branding consistency and relevant content. The missing WHOIS data suggests privacy protection, which is reasonable for a high-profile sports league domain. Strategic recommendations include publishing clear privacy and terms policies, enhancing accessibility, and providing explicit contact channels to strengthen compliance and user trust.

The website www.ticketmaster.ca is a regional domain for Ticketmaster, a globally recognized ticket sales and distribution company. The accessible content is blocked by a security challenge page designed to detect bots and unusual browsing activity, which prevents full content and metadata analysis. The site employs advanced bot detection technologies such as Google reCAPTCHA Enterprise and multiple Google Tag Manager containers, indicating a mature technical infrastructure focused on security and user verification. However, the lack of accessible content, privacy policies, and WHOIS data limits the ability to fully assess the website's compliance and trustworthiness. Overall, the site appears to be a legitimate enterprise-level e-commerce platform for ticket sales, but the security challenge restricts detailed evaluation.

W

Winnipeg Blue Bombers

bluebombers.com

0

The Winnipeg Blue Bombers website serves as the official digital presence for the professional Canadian Football League team. It provides comprehensive ticketing options, fan engagement content, and game day information targeting sports fans and community members. The site is built on WordPress with a modern tech stack including Materialize and various analytics and advertising tools. The technical infrastructure supports good mobile optimization, accessibility, and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. The absence of WHOIS registration data is a notable anomaly that warrants further investigation. Overall, the site is professional and trustworthy but could enhance privacy transparency and contact information visibility.

The website lemmy-meter.info provides a technical monitoring dashboard for Lemmy instances, leveraging Grafana technology. It targets technical users and administrators interested in instance health metrics. The domain is recently registered in 2023 and hosted with German name servers, while the registrant is located in Canada. The site is functional but lacks comprehensive privacy, cookie, and terms of service policies, as well as contact and incident response information. Technically, it uses modern React and Grafana frameworks but has basic SEO, accessibility, and performance optimizations. Security posture is moderate with HTTPS likely enabled but missing security headers and DNSSEC. Overall, the site is safe with no adult or questionable content detected.

M

MyPrivacy.net

mangadex.org

0

MangaDex is a well-established online manga reading platform founded in 2018, operated under the organization MyPrivacy.net based in Canada. It offers free access to manga content with high-quality images and no advertisements, supporting scanlation groups and fostering a community through forums and user groups. The platform targets manga readers and fans of anime and manga, providing a rich catalog of titles with community engagement features. Technically, the site leverages modern web technologies including Vue.js and Nuxt.js frameworks, and integrates Google Analytics and Tag Manager for user behavior tracking. The website is mobile-optimized and provides a good user experience with clear navigation and professional design.

F

Fedecan non-profit organization

pixelfed.ca

0

Pixelfed.ca is a Canadian-hosted, non-profit managed instance of the Pixelfed federated image sharing platform. It offers an ethical alternative to centralized social media platforms by enabling decentralized photo sharing with features such as photo posts, albums, filters, collections, and federation support. The platform targets a general audience and is managed by the Fedecan non-profit organization, emphasizing privacy and community standards. Technically, the website uses modern web technologies including JavaScript frameworks (Vue.js implied), Plyr media player, and Cloudflare DNS services. The site is well-structured with good mobile optimization and SEO practices, though some security headers and DNSSEC are not enabled. The platform supports federation and mobile app integration but does not currently support stories or video content. From a security perspective, the site enforces HTTPS and has no visible vulnerabilities or exposed sensitive data. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. Privacy compliance is basic with privacy and terms pages present but no cookie consent mechanism. The domain registration is privacy protected but consistent with the business claims and is registered with a reputable Canadian registrar. Overall, Pixelfed.ca presents a trustworthy, well-maintained platform with a clear ethical stance and community guidelines. Strategic improvements in security headers, privacy compliance, and incident response transparency would enhance its security posture and user trust.

F

Federated Open Communications Canada (Fedecan)

fedecan.ca

0

Fedecan is a Canadian non-profit organization established in 2024 that facilitates access to federated social media platforms such as Lemmy and Pixelfed. The organization emphasizes community-driven, privacy-respecting social networking alternatives to mainstream platforms. Their website serves as a resource hub offering guides, announcements, and donation options to support their mission. Technically, the site is built using modern static site generation technology (VitePress) and is hosted with Cloudflare DNS services, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforced and domain transfer protections in place, though DNSSEC is not enabled and security headers are missing. Privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the website is professional, trustworthy, and well-aligned with its non-profit mission, but could improve in privacy and security transparency.

T

The Beaverton

thebeaverton.com

0

The Beaverton is a Canadian satirical news media website established in 2010, offering humorous news articles, quizzes, workshops, and merchandise. It targets a general audience interested in satire and current events, positioning itself as a trusted source for comedic news content in North America. The website is built on WordPress CMS with Visual Composer and integrates multiple third-party advertising and tracking services, including Google Analytics, Facebook Pixel, and Taboola. The technical infrastructure is moderate in performance with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enforced and domain transfer protections in place, but lacks DNSSEC and advanced security headers like CSP. Privacy compliance is weak due to absence of visible privacy and cookie policies, which is a notable gap given the extensive use of tracking technologies. Overall, the domain registration is consistent and legitimate, supporting the business credibility. Strategic improvements in privacy transparency and security hardening would enhance trust and compliance.

A

Angel University

angel.university

0

Angel University is a small educational entity focused on providing angel investing workshops led by notable investor Jason Calacanis. The website is professionally designed using Squarespace, featuring clear navigation and relevant content targeted at aspiring angel investors. The technical infrastructure is modern and secure with HTTPS and HSTS enabled, though some security headers are missing. Privacy and cookie policies are absent, and no direct contact information is provided, which impacts privacy compliance and business credibility scores. The WHOIS data is unavailable, likely due to privacy protection, but no suspicious indicators are present in the website content. Overall, the site presents a trustworthy educational offering with room for improvement in privacy and security transparency.

Parachute is a Canadian national non-profit organization dedicated to injury prevention through education, advocacy, and training programs. The organization targets a broad audience including healthcare professionals, educators, parents, seniors, youth, and the general public. Their market position is strong within the Canadian injury prevention sector, offering recognized programs and resources. Technically, the website is built on WordPress with modern technologies such as Google reCAPTCHA and Google Tag Manager, hosted likely by Webnames.ca Inc. The site is well optimized for mobile and accessibility, with good SEO practices. Security posture is solid with HTTPS enforced and domain transfer protections, though DNSSEC is not enabled and security headers are missing. Privacy compliance is basic with a clear privacy policy but no cookie consent mechanism detected. Overall, the website is professional, trustworthy, and serves its mission effectively.

C

Cœur + AVC

jeunescoeursrythmes.ca

0

Jeunes Cœurs rythmés is a French-language educational website operated by Cœur + AVC, a Canadian non-profit organization dedicated to heart disease and stroke prevention. The site offers educational resources and interactive programs targeting children and youth, as well as educators and families. It serves as a digital learning center with a focus on heart and brain health, providing a library of activities and an interactive mystery game for older students. The website is well-branded, consistent, and professionally designed, reflecting the organization's long-standing reputation in healthcare education. Technically, the site is built on WordPress with modern plugins and integrates analytics and tracking tools such as Google Analytics and Facebook Pixel. It uses Cloudflare for DNS and domain protection but lacks DNSSEC and some security headers. The site supports multilingual content via WPML and offers secure login and registration forms for educators. However, explicit privacy and cookie policies are not found, indicating a gap in compliance. Overall, the site is trustworthy, secure, and serves its educational mission effectively.

H

Heart and Stroke Foundation of Canada

jumpropeforheart.ca

0

The website jumpropeforheart.ca represents the Heart and Stroke Foundation of Canada's Jump Rope for Heart fundraising program. It serves as an informational and transactional platform to support fundraising activities, provide educational resources, and facilitate donations and registrations. The site targets schools, teachers, families, and donors interested in supporting heart health initiatives. The business model is non-profit, focusing on community engagement and fundraising for health research and education. The website is professionally designed with consistent branding and clear navigation, reflecting a reputable organization in the Canadian non-profit sector. Technically, the site employs modern JavaScript libraries and tracking tools such as Google Tag Manager and Facebook SDK, indicating a mature digital infrastructure. The site is mobile optimized and uses HTTPS with service workers for progressive web app features. However, some improvements could be made in accessibility and explicit privacy and cookie policy disclosures. From a security perspective, the site benefits from HTTPS and no visible vulnerabilities in the HTML content. The lack of explicit security headers and incident response contact information suggests room for enhancement in security posture. The WHOIS data is not publicly available, likely due to privacy protection, but the domain aligns with the known foundation, supporting legitimacy. Overall, the site is a credible and professional platform for a non-profit fundraising initiative, with moderate technical sophistication and a good security baseline. Strategic improvements in privacy compliance and security transparency would further strengthen trust and compliance.