Security Directory

D

Društvo Crvenog križa Istarske županije

hck-istra.hr

0

Društvo Crvenog križa Istarske županije is a well-established regional humanitarian non-profit organization based in Croatia, focusing on blood donation, first aid, disaster response, and community social programs. With over 30 years of operation, it holds a strong market position in Istria County, supported by volunteers and partnerships. The website reflects a professional and consistent brand image, providing clear information and contact details to its audience. Technically, the site uses modern open-source libraries and frameworks like Bootstrap and jQuery, ensuring good mobile responsiveness and user experience. Security posture is moderate with room for improvement in HTTP security headers and documented security policies. Privacy compliance is strong, featuring GDPR-aligned privacy and cookie policies. Overall, the website is trustworthy, safe, and serves its community-focused mission effectively.

Veganopolis is a Croatian non-profit online platform operated by the association Prijatelji životinja, dedicated to promoting veganism and plant-based lifestyles. The website offers a variety of community and educational services including a vegan product guide, a 30-day vegan challenge, vegan buddy support, nutritionist advice, cooking workshops, and vegan restaurant listings. The target audience is primarily Croatian-speaking individuals interested in veganism and animal rights. The platform positions itself as a niche non-profit resource with a focus on community engagement and education. Technically, the website uses a traditional tech stack including jQuery 1.10.2, Bootstrap, and Google Fonts. It is mobile optimized with good navigation and content quality, though some technologies are outdated. No CMS or hosting provider details are evident. The site lacks advanced security headers and explicit privacy or terms of service pages, though it includes a cookie consent banner. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS (assumed), employs POST methods for forms, and does not expose sensitive data. However, the absence of security headers and use of an outdated jQuery version present moderate risks. The WHOIS data is missing or indicates the domain is unregistered, which is inconsistent with the active website and raises concerns about domain legitimacy. Overall, the security posture is moderate but could be improved with better policies and technical controls. The overall risk is moderate with recommendations to verify domain registration status, implement security headers, update libraries, and publish privacy and security policies. The site is safe for general audiences and serves a clear non-profit mission with good business credibility.

AnimaList is a Croatian non-profit newsletter platform operated by the animal rights association Prijatelji životinja. The website focuses on promoting veganism, animal welfare, and environmental sustainability through educational content, activism updates, and event announcements. The organization targets animal rights advocates and environmentally conscious individuals primarily in Croatia. Technically, the site is built on WordPress with common plugins and uses HTTPS, but lacks advanced security headers and privacy compliance features such as a privacy policy or cookie consent. The WHOIS data is privacy protected, which is typical for non-profits, but limits transparency. Overall, the website is functional, content-rich, and trustworthy but could improve in privacy compliance and security best practices.

C

cyber_Folks d.o.o.

cyberfolks.hr

0

CyberFolks d.o.o. is a Croatian technology company specializing in domain registration, web hosting, SSL certificates, and e-marketing services. Founded in 2019, it targets businesses, students, developers, and e-commerce operators with a comprehensive portfolio of hosting solutions including shared hosting, VPS, and specialized WordPress hosting. The company positions itself as a reliable and professional local provider with strong customer support and a focus on performance and security. Their website reflects a mature digital presence with modern technologies and clear branding. Technically, the site is built on WordPress with advanced performance optimizations such as LiteSpeed Cache, CloudLinux, and HTTP/2, ensuring fast and reliable service delivery. Security posture is strong with HTTPS, DDoS protection, daily backups retained for 90 days, and free SSL certificates. Privacy compliance is well addressed with GDPR-compliant cookie consent and a comprehensive privacy policy. No critical vulnerabilities or security issues were detected. Overall, CyberFolks demonstrates a solid business and technical foundation with a trustworthy online presence.

C

cyber_Folks d.o.o.

avalon.hr

0

CyberFolks d.o.o. is a Croatian technology company specializing in web hosting, domain registration, SSL certificates, and e-marketing services. Founded in 2019, it targets businesses, developers, and individuals in Croatia with a strong emphasis on performance, reliability, and customer support. The company positions itself as a trusted local provider with a comprehensive portfolio of hosting solutions including shared hosting, VPS, and specialized WordPress hosting. The website reflects a professional and modern digital presence with clear service offerings and customer testimonials that reinforce trust and credibility. Technically, the site is built on WordPress with modern technologies such as LiteSpeed, CloudLinux, and HTTP/2, ensuring fast performance and mobile optimization. Security practices include HTTPS enforcement, DDoS protection, and backup retention, although explicit security policies and incident response contacts are not published. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism aligned with GDPR requirements. Overall, CyberFolks demonstrates a mature digital infrastructure and a solid market position in the Croatian hosting sector.

U

Udruga Prijatelji životinja

prijatelji-zivotinja.hr

0

Udruga Prijatelji životinja is a well-established Croatian non-profit organization founded in 2001, dedicated to promoting animal rights, vegetarianism, and veganism. The website serves as a comprehensive platform for advocacy, education, event promotion, and community engagement, targeting environmentally and ethically conscious individuals. Their market position is strong within the Croatian and regional animal rights community, supported by memberships in European and international organizations. Technically, the website uses a custom or unknown CMS with a traditional tech stack including HTML, CSS, JavaScript, and jQuery, supplemented by Matomo analytics for privacy-conscious tracking. While the site is functional and moderately optimized, some outdated libraries present potential security risks. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and explicit security policies. Overall, the site is trustworthy and professional, with clear contact information and active social media presence.

The website nitko.info is a personal portfolio and creative expression platform for Ervin Poljak, featuring poetry, stories, family projects, and other artistic content. It targets a general audience interested in literary and cultural works. The site is small-scale and primarily serves as a personal showcase rather than a commercial business. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, jQuery, and integrates Google Analytics, Google Tag Manager, and Mixpanel for visitor tracking. It is built on the Galaksija CMS and hosted under a domain registered with privacy protection. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. Security posture is weak, with no visible HTTPS enforcement or security headers, and no privacy or cookie policies present, indicating poor privacy compliance. The WHOIS data shows a domain age consistent with the site's stated founding year and a registrant country matching the website language, supporting legitimacy. Overall, the site is safe for general audiences but requires significant improvements in security and privacy compliance to enhance trust and protection.

P

Planet Zemlja

planet-zemlja.hr

0

Planet Zemlja is a Croatian non-profit organization dedicated to environmental awareness, personal ecology, and ecological news dissemination. The website serves as a community platform offering news articles, event announcements, photo and video galleries, and educational content related to ecology. The target audience is the general public interested in environmental issues within Croatia. The business model is informational and community-driven without evident commercial transactions. Technically, the site uses a custom PHP-based CMS with jQuery and various plugins for RSS feeds, weather, and media galleries. External integrations include Google Analytics and Facebook SDK for tracking and social media engagement. However, the site lacks HTTPS on its main URLs, which is a significant security concern. Security headers are absent, and no advanced security or privacy compliance mechanisms are evident. Contact information is limited to forms without explicit emails or phone numbers. Overall, the site is functional but requires modernization and security improvements.

H

Hrvatski Crveni križ

hck.hr

0

Hrvatski Crveni križ is a well-established Croatian humanitarian organization with a strong national presence and a comprehensive portfolio of social, health, and crisis response services. The website reflects a mature digital presence with clear navigation, regional contact points, and integrated donation mechanisms. Technically, the site uses modern web technologies including Bootstrap, Google Analytics, and Google Maps API, ensuring a responsive and accessible user experience. Security posture is solid with HTTPS enforced and privacy compliance evident through cookie consent and privacy policies. However, some security headers are missing and no explicit vulnerability disclosure or incident response contacts are published. Overall, the domain registration data aligns well with the organization's identity, supporting high legitimacy and trustworthiness.

I

Istarska županija

istra-istria.hr

0

The website www.istra-istria.hr serves as the official online presence of the Region of Istria, a Croatian regional government entity. It provides comprehensive information about the region's governance, geography, culture, economy, and contact details. The site targets residents, tourists, and stakeholders interested in regional affairs. The business model is focused on public administration and information dissemination, positioning itself as a trusted government resource with certifications such as ISO 9001 and membership in the Assembly of European Regions. Technically, the site is built on Django CMS and leverages modern web technologies including jQuery, Google Analytics, and Slider Revolution. It demonstrates good mobile optimization, accessibility, and SEO practices. Hosting and domain registration are consistent with a Croatian government entity, registered with CARNET since 2001. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism, but lacks published security policies, incident response information, and security headers. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with no dedicated privacy policy page but a functional cookie banner and settings modal. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements include publishing a privacy policy, security policy, and incident response details, enhancing security headers, and adding a security.txt file to improve transparency and security posture.

V

Valamar

valamar.com

0

Valamar is a prominent hospitality company operating holiday hotels and resorts primarily in Croatia and Austria. Their website showcases a wide range of properties catering to diverse holiday types including family, premium, lifestyle, camping, and wellness. The company targets tourists seeking quality accommodation and holiday experiences in popular destinations such as Dubrovnik, Makarska, Hvar, and others. The website is built using modern technologies like SvelteKit and integrates advanced marketing and analytics tools, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and consent management implemented, though explicit security policies and incident response details are not publicly available. The absence of WHOIS registration data is a concern but does not detract significantly from the overall professionalism and trustworthiness of the site. Strategic recommendations include publishing detailed security and incident response policies and establishing a vulnerability disclosure program to enhance transparency and trust.

P

Plava Laguna

plavalaguna.com

0

Plava Laguna is a hospitality company specializing in providing accommodation services including hotels, villas, and apartments primarily in the Istria region of Croatia, focusing on destinations such as Porec and Umag. The company targets tourists seeking quality lodging options in this popular travel area. The website demonstrates a solid digital presence with a modern technical infrastructure built on Next.js and React, integrating advanced analytics and marketing tools such as Google Tag Manager and Cookiebot for privacy compliance. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response information are not publicly available. The website is well-optimized for SEO and mobile devices, providing a good user experience. However, the WHOIS data is missing or inaccessible, which raises some concerns about domain registration transparency. Overall, the site appears professional and trustworthy, with room for improvement in publishing security and compliance documentation.

IRTA d.o.o. is a medium-sized regional tourism development agency based in Istria, Croatia, established in 2004. The company manages official tourism portals, contact and sales centers, and develops cultural and outdoor tourism products to promote the Istrian region. Their market position is strong within the regional tourism sector, serving tourists and local businesses with comprehensive information and services. Technically, the website uses a custom CMS with modern JavaScript libraries and Google services, but lacks HTTPS which is a significant security gap. The privacy policy is comprehensive and GDPR compliant, with a named data protection officer, reflecting good privacy awareness. However, the absence of HTTPS and security headers lowers the security posture. Overall, the site is professional and trustworthy but requires security improvements to align with best practices.

A

Aminess d.d.

aminess.com

0

Aminess d.d. operates a professional hospitality website offering hotels, resorts, campsites, and holiday homes primarily located along the Croatian Adriatic coast. The company targets tourists seeking quality accommodation and leisure experiences, supported by a loyalty program and themed holiday types. The website is built on modern JavaScript frameworks (Nuxt.js and Vue.js) and integrates analytics and advertising tools such as Google Tag Manager and Bing Ads. It demonstrates good digital maturity with responsive design, SEO optimization, and accessibility features. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, though the absence of a published security policy and incident response information is noted. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The lack of WHOIS data for the domain is a concern but does not detract significantly from the overall legitimacy given the professional presentation and contact transparency. Strategic recommendations include publishing security and incident response policies and considering a vulnerability disclosure program to enhance trust.

C

Croatian Climate Change Panel

solarniklaster.org

0

The Croatian Climate Change Panel operates the solarniklaster.org website as a specialized platform focused on renewable energy, sustainable technologies, and climate change awareness primarily targeting Croatian and regional audiences. The site offers news, expert articles, multimedia content, and educational resources to support green energy transition efforts. Technically, the website uses a standard modern tech stack including Bootstrap, jQuery, and analytics tools, hosted on a domain registered since 2015 with privacy protection. Security posture is moderate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is basic with policies present but no explicit cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is a credible, niche informational resource with room for security and privacy improvements.

Otok Krk energija d.o.o. is a Croatian limited liability company focused on producing and supplying renewable energy, primarily solar, to achieve energy independence for the island of Krk. The company is relatively new, founded in 2019, and is owned by the local municipality of Baška with plans to include other local government units as co-owners. Their business model centers on local investment and sustainable energy production, positioning themselves as a key player in the regional green energy market. The website reflects this mission with content in Croatian and some English, targeting local residents, investors, and governmental bodies interested in renewable energy projects. Technically, the website uses common web technologies such as Bootstrap, jQuery, and popular carousel libraries, with integration of Google Analytics and Facebook SDK for tracking and marketing purposes. The site is moderately optimized for mobile and SEO but lacks advanced accessibility features. Security posture is moderate; HTTPS is used but no explicit security headers or incident response policies are published. Privacy and cookie policies exist but lack active consent mechanisms. Overall, the website is professional and trustworthy but could improve in security and privacy compliance. Recommendations include implementing security headers, adding cookie consent, publishing incident response information, and enhancing contact transparency.

P

Prva sušačka hrvatska gimnazija u Rijeci

pshg.net

0

Prva sušačka hrvatska gimnazija u Rijeci is a Croatian secondary school providing general and specialized education including classical ballet and contemporary dance programs. The institution is well-established with a domain age since 2007 and holds Erasmus accreditation, indicating active participation in European educational programs. The website serves students, parents, and educators with relevant news, schedules, and contact information. Technically, the site uses standard web technologies such as HTML5, CSS3, jQuery, and Font Awesome, hosted under a reputable registrar. The site is moderately optimized for performance and mobile use, with clear navigation and consistent branding. Security posture is moderate; while HTTPS is assumed, no advanced security headers or DNSSEC are implemented, and no cookie consent mechanism is present, which may affect compliance with privacy regulations. Overall, the site is trustworthy and professional but could improve in security and privacy compliance.

Energetska zadruga "Otok Krk" is a small Croatian energy cooperative focused on promoting renewable energy and energy independence on the island of Krk. The cooperative provides consulting, project support, collective purchasing, and education services to local residents and businesses. Their website reflects a community-oriented business model with clear contact information and active social media presence. Technically, the site uses common web technologies such as jQuery, Bootstrap, and Owl Carousel, providing a moderate performance and good mobile optimization. Security posture is moderate with HTTPS usage but lacks explicit security headers and incident response policies. Privacy compliance is basic with privacy and cookie policies present but no consent mechanism. Overall, the website is professional and trustworthy, with a legitimacy score supported by consistent WHOIS data and domain age.

G

Galaksija

galaksija.hr

0

Galaksija.hr is a Croatian online magazine focused on popularizing science across various disciplines including natural sciences, technology, social sciences, ecology, and medicine. The website offers news articles, blogs, multimedia galleries, and videos targeting a general audience interested in science and education. The business model appears to be content publishing supported by advertising and partnerships with related portals. Technically, the site uses a custom CMS with common web technologies such as jQuery, Bootstrap, and Flexslider, and integrates analytics tools like Google Analytics, Histats, and Mixpanel. The site is accessible via HTTPS and includes a login form for registered users, but lacks advanced security headers and explicit GDPR cookie consent mechanisms. No incident response or security contact information is provided, which could be improved to enhance trust and compliance. Overall, the website is professionally designed with good content quality and moderate technical implementation, suitable for its niche media role.

E

Eko Kvarner

ekokvarner.hr

0

Eko Kvarner is a Croatian non-profit environmental organization focused on promoting sustainable energy, climate change awareness, and ecological protection in the Kvarner region. The website serves as an information hub providing news, activities, projects, and educational resources to local communities and stakeholders interested in environmental issues. The organization appears well-established with a domain registered since 2012 and clear contact information including physical address, phone numbers, and email. The site content is primarily in Croatian and targets regional audiences. Technically, the website uses an older CMS platform called Galaksija and relies on legacy JavaScript libraries such as jQuery and Fancybox. While the site is accessible and contains meaningful content, it loads some external scripts over unsecured HTTP, which introduces mixed content risks. The site lacks modern security headers and advanced privacy or cookie consent mechanisms, indicating room for improvement in security and compliance maturity. Hosting is provided by Totohost, a Croatian hosting provider, and the domain registrar is CARNET, a reputable Croatian academic network. From a security perspective, the site uses HTTPS but does not implement additional security headers or content security policies. No incident response or security policy pages are found, and no vulnerability disclosure or security.txt files are present. The WHOIS data is consistent with the website's business profile and geographic location, supporting legitimacy. No suspicious or malicious indicators were detected. Overall, the website is functional and provides valuable content for its target audience but would benefit from technical modernization, improved security practices, and enhanced privacy compliance to strengthen trust and resilience against threats.

I

Istra Inspirit

istrainspirit.hr

0

Istra Inspirit is a cultural tourism project based in Croatia that offers interactive storytelling tours and experiences focused on the rich history and legends of the Istrian peninsula. The website presents a professional and engaging digital presence with a clear focus on cultural heritage tourism. The company appears to be a small-sized business with a niche market position targeting tourists interested in immersive historical experiences. Technically, the website is built on WordPress using Elementor, with modern web technologies and good mobile optimization. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers and policies could be improved. Privacy compliance is basic with no explicit privacy policy or terms of service detected, but cookie consent is present. Overall, the website is trustworthy and professionally maintained, with active social media channels supporting its business model.

I

Istra Bike

istria-bike.com

0

Istra Bike is an official regional cycling tourism portal for the Istria region in Croatia, providing comprehensive information on bike trails, accommodation, events, and related services. The website targets cycling tourists and outdoor enthusiasts, positioning itself as a key resource for promoting cycling tourism in the area. The platform offers detailed trail information, event calendars, multimedia content, and service listings such as bike rentals and transport. Technically, the website employs modern web technologies including Bootstrap 5, jQuery, Slick Carousel, and Lightbox2, ensuring a responsive and user-friendly experience. The site is served over HTTPS and includes cookie consent mechanisms, indicating awareness of privacy regulations. However, some security best practices such as explicit security headers and detailed security policies are missing. From a security perspective, the site maintains a good baseline with HTTPS and cookie consent but lacks advanced security headers and incident response information. The absence of WHOIS data for the domain raises concerns about domain registration transparency, although the website content and partner affiliations suggest legitimacy. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is professionally designed and functional, with good content quality and user experience. The main risk lies in the missing WHOIS registration data, which slightly reduces trustworthiness. Strategic improvements in security headers, transparency policies, and domain registration clarity are recommended to enhance trust and compliance.

Istra Trails is an official regional tourism website focused on promoting cycling trails, accommodation, and events in the Istrian peninsula, Croatia. The site targets tourists and outdoor enthusiasts seeking detailed trail information and related services. It maintains a consistent brand presence with partner tourism companies and active social media channels. Technically, the website uses a mix of legacy and modern technologies including jQuery, Google Analytics, Facebook SDK, and Google Maps API v2, with moderate performance and good mobile optimization. Security posture is basic with HTTPS enabled but lacks DNSSEC and security headers, and uses deprecated APIs. Privacy compliance is addressed with a privacy policy and cookie consent banner, though terms of service and incident response policies are absent. Overall, the site is trustworthy and professionally maintained but could improve security and compliance aspects.

I

Istria Tourist Board

istra.hr

0

The website www.istra.hr serves as the official tourist website for the Istria Tourist Board, promoting the Istria region in Croatia. It provides comprehensive tourism information including accommodation, events, heritage, and nature activities targeting tourists and visitors interested in the Mediterranean region. The business operates as a regional tourism board with a medium-sized presence and has been established since 2012, consistent with the domain registration data. The website demonstrates a good level of digital maturity with modern web technologies, accessibility features, and SEO optimization. It uses a Laravel-based CMS inferred from session cookies and integrates multiple third-party services such as Facebook SDK, Google Tag Manager, Cookiebot for cookie consent, and MailerLite for marketing automation. Security posture is solid with HTTPS enforced and a detailed cookie consent mechanism, although explicit security headers could be more visible. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is well addressed through Cookiebot's consent management and links to a comprehensive privacy policy. However, no explicit terms of service or security policy pages were found. Overall, the website is professional, trustworthy, and well-aligned with its business purpose.

C

Crocontrol

crocontrol.hr

0

Crocontrol is the Croatian air traffic control authority providing comprehensive air navigation services to ensure safe and efficient air traffic over Croatia and Europe. The website reflects a mature organization with a clear focus on safety, technical services, meteorology, and career opportunities in the aviation sector. The company is well-established, with a domain registered since 1998, consistent with its operational history. Technically, the website is built on WordPress with modern plugins for analytics, accessibility, and GDPR compliance, indicating a good level of digital maturity. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and incident response contacts are not published. Overall, the site is professional, accessible, and trustworthy, serving its target audience effectively.

H

Hrvatsko meteorološko društvo

meteohmd.hr

0

Hrvatsko meteorološko društvo (HMD) is a well-established Croatian non-profit meteorological society dedicated to promoting meteorological science and practice. The website serves as an information hub for members and enthusiasts, offering news, events, project details, and membership services. The organization has a clear national presence with a domain registered since 2001 and consistent WHOIS data aligning with its Croatian roots. Technically, the website uses a traditional tech stack with jQuery and Google Analytics, but some libraries are outdated, posing potential security risks. Accessibility features are commendable, though mobile optimization is basic. Security posture is moderate with HTTPS usage but lacks visible security headers and cookie consent mechanisms, indicating partial GDPR compliance. Overall, the site is professional and trustworthy but would benefit from technical and compliance improvements.

T

TZ Poreč

myporec.com

0

The website www.myporec.com serves as the official tourism portal for the City of Poreč in Istria, Croatia. It provides comprehensive information on local accommodations, events, gastronomy, and travel planning, targeting tourists and visitors interested in the region. The site is well-branded under the TZ Poreč identity and offers multilingual support, rich multimedia content, and accessibility features, reflecting a mature digital presence. Technically, the site employs modern JavaScript libraries, Google Analytics, and Facebook SDK for tracking and engagement, alongside cookie consent and accessibility compliance tools. Security posture is good with HTTPS enforced and cookie consent mechanisms, though explicit security headers could be improved. The absence of WHOIS data is a notable anomaly, reducing trust slightly, but the overall content and presentation suggest a legitimate and professional operation. Strategic recommendations include enhancing security headers, clarifying incident response policies, and investigating the WHOIS inconsistency to improve business credibility and trust.

3

37th International Conference on Alpine Meteorology (ICAM)

icam2025.hr

0

The website for the 37th International Conference on Alpine Meteorology (ICAM) presents a well-structured and content-rich platform for the upcoming scientific conference scheduled in Poreč, Croatia in late 2025. It targets researchers and professionals in mountain meteorology and climate science, offering detailed event information, registration, and abstract submission functionalities via partner platforms. The site demonstrates a moderate level of digital maturity with modern web technologies and responsive design, although it lacks key privacy and security policy disclosures. The security posture is adequate with HTTPS and Cloudflare DNS, but could be improved by adding security headers and incident response information. Overall, the domain registration aligns with the event's geographic focus but shows an unusual future creation date, likely due to event timing. Strategic improvements in privacy compliance and contact transparency would enhance trust and compliance.

F

FERRO ADRIATICA d.o.o.

ferrocroatia.hr

0

FERRO ADRIATICA d.o.o. operates as part of the FERRO S.A. group, a leading manufacturer and distributor of sanitary and heating products in Central and Eastern Europe. The company offers a broad portfolio of products including sanitary fittings, heating valves, and interior design services, targeting B2B customers such as installers, distributors, and industry professionals. The website reflects a medium-sized enterprise with a strong regional presence and a focus on quality and design, supported by ISO 9001:2015 certification and multiple regional websites in various languages. Technically, the website employs modern frontend technologies including jQuery, Foundation framework, and FontAwesome icons, with integration of Google Tag Manager and Google Analytics for marketing and analytics purposes. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. However, no CMS or hosting provider details are explicitly identified. From a security perspective, the site uses HTTPS and secure form submissions but lacks visible security headers and explicit privacy or cookie policies, which are important for GDPR compliance and user trust. No incident response or vulnerability disclosure information is provided, indicating room for improvement in security transparency and readiness. Overall, the website is professional, trustworthy, and safe for general audiences, but would benefit from enhanced privacy compliance and security best practices to strengthen its security posture and regulatory adherence.

Biogen.hr is the Croatian localized website of Biogen, a leading global biotechnology company specializing in innovative therapies for complex neurological and rare diseases. The website presents a professional and well-structured digital presence, leveraging Adobe Experience Manager CMS and hosted on AWS infrastructure. It features comprehensive cookie consent management via Cookiebot and integrates Google Analytics with IP anonymization, demonstrating a commitment to privacy compliance. While the site lacks explicit published security or incident response policies, it employs secure HTTPS protocols and best practices such as HttpOnly cookies. The content is targeted at a general audience in Croatia, focusing on healthcare professionals, patients, and stakeholders interested in Biogen's therapeutic areas and corporate responsibility. Overall, the website reflects a mature, trustworthy, and professional digital asset aligned with Biogen's global brand.

W

WEB Marketing d.o.o.

easyeditcms.com

0

WEB Marketing d.o.o. is a Croatian technology company specializing in custom web development, ecommerce solutions, and their proprietary EasyEdit CMS platform. With over 25 years of experience and multiple awards, they serve businesses seeking tailored web solutions and integrations with various business systems. Their website reflects a mature digital presence with a focus on stability and customization. Technically, the site uses Microsoft technologies, jQuery, and Google Tag Manager, hosted by Premium Hosting, and is mobile optimized with good SEO practices. Security posture is solid with HTTPS and closed-source CMS usage, though improvements in security headers and published policies are recommended. Overall, the domain registration data aligns well with the business claims, indicating high legitimacy and trustworthiness.

iF! Inovativna farmaceutska inicijativa is a Croatian non-profit association representing 20 innovative pharmaceutical companies that employ over 700 people and supply more than half of the Croatian pharmaceutical market. The organization is a member of EFPIA, the European Federation of Pharmaceutical Industries and Associations, and focuses on promoting innovation, ethics, and transparency in the pharmaceutical sector. The website is professionally designed using WordPress with the Avada theme, featuring good content quality and clear navigation primarily in Croatian with English alternatives. The technical infrastructure includes common plugins such as Yoast SEO and Slider Revolution, with Google Analytics and Tag Manager for tracking. Security posture is good with HTTPS enforced, but some outdated libraries and missing security headers suggest room for improvement. Privacy and cookie policies are present and GDPR compliant, though no explicit terms of service or security policies were found. Overall, the website is trustworthy, well-maintained, and serves as a credible information portal for the pharmaceutical industry in Croatia.

Placebo d.o.o is a small Croatian publishing company based in Split, specializing in medical publications and educational content for doctors and patients. The website serves primarily as an informational portal with links to their free mobile application 'LLHZZO' available on iOS and Android platforms. The business targets healthcare professionals and patients, focusing on pharmacology and medical education within the Croatian market. The company maintains a modest online presence with basic content and limited digital marketing or tracking technologies. Technically, the website is built using simple HTML and CSS without modern frameworks or CMS platforms. It lacks advanced SEO, accessibility, and mobile optimization features, though it provides essential contact information and app download links. No analytics or tracking scripts were detected, indicating minimal user data collection. The site does not implement privacy or cookie policies, nor does it display security headers or confirm HTTPS usage, which suggests a low level of security maturity. From a security perspective, the absence of HTTPS and security headers, combined with missing privacy and cookie policies, represents compliance and security gaps. No forms or interactive elements reduce the attack surface, but the site would benefit from implementing standard security best practices and GDPR compliance measures. The WHOIS data aligns well with the website's business claims, showing consistent registration information without privacy protection, appropriate for this type of business. Overall, the website is functional but basic, with room for improvement in security, privacy compliance, and technical modernization. Strategic recommendations include implementing HTTPS, adding privacy and cookie policies, enhancing security headers, and improving mobile and accessibility features to increase trust and compliance.

H

Hrvatska liječnička komora

hlk.hr

0

Hrvatska liječnička komora (Croatian Medical Chamber) is a well-established professional regulatory body for medical doctors in Croatia, founded in 2005. The organization provides licensing, legal, educational, and professional support services to its members. The website reflects a mature digital presence with comprehensive content tailored to healthcare professionals and stakeholders. It features clear navigation, official contact details, and active social media channels, reinforcing its authoritative position in the Croatian healthcare sector. Technically, the site uses EasyEdit CMS with jQuery and Google Analytics, hosted by CARNET, ensuring reliable infrastructure. Security posture is good with HTTPS and cookie consent mechanisms, though some security headers could be improved. Overall, the site is trustworthy, professional, and compliant with GDPR and cookie regulations.

HeMED.hr is a Croatian medical education platform operated by Utilis d.o.o., providing free and quality medical educational content in the Croatian language. The platform targets Croatian citizens, medical students, and healthcare professionals, offering resources such as drug databases, medical manuals, and textbooks. The website is positioned as a niche educational resource within the Croatian healthcare sector, with partnerships including the Croatian Medical Chamber and other reputable organizations. Technically, the site is built on ASP.NET WebForms with Bootstrap and jQuery, showing moderate digital maturity with room for modernization and improved accessibility. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and explicit incident response policies. Overall, the site is trustworthy, professional, and compliant with GDPR, though it could benefit from enhanced security practices and clearer contact information.

M

Merck Sharp & Dohme d.o.o

msd.hr

0

Merck Sharp & Dohme d.o.o (MSD Croatia) is a subsidiary of the global pharmaceutical leader Merck & Co., Inc., focused on delivering prescription medicines, vaccines, and clinical research services. The website serves patients, healthcare professionals, and job seekers with comprehensive corporate information, product details, and responsibility initiatives. The site is well-branded, professionally designed, and consistent with the global MSD identity. Technically, the website is built on WordPress VIP with modern plugins such as Yoast SEO and Tiny Slider, ensuring good SEO, accessibility, and mobile responsiveness. It uses Google Tag Manager for analytics and OneTrust for cookie consent, reflecting a mature digital infrastructure. Performance is moderate with good mobile optimization. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and no visible vulnerabilities or exposed sensitive data. However, explicit security policies and incident response contacts are not published, representing an area for improvement. Privacy compliance is robust with clear privacy and cookie policies, and GDPR adherence is evident. Overall, the website is trustworthy, professional, and secure, supporting MSD's market position as a leading pharmaceutical company. Strategic recommendations include publishing detailed security policies, incident response contacts, and enhancing security headers to further strengthen the security posture.

S

Sex Oglasnik

sex-oglasnik.com

0

Sex Oglasnik is a Croatian adult classifieds platform specializing in erotic and escort services, targeting adults seeking personal and professional erotic contacts. The website positions itself as one of the largest Croatian sex ad platforms, offering a variety of categories and services including BDSM, escort, erotic massage, and online communication. The business model revolves around user-generated classified ads with a focus on adult content, supported by partner relationships with other escort directories. Technically, the site is built on WordPress using the ClassiPress theme, enhanced with Yoast SEO and Google Analytics for marketing and tracking. The site is hosted via a reputable registrar and uses Cloudflare DNS, ensuring basic infrastructure reliability. Security posture is moderate with HTTPS enabled and an age verification overlay, but lacks advanced security headers and explicit privacy compliance mechanisms such as cookie consent. No direct company contact emails or phone numbers are published, which may affect trust and credibility. Overall, the site is functional, well-structured, and optimized for SEO and mobile use, but could improve in privacy compliance and security best practices.

L

LEDAKCIJA.hr

ledakcija.hr

0

LEDAKCIJA.hr is an e-commerce retailer specializing in LED lighting products, serving primarily the Croatian market. The website offers a broad range of LED products including bulbs, panels, strips, reflectors, and accessories, positioning itself as a niche player with a focus on quality brands such as Samsung. The business is relatively new, established in 2021, and operates on the Shoptet e-commerce platform. The site is professionally designed with good navigation and mobile optimization, supporting a positive user experience. Technically, the site uses a mix of legacy and modern technologies, including jQuery 1.11.3 and multiple analytics and marketing scripts from Google, TikTok, and Facebook. Security posture is generally good with HTTPS and security headers, but the use of outdated libraries and lack of explicit security policies present areas for improvement. Privacy compliance is basic with cookie consent implemented but limited GDPR indicators. Overall, the site is trustworthy but could benefit from enhanced transparency and security maturity.

P

Podravka d.d.

podravka.com

0

Podravka d.d. is a well-established Croatian food processing and pharmaceutical company with a strong international presence in over 60 markets and a portfolio of more than 1000 products. The company emphasizes sustainable development and social responsibility, targeting consumers seeking high-quality food and pharmaceutical products. The website reflects a mature digital presence with multiple language options and comprehensive content about products, corporate responsibility, and investor relations. Technically, the site uses modern JavaScript libraries and Google Tag Manager for analytics, with good mobile optimization and accessibility. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security headers and incident response information are absent. The WHOIS data for the domain is missing or unavailable, which is unusual but does not detract from the overall legitimacy indicated by the website content and branding. Strategic recommendations include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to improve trust and compliance.

Vegeta.com is the official website for the Vegeta brand, a leading European food seasoning product line owned by Podravka d.d. The site offers comprehensive product assortments, recipes, and brand history, targeting consumers interested in cooking and seasoning. The website is well designed, mobile optimized, and uses modern web technologies including WordPress CMS, Yoast SEO, and various JavaScript libraries. Hosting appears to be supported by Microsoft Azure DNS infrastructure. Security posture is solid with HTTPS enforced and domain transfer/update protections in place, though DNSSEC is not enabled and no explicit security headers were detected. Privacy and cookie policies are present with consent mechanisms, indicating good GDPR compliance. Contact is primarily via a contact form, with no direct emails or phone numbers publicly listed. Overall, the site reflects a mature, professional digital presence for a large retail food brand.

P

PricewaterhouseCoopers

pwc.hr

0

PwC Hrvatska is the Croatian branch of the global professional services network PricewaterhouseCoopers, operating in 158 countries with over 250,000 employees. The company provides audit, business consulting, and tax services, targeting organizations and individuals seeking high-quality professional services. The website reflects a mature digital presence with a professional design and consistent branding aligned with PwC's global standards. Technically, the site is built on Adobe Experience Manager CMS and leverages Adobe DTM for analytics and OneTrust for cookie consent management, indicating a modern and compliant infrastructure. Security posture is solid with HTTPS enforced and CSRF protection scripts included, though explicit security headers and policies could be improved. Privacy compliance is partial, with cookie consent present but no visible privacy policy or terms of service in the provided content. Overall, the site is trustworthy and professional but would benefit from enhanced transparency in privacy and security policies.

Bioteka is a Croatian non-profit association dedicated to promoting biology and related sciences through educational content such as quizzes, articles, and resources primarily targeting students and educators. The website reflects a niche educational focus with a moderate market position in the Croatian education sector. The technical infrastructure is based on the Xoops CMS platform with legacy JavaScript libraries like jQuery 1.7.2 and includes standard web components such as Google Analytics and a cookie consent mechanism. While the site is functional and provides relevant educational content, it shows signs of technical debt and basic mobile and accessibility optimization. Security posture is moderate with no HTTPS status explicitly confirmed in the HTML content, no visible security headers, and use of outdated libraries posing potential risks. Privacy compliance is addressed with a clear privacy policy and cookie consent banner, indicating GDPR awareness. Overall, the site is trustworthy but would benefit from technical and security modernization to improve resilience and user trust.

P

Puratos

puratos-konding.hr

0

Puratos-konding.hr is a regional Croatian website for Puratos, a global leader in bakery, patisserie, and chocolate ingredients. The site provides product information, recipes, and company commitments tailored to Croatian customers. The technical infrastructure is modern, leveraging Adobe Experience Manager CMS and common web technologies such as Google Tag Manager and FontAwesome. The website is well-branded, mobile-optimized, and offers a good user experience with clear navigation and relevant content. However, explicit privacy and cookie policies are not found, and contact information is not clearly presented, which impacts privacy compliance and user trust. Security posture is moderate with HTTPS usage but lacks visible security headers and incident response contacts. The domain registration is consistent with the Puratos Group's global presence, registered through a reputable Croatian registrar, and the domain age aligns with a regional site launch. Overall, the website is professional and credible but would benefit from enhanced privacy compliance and security transparency.

F

Footshop a.s.

footshop.hr

0

Footshop a.s. operates a professional e-commerce platform specializing in sneakers, clothing, and accessories, targeting consumers primarily in Croatia and Central Europe. The company maintains a strong market position as a leading sneaker retailer with multiple physical stores and a loyalty program. The website is well-designed, mobile-optimized, and integrates modern technologies such as Google Tag Manager, Cookiebot, and Typekit fonts, hosted with reputable providers including Hrvatski Telekom and Cloudflare DNS. Security posture is solid with enforced HTTPS and cookie consent mechanisms, though explicit security policies and incident response contacts are absent. Overall, the site demonstrates good compliance with GDPR and privacy standards, supporting a trustworthy user experience.

Enterprise Rent-A-Car Croatia operates as a regional branch of the global Enterprise Holdings car rental company, providing vehicle rental services primarily to Croatian consumers and corporate clients. The website is professionally designed, localized in Croatian, and offers reservation and customer support functionalities. The technical infrastructure is modern, leveraging Adobe Experience Manager CMS and integrating with Adobe and Google marketing and analytics tools. Security posture is strong with HTTPS and security headers implemented, though privacy compliance could be improved with explicit cookie consent and GDPR policy visibility. Overall, the site reflects a mature digital presence consistent with a large international transportation service provider.

N

Naval Agent Co., Ltd.

naval-agent.hr

0

Naval Agent Co., Ltd. is a Croatian company specializing in the supply of ship equipment and industrial products, founded in 2006. The company leverages longstanding experience in shipbuilding and trading, focusing on international markets with a particular emphasis on China. Their business model centers on trading and contracting for a variety of industrial and electronic equipment, supported by partnerships across Asia and Europe. The website reflects a small-sized enterprise with basic but relevant content and moderate branding consistency. Technically, the website is built on WordPress 5.0.22 with common plugins such as LayerSlider, Contact Form 7, and Yoast SEO. The technology stack includes an outdated jQuery version, which poses potential security risks. The site is moderately optimized for performance and mobile use, with good SEO practices but basic accessibility features. Hosting details are limited but the domain registrar is a Croatian academic network, consistent with the company's location. From a security perspective, the site uses HTTPS and secure contact forms but lacks explicit security headers and uses outdated libraries. No privacy, cookie, or terms of service policies are present, indicating gaps in compliance and user data protection. No incident response or vulnerability disclosure information is provided, limiting transparency in security management. Overall, the website is functional and moderately credible but requires improvements in security posture, privacy compliance, and technical modernization to enhance trust and reduce risk.

G

Germanijak

germanijak.hr

0

Germanijak.hr is a leading Croatian sports news portal established in 2014, offering comprehensive sports news coverage, transfer updates, football results, and betting tips. It targets sports enthusiasts and bettors primarily in Croatia, positioning itself as the most visited sports portal in the country. The website leverages modern web technologies including Vue.js/Nuxt.js frameworks, Cloudflare CDN, and integrates social media platforms such as Facebook, Instagram, Twitter, and TikTok to enhance user engagement. Advertising is managed through Google AdSense and related Google ad services, supplemented by push notifications via OneSignal. The site implements GDPR-compliant cookie consent mechanisms using a third-party privacy SDK, although explicit privacy and terms of service pages are not detected in the provided content. Security posture is strong with HTTPS enforced and Cloudflare DNS, but could benefit from explicit security policies and vulnerability disclosure mechanisms. Overall, the website demonstrates a mature digital presence with good technical implementation and business credibility, though privacy compliance and contact transparency could be improved.

G

Germania

germaniasport.hr

0

Germania is a well-established Croatian online sports betting and casino operator founded in 2003. The platform offers a comprehensive range of services including sports betting, live betting, online casino games, virtual games, and lottery betting, targeting primarily Croatian-speaking users. The website demonstrates consistent branding and provides clear contact information, responsible gambling policies, and legal terms, supporting its credibility in the local market. Technically, Germania employs modern web technologies such as Vue.js, integrates third-party services like Sportradar for sports data, OneSignal for notifications, and LiveChat for customer support, reflecting a mature digital infrastructure. Security-wise, the site enforces HTTPS, uses Google reCAPTCHA, and indicates ISO 27001 certification, though explicit security policies and incident response details are absent. Privacy and cookie policies are present with consent mechanisms, aligning with GDPR requirements. Overall, Germania presents a solid business and technical profile with moderate risk and room for security and privacy enhancements.

The website rizk.hr currently presents a Cloudflare security challenge page, blocking direct access to its content. This indicates the site is protected by a Web Application Firewall (WAF) using Cloudflare's Turnstile captcha mechanism, preventing automated or suspicious traffic. Due to this, no substantive business content, contact information, or policies are accessible for analysis. The domain is registered in Croatia with a legitimate registrar and a creation date in 2019, consistent with a small business or new entity. The technical infrastructure leverages Cloudflare services for security and analytics, but no CMS or other frameworks are detectable from the limited content. Security posture cannot be fully assessed due to lack of accessible content, but the presence of Cloudflare WAF is a positive security indicator. However, the absence of visible privacy, cookie, or terms policies and contact details reduces trust and compliance confidence. Overall, the site is inaccessible for full evaluation, and the risk assessment is limited by this blocking mechanism.