Security Directory

V

Viktor Lenac Shipyard

lenac.hr

0

Viktor Lenac Shipyard is a well-established maritime service provider based in Croatia, specializing in ship repair, conversions, and offshore services. Positioned as one of the leading shipyards in the Mediterranean, it serves a diverse clientele including ship owners and offshore companies. The website reflects a professional and consistent brand image, supported by its affiliation with the Palumbo Group. Technically, the site employs modern JavaScript libraries and frameworks, hosted on reliable AWS infrastructure, and demonstrates good mobile optimization and SEO practices. Security posture is strong with HTTPS enforced and cookie consent implemented, though there is room for improvement in security headers and explicit security policies. Overall, the site is trustworthy and compliant with GDPR, providing clear contact information and business legitimacy.

S

Sveučilište u Splitu

unist.hr

0

Sveučilište u Splitu is a well-established public university in Croatia, founded in 1974, serving over 20,000 students across multiple faculties and departments. The website reflects a mature digital presence with comprehensive information about academic programs, research, community engagement, and international cooperation. The institution holds the HR Excellence in Research certification, indicating a commitment to research quality and human resources standards. Technically, the website employs modern web technologies such as Bootstrap, jQuery, and Google reCAPTCHA, ensuring a responsive and secure user experience. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, although some security headers could be improved. Privacy compliance is robust with clear policies and GDPR adherence. Overall, the site projects high professionalism and trustworthiness, supporting the university's reputation and operational needs.

Zagrebački centar za gospodarenje otpadom d.o.o. is a government-owned company established in 2014 by the City of Zagreb to manage waste sustainably and in compliance with EU standards. The company provides public services including municipal waste collection, recycling centers, and environmental education, positioning itself as a key local operator in waste management. The website reflects this mission with clear content targeted at citizens and local authorities. Technically, the website uses standard web technologies such as HTML5, CSS3, JavaScript, Bootstrap, and jQuery, with moderate performance and good mobile optimization. The site includes cookie consent mechanisms and privacy policies in Croatian, indicating awareness of GDPR compliance. However, no explicit terms of service or security policies are present. From a security perspective, the site uses session and CSRF tokens, but lacks visible HTTP security headers and incident response contacts. No vulnerabilities or malicious content were detected. The domain registration aligns with the business history and ownership, reinforcing legitimacy. Overall, the website is professional, trustworthy, and compliant with privacy regulations, but could improve security posture by adding explicit policies and headers. The risk level is low, with recommendations focusing on enhancing security best practices and transparency.

D

Društvo arhitekata Zadra

zda.hr

0

Društvo arhitekata Zadra is a professional non-profit association of architects based in Zadar, Croatia. The organization focuses on architectural and urban planning activities including workshops, competitions, consultations, and community engagement. Their website serves as a hub for news, projects, and events relevant to their members and the local community. The association targets architects, urban planners, students, and citizens interested in urban development and architecture. The business model is centered on professional development and advocacy rather than commercial sales. Technically, the website is built on WordPress using a modern theme and several plugins that enhance functionality such as GDPR compliance, contact forms, and mapping. The site is mobile-optimized and uses standard web technologies like Bootstrap, jQuery, and media players. Performance is moderate with good SEO and accessibility basics in place. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms compliant with GDPR. However, it lacks explicit security headers and incident response policies. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website's claims, indicating legitimacy and consistency. Overall, the website presents a professional and trustworthy front for the association with good privacy compliance and moderate technical sophistication. Strategic improvements in security headers and incident response documentation would enhance their security posture further.

Društvo arhitekata Istre (DAI-SAI) operates as a regional architectural association in Croatia, focusing on promoting architectural culture, organizing competitions, exhibitions, and publishing related content. The website serves as an information hub for architects and interested audiences in the Istria region and broader Croatian architectural community. The business model is non-profit and community-oriented, with a focus on education, events, and architectural discourse. Technically, the website is built on an older WordPress platform with outdated jQuery and plugins, which may pose security and performance challenges. The site shows moderate performance and basic mobile optimization but lacks modern SEO and accessibility features. The absence of updated software and mixed content issues indicate technical debt and potential vulnerabilities. From a security perspective, the site lacks visible security headers, privacy and cookie policies, and incident response information. Some scripts are loaded over HTTP, increasing risk. No advanced analytics or tracking is detected, indicating minimal user tracking but also limited privacy compliance. The site does not implement GDPR compliance measures visibly. Overall, the website is functional and provides relevant content but requires significant improvements in security, privacy compliance, and technical modernization to reduce risk and enhance user trust. Strategic updates to software, implementation of security best practices, and addition of privacy policies are recommended to improve the site's posture and credibility.

Društvo Arhitekata Rijeka is a Croatian professional association dedicated to architects and architecture-related activities in the Rijeka region. The website serves as a hub for news, events, exhibitions, and organizational information, targeting architects, students, and the interested public. It operates as a non-profit entity with a focus on education and cultural promotion of architecture. Technically, the site is built on WordPress using popular themes and plugins, providing a moderate performance and good mobile responsiveness. Security-wise, the site benefits from HTTPS but lacks important security headers and formal privacy and cookie policies, which are critical for GDPR compliance. No incident response or vulnerability disclosure mechanisms are present, indicating room for improvement in security maturity. Overall, the site is professional and trustworthy but would benefit from enhanced privacy and security practices.

U

Udruženje hrvatskih arhitekata

uha.hr

0

Udruženje hrvatskih arhitekata (UHA) is a well-established Croatian professional association representing architects nationwide. Founded in 1878, it coordinates regional architectural societies, organizes prestigious awards, exhibitions, and competitions, and publishes key architectural journals. The website reflects a professional and consistent brand presence targeting architects and the broader cultural community in Croatia. Technically, the site is built on WordPress with modern plugins and libraries, offering good mobile optimization and SEO practices. Security posture is adequate with HTTPS enforced but lacks advanced security headers and explicit incident response information. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and serves as a credible digital presence for the association.

T

Tvrđava kulture Šibenik

tvrdjava-kulture.hr

0

Tvrđava kulture Šibenik is a Croatian public cultural institution managing and revitalizing historic fortresses in Šibenik, including Sv. Mihovila, Barone, and Sv. Ivana. The organization focuses on cultural heritage preservation, visitor engagement, and hosting cultural events such as concerts. It maintains a strong partnership network with local sponsors and cultural organizations, enhancing its market position as a key cultural site in the region. The website targets tourists, local visitors, and cultural enthusiasts, providing information on visiting hours, events, and membership opportunities. Technically, the website employs modern web technologies including jQuery, Slick Carousel, Google Analytics, Facebook Pixel, and cookie consent mechanisms. The site is mobile-optimized and includes accessibility features, contributing to a positive user experience. SEO and metadata are well implemented, supporting discoverability. From a security perspective, the site uses HTTPS and implements cookie consent, but lacks explicit security headers and a dedicated security policy or vulnerability disclosure page. No critical vulnerabilities or exposed sensitive data were detected. The site integrates tracking and marketing tools responsibly with user consent. Overall, the website is professional, trustworthy, and compliant with privacy regulations, though it could improve security posture by adding security headers and formal policies. The domain registration aligns with the business identity, supporting legitimacy and trustworthiness.

I

IT odjel d.o.o.

it-odjel.hr

0

IT odjel d.o.o. is a Croatian IT service company specializing in digital transformation, business process analysis, data analysis, and custom application development. The company positions itself as a partner for businesses seeking to optimize their IT infrastructure and processes. Their website reflects a small-sized, local technology service provider with clear contact information and basic online presence. The technical infrastructure is based on the DotNetNuke CMS platform with common JavaScript libraries and Bootstrap for responsive design. While the website is accessible and functional, it lacks advanced SEO and accessibility features. Security posture is moderate with HTTPS enabled but missing important security headers and no explicit incident response or security policies published. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the website is professional and credible but could improve in security and privacy compliance aspects.

G

Globaldizajn d.o.o.

globaldizajn.hr

0

Globaldizajn d.o.o. is a Croatian technology company specializing in web design, development of web applications, e-commerce platforms, and mobile applications. The company targets businesses and organizations seeking comprehensive digital solutions, leveraging its proprietary CMS Globaladmin and offering services such as SEO and customer support. The website reflects a mature market position with a medium-sized business profile, supported by multiple certifications and a portfolio of reputable clients. Technically, the site uses modern web technologies including Bootstrap, Google Analytics, and Zoho SalesIQ for chat support, with a CMS tailored to their services. The site is mobile optimized and SEO friendly, though accessibility features could be improved. Security posture is solid with HTTPS, CAPTCHA on forms, and cookie consent mechanisms, but lacks explicit security policies and incident response contacts. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, making it a reliable digital presence for the company.

Z

Zagrebački holding d.o.o. - Podružnica AGM

agm.hr

0

AGM is a well-established Croatian retail and publishing company specializing in books and art supplies, operating both physical stores and an online webshop. Founded in 1967 and part of Zagrebački holding d.o.o., AGM targets Croatian-speaking customers including artists, students, and general book buyers. The website reflects a mature business with consistent branding and a good user experience. Technically, the site uses legacy jQuery and common libraries like Google Analytics and Google Maps API, with moderate performance and mobile optimization. Security posture is adequate with HTTPS and secure login forms, but could be improved by updating outdated libraries and adding security headers. Privacy and cookie policies are present and GDPR compliant, with clear contact information. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

D

Društvo Arhitekata Zagreba

d-a-z.hr

0

Društvo Arhitekata Zagreba (DAZ) is a professional association dedicated to architects in Zagreb, Croatia. The website serves as a hub for architectural news, events, competitions, member profiles, and educational programs. It targets architecture professionals, students, and enthusiasts within the region, providing a platform for community engagement and professional development. The organization appears well-established with a clear focus on promoting architectural culture and activities in Zagreb. Technically, the website employs a mix of older and modern technologies including jQuery 1.7, UIkit framework, Font Awesome icons, and integrates external services such as Google Tag Manager and Facebook SDK for analytics and social media functionalities. The site is mobile-optimized and offers a structured navigation experience, although some technical aspects like outdated libraries and missing security headers could be improved. From a security perspective, the site uses HTTPS and includes some best practices like asynchronous loading of external scripts. However, it lacks explicit security headers, vulnerability disclosure policies, and incident response information. The absence of privacy and cookie policies, as well as consent mechanisms, indicates gaps in compliance with GDPR and related privacy regulations. Overall, the website is functional, professional, and credible for its intended audience but would benefit from enhanced security measures and privacy compliance to strengthen trust and regulatory adherence.

D

Državna komisija za kontrolu postupaka javne nabave

dkom.hr

0

Državna komisija za kontrolu postupaka javne nabave is an official Croatian government body responsible for overseeing and resolving complaints related to public procurement, concessions, and public-private partnerships. The website serves as a portal for publishing official decisions, rulings, and legal frameworks, targeting participants and stakeholders in public procurement processes within Croatia. The business model is regulatory and oversight-focused, positioning the commission as a key authority in its sector.

E

Elektronički oglasnik javne nabave Republike Hrvatske

eojn.hr

0

Elektronički oglasnik javne nabave Republike Hrvatske (EOJN RH) is the official Croatian government platform for managing and publishing public procurement procedures. It serves contracting authorities and economic operators by providing a centralized, transparent, and legally compliant environment for procurement activities. The platform is developed under the National Recovery and Resilience Plan, reflecting a strategic government initiative to modernize public procurement processes. The website offers comprehensive services including procurement plans, notices, decisions, contract registers, and access to public data, targeting primarily government entities and suppliers in Croatia.

G

GOOD Inicijativa

goo.hr

0

GOOD Inicijativa is a Croatian non-profit organization focused on promoting and systematically implementing civic education and human rights education within the formal education system. The website serves as a platform for educational resources, online courses, events, and advocacy related to democratic citizenship and human rights. The organization targets educators, civil society organizations, and stakeholders in the education sector. Technically, the website is built on WordPress with modern plugins for SEO and analytics, providing a good user experience and mobile optimization. Security posture is adequate with HTTPS and reCAPTCHA integration, but lacks explicit security policies and some security headers. Privacy compliance is limited due to absence of privacy and cookie policies. Overall, the site is professional and trustworthy, supporting its mission effectively.

H

Hrabri telefon

hrabritelefon.hr

0

Hrabri telefon is a well-established Croatian non-profit organization founded in 1997, providing vital counseling and support services to children, teenagers, parents, and adults. The organization operates multiple specialized helplines, including telephone lines, WhatsApp chat, email support, and forums, positioning itself as a trusted resource in child protection and family support. The website reflects a professional and consistent brand image, targeting a broad audience with clear navigation and relevant content. Technically, the site is built on WordPress with standard plugins and integrates Google Tag Manager for analytics, showing moderate digital maturity. Security posture is adequate with HTTPS enforced and no visible vulnerabilities, though security headers and explicit incident response policies are absent. Privacy compliance is addressed with cookie consent and privacy policies, aligning with GDPR requirements. WHOIS data confirms domain legitimacy and consistency with the organization's profile. Overall, the site demonstrates a solid foundation for its mission but could benefit from enhanced security policies and technical improvements.

Poslovna Spajalica d.o.o. is a Croatian IT solutions provider focused on delivering innovative technology services including custom software development, cybersecurity, digital transformation, and computer maintenance. The company targets modern enterprises seeking to enhance their business operations through technology. Their market position appears to be that of a small to medium-sized local IT service provider with a professional online presence. The website demonstrates a moderate level of digital maturity, utilizing modern web technologies such as React and JavaScript, with a responsive design and clear navigation. However, some content areas like testimonials contain placeholder text, indicating incomplete content. Security posture is moderate with HTTPS assumed but lacking explicit security headers and policies. Privacy compliance is basic with a cookie consent banner but no visible privacy or terms of service pages. Overall, the website is professional and trustworthy but could improve in security and compliance transparency.

K

Kuća Ljudskih Prava

kucaljudskihprava.hr

0

Kuća Ljudskih Prava is a Croatian non-profit organization dedicated to the promotion and protection of human rights, including freedom of speech and media freedom. The website serves as a platform for news, publications, educational resources, and advocacy activities targeting civil society, legal professionals, and the general public interested in human rights issues in Croatia. The organization maintains a consistent brand presence and provides multilingual support in Croatian and English, enhancing accessibility to a broader audience. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, jQuery, and various plugins for SEO, multilingual support, and user engagement. The site demonstrates good mobile optimization, SEO practices, and moderate performance. Cookie consent mechanisms are implemented to comply with EU regulations, though explicit privacy and terms of service pages are not found. From a security perspective, the site uses HTTPS with excellent SSL configuration and employs cookie consent banners. However, it lacks advanced security headers and does not provide visible security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the HTML content. The domain registration is consistent with the organization's profile, indicating legitimacy and stable operation. Overall, the website is professional, trustworthy, and serves its non-profit mission effectively. Strategic improvements in security policies, privacy documentation, and incident response transparency would enhance compliance and user trust.

The website dislajkammrznju.hr is a parked domain landing page primarily aimed at domain resale. It lacks substantive business content, contact information, or clear branding, indicating it is not an active commercial or service website. The site relies heavily on advertising scripts from Google Adsense and third-party ad networks, serving as a monetization placeholder rather than a functional business platform. Technically, the site uses standard HTML, CSS, and JavaScript with Amazon Cloudfront CDN hosting and Google ad services integration. However, it lacks modern security headers, cookie consent mechanisms, and comprehensive privacy policies, which are critical for compliance and user trust. The security posture is basic with no advanced protections or incident response information. Overall, the site presents low business credibility and poor user experience, with minimal content and no direct contact channels.

U

Ured pravobranitelja za djecu

dijete.hr

0

The website dijete.hr is the official online presence of the Croatian Ombudsperson for Children, a governmental institution dedicated to protecting and promoting children's rights in Croatia. It offers comprehensive information, publications, reports, and news relevant to children, parents, educators, and policymakers. The site is well-structured, professionally designed, and provides content primarily in Croatian with an English version available. The institution holds a strong market position as the national authority on children's rights, supported by partnerships with European and national child protection organizations.

U

Ured pučke pravobraniteljice

ombudsman.hr

0

The website represents the official Croatian Ombudsman institution, providing human rights protection, complaint handling, legal assistance, and public reporting services. It targets Croatian citizens and vulnerable groups, operating as a governmental public service entity with a medium organizational size. The site is well-branded, consistent, and provides comprehensive contact information and privacy policies, reflecting a trustworthy public institution. Technically, the website is built on WordPress with modern plugins and frameworks such as Elementor and Bootstrap. It uses HTTPS and integrates Google Analytics and Mailchimp for analytics and marketing. The site is moderately performant and mobile-optimized, with basic accessibility features. From a security perspective, the site enforces HTTPS and uses secure forms but lacks some advanced security headers and explicit security or incident response policies. No vulnerabilities or blocking mechanisms were detected, indicating a solid security posture for a government site. Overall, the website is professional, credible, and compliant with GDPR, with room for improvement in security policy transparency and technical security headers. The domain registration data aligns well with the institution's identity, supporting high legitimacy.

A

Arc Rec Project

arc-rec-project.eu

0

The ARC Rec Project website serves as an awareness raising campaign focused on GDPR compliance for Small and Medium-sized Enterprises (SMEs), primarily within the European Union, with a strong connection to Croatia. The project is EU co-funded and aims to provide educational materials, webinars, and self-assessment tools to help SMEs understand and implement GDPR requirements. The website is professionally designed using WordPress with the Divi theme and includes multilingual support for English, Croatian, and Italian. It features a modern technical infrastructure with SEO optimization and a cookie consent mechanism, reflecting a mature digital presence. Security posture is good with HTTPS enforced and no evident vulnerabilities, though some security headers could be improved. The site lacks explicit incident response or vulnerability disclosure policies, which could be enhanced to improve trust and compliance. Overall, the website is credible, well-maintained, and aligned with its educational mission.

P

Povjerenstvo za odlučivanje o sukobu interesa

sukobinteresa.hr

0

The website represents the official online presence of the Croatian Commission for the Prevention of Conflict of Interest, a government regulatory body focused on transparency and integrity in public service. It provides comprehensive information about the commission's activities, legal acts, educational programs, and public registers. The site targets Croatian public officials and citizens interested in conflict of interest matters. Technically, the site is built on Drupal 7 with common web technologies such as jQuery and Bootstrap, and uses Google Analytics for visitor tracking. While the site is functional and professionally designed, it uses outdated software components that may pose security risks. Security posture is moderate with HTTPS enabled but lacks modern security headers and explicit privacy compliance mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, the site is trustworthy but would benefit from modernization and improved privacy and security policies.

A

Agencija za zaštitu osobnih podataka

azop.hr

0

The Agencija za zaštitu osobnih podataka (AZOP) is an independent Croatian government agency responsible for overseeing the implementation of the General Data Protection Regulation (GDPR) within Croatia. The website serves as an official portal providing comprehensive information about data protection rights, regulatory activities, educational initiatives, and public resources. It targets Croatian citizens, data controllers, processors, and public institutions, positioning itself as the authoritative national data protection authority. The site features multilingual support, primarily Croatian and English, enhancing accessibility for diverse audiences. Technically, the website is built on WordPress using the Divi theme and incorporates several plugins such as Yoast SEO for search optimization, Contact Form 7 for user inquiries, and Pojo Accessibility for compliance with accessibility standards. The infrastructure supports modern web standards including HTTPS, responsive design, and accessibility features, reflecting a mature digital presence. Performance is moderate with good mobile optimization and SEO practices. From a security perspective, the site enforces HTTPS, employs standard security headers, and uses secure form handling mechanisms. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. However, explicit security policies and incident response contacts are not prominently published, suggesting areas for improvement in transparency and readiness. Overall, AZOP's website demonstrates a high level of professionalism, compliance with GDPR, and a strong trust profile consistent with its role as a government regulator. Strategic recommendations include publishing detailed security policies, establishing clear incident response channels, and maintaining vigilance on third-party plugin security to sustain and enhance its security posture.

A

Analyticom d.o.o.

analyticom.de

0

Analyticom d.o.o. is a specialized software provider recognized as a global leader in football management solutions, serving football governing bodies such as national associations and continental confederations. Their product suite includes COMET, COMET LIVE, and COMET PLAY, complemented by professional services like implementation, support, and cloud infrastructure. The company emphasizes innovation and reliability, targeting a global sports management audience. Technically, the website is built on WordPress using the Avada theme and Fusion Builder, integrating Cookiebot for GDPR-compliant cookie management and Google Analytics for traffic analysis. The site demonstrates good mobile optimization and SEO practices, though some accessibility features could be enhanced. Performance is moderate, with modern technologies and scripts in use. From a security perspective, Analyticom maintains a strong posture with HTTPS enforced, ISO 27001 certification, and comprehensive privacy policies. Cookie consent is actively managed, and no critical vulnerabilities or exposed sensitive data were detected. However, additional security headers and a security.txt file could further improve their security maturity. Overall, the website and business present a trustworthy and professional image with strong compliance to privacy regulations. The domain registration details align well with the business claims, supporting legitimacy. Strategic recommendations include enhancing security headers, improving accessibility, and formalizing vulnerability disclosure mechanisms.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

A

Atlantic Grupa d.d.

atlanticgrupa.com

0

Atlantic Grupa d.d. is a prominent regional leader in the fast-moving consumer goods sector, specializing in the production and distribution of popular food and beverage brands across Southeast Europe. The company maintains a strong market position with a comprehensive distribution network and a focus on sustainability and corporate responsibility. Their website reflects a professional digital presence with detailed investor relations and sustainability content, targeting regional consumers, investors, and partners. Technically, the site leverages modern JavaScript frameworks such as Nuxt.js and Vue.js and is hosted behind Cloudflare, ensuring good performance and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, exposing users to potential risks. Privacy and cookie policies are well implemented, indicating GDPR compliance. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and maintain trust.

I

iService d.o.o.

iservice.hr

0

iService d.o.o. operates the website iservice.hr, providing fast and professional repair services for smartphones, tablets, Mac computers, and Apple devices, alongside retail sales of related accessories. The company targets both individual consumers and businesses, offering services such as quick repairs, free diagnostics, and warranty-backed parts. The business is well-positioned in the Croatian market with a strong reputation supported by certifications like Apple IRP and a 15-year operational history. Technically, the website uses a standard Apache server with modern marketing integrations including Google Analytics and Facebook Pixel, but lacks a valid SSL certificate, which is a significant security concern. The site is mobile-optimized with good SEO and user experience, though performance metrics indicate slow loading times. Security posture is weak due to missing HTTPS, lack of modern TLS protocols, and absence of key security headers. Privacy compliance is addressed with visible policies and cookie consent mechanisms, but no explicit security or incident response policies are found. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

Leapwise is a medium-sized software development company based in Croatia, specializing in custom software solutions, system integration, and dedicated development teams primarily targeting enterprise clients in technology, telecommunications, cybersecurity, and IoT sectors. The company positions itself as a trusted partner delivering scalable, modular, and maintainable software with a strong emphasis on quality and long-term client success. The website reflects a high level of professionalism with rich content, client testimonials, and industry certifications, supporting its market credibility. Technically, the website is built on WordPress with modern plugins for SEO, caching, and analytics. However, the absence of a valid SSL/TLS certificate and HTTPS support is a significant security shortfall, exposing users to potential risks and undermining trust. Performance metrics are not available, but the use of caching and lazy loading suggests some optimization efforts. The site is mobile-optimized and accessible with good SEO practices. Security posture is weak due to lack of HTTPS and minimal security headers. No explicit security or incident response policies are published, which could be a concern for enterprise clients. Privacy compliance is supported by a comprehensive privacy policy and cookie consent mechanism, indicating awareness of GDPR requirements. Contact information is available primarily via forms and a physical address, but no direct company emails or phone numbers are listed. Overall, Leapwise demonstrates strong business credibility and digital maturity but must urgently address its SSL/TLS implementation to improve security and trustworthiness. Strategic recommendations include implementing HTTPS, enhancing security headers, and publishing security policies to align with enterprise client expectations.

The website alu.hr represents the Akademija likovnih umjetnosti, an established fine arts academy affiliated with the University of Zagreb in Croatia. It serves students, faculty, and visitors by providing academic information, event announcements, and cultural project details. The institution is mature with a domain age of 22 years and a consistent registration profile. Technically, the site runs on Apache with Ubuntu, uses CMS Contenido 4.8, and includes older JavaScript libraries such as jQuery 1.9.0. However, the website suffers from outdated technology and lacks modern performance and accessibility optimizations. Security posture is weak due to the absence of a valid SSL certificate and proper HTTPS configuration, exposing users to risks. Privacy compliance is minimal, with no visible privacy or cookie policies, and no contact information is explicitly provided on the homepage. Overall, the site is functional but requires significant improvements in security, privacy, and technical modernization to meet current standards.

The website's security posture is currently weak, with critical gaps in privacy compliance, network security, and foundational security headers. Critical services like MySQL are exposed, significantly increasing the risk of data breaches and unauthorized access. The absence of GDPR-required policies and consent mechanisms puts the business at high legal and reputational risk, especially as it operates within the EU. Security headers are largely missing or misconfigured, leaving the site vulnerable to common web attacks such as clickjacking, XSS, and content injection. The lack of an established information security framework, incident response procedures, and vulnerability disclosure policies indicates immature cybersecurity governance. While email security and DNS health show moderate strength, SSL/TLS implementation needs improvement to ensure secure communications. Immediate remediation is necessary to reduce risk exposure and ensure regulatory compliance, protecting both customer data and business continuity.