Security Directory

C

Cube Infrastructure Managers

cubeinfrastructure.com

0

Cube Infrastructure Managers is an independent European asset manager specializing in mid-market infrastructure investments since 2007. The company focuses on sectors such as energy transition, telecommunications, transport, and environment, emphasizing sustainable and socially responsible investments. Their market position is solid with over €4 billion capital raised and a portfolio of 40+ investments. The website reflects a mature digital presence built on WordPress with modern technologies and good SEO practices. Security posture is strong with HTTPS and reCAPTCHA implemented, though some security headers are missing and no public security policy is found. Privacy compliance is well addressed with clear privacy and cookie policies. The absence of WHOIS data is a concern but does not outweigh the professional presentation and trust signals on the site. Overall, the site is trustworthy and professionally managed.

H

h2a s.a.

h2a.lu

0

h2a s.a. is a well-established communication agency based in Luxembourg, operating since 2004. The company specializes in creative communication services including digital campaigns, branding, and accessibility consulting. Their market position is that of a trusted local agency with a professional portfolio and a consistent brand image. The website reflects a mature digital presence with modern design and good user experience, targeting businesses and organizations seeking communication expertise in Luxembourg. Technically, the site is built on WordPress with a custom theme and uses jQuery and Google Tag Manager for analytics and marketing. The site is mobile optimized and accessible, with comprehensive privacy and cookie policies that comply with GDPR requirements. Security posture is good with HTTPS enforced and no visible sensitive data exposure, though security headers are missing and WHOIS data is unavailable, limiting full trust verification. Overall, the site is professional, trustworthy, and compliant with privacy regulations.

C

Commissariat aux Assurances

caa.lu

0

The Commissariat aux Assurances website serves as the official regulatory authority for the insurance sector in Luxembourg. It provides comprehensive information and resources for insurance operators, consumers, and stakeholders, including regulatory documents, circulars, and consumer alerts. The site is professionally designed with clear navigation and bilingual support (French and English), targeting industry participants and the general public interested in insurance regulation. Technically, the website employs a modern but straightforward technology stack including jQuery and tarteaucitron.js for cookie consent management. The site is accessible, mobile-optimized, and includes SEO best practices. However, no explicit CMS or hosting provider details are evident. Performance is moderate with room for improvement in accessibility features. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, but lacks visible advanced security headers and explicit security policies. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data limits domain trust assessment, but the official .lu domain and professional content support legitimacy. Google Analytics is used with user consent, indicating privacy awareness. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. Strategic recommendations include enhancing security headers, publishing incident response contacts, and improving accessibility to further strengthen trust and compliance.

C

Commission de Surveillance du Secteur Financier

cssf.lu

0

The Commission de Surveillance du Secteur Financier (CSSF) is a public institution responsible for supervising professionals and products within the Luxembourg financial sector. It serves both professionals and consumers by providing regulatory frameworks, publications, and guidance. The CSSF holds a key market position as Luxembourg's financial regulatory authority, offering services such as supervision of financial entities and dissemination of financial data. The website targets financial sector stakeholders and consumers seeking authoritative information and regulatory updates. Technically, the website is built on WordPress, utilizing modern web technologies including jQuery and Font Awesome, and integrates Matomo for analytics. The site demonstrates good digital maturity with responsive design, accessibility features, and a cookie consent mechanism compliant with GDPR. Performance is moderate with room for optimization. From a security perspective, the site enforces HTTPS and employs cookie-based security measures. However, explicit HTTP security headers are not detected, and no public security or incident response policies are found. No vulnerabilities or exposed sensitive data are evident. The absence of WHOIS data limits domain trust verification, but the official nature and content quality support legitimacy. Overall, the CSSF website is a professional, secure, and compliant platform serving as a trusted source for financial regulation in Luxembourg. Strategic recommendations include enhancing HTTP security headers, publishing security policies, and improving WHOIS transparency to strengthen trust and security posture.

E

Eurosystem Procurement Coordination Office (EPCO)

epco.lu

0

The Eurosystem Procurement Coordination Office (EPCO) is an institutional entity established by the European Central Bank to coordinate joint procurement activities among the central banks of the Eurosystem and the European System of Central Banks (ESCB). Hosted by the Banque centrale du Luxembourg since 2008, EPCO facilitates cost-efficient procurement, contract management, and promotes best practices across its member institutions. The website reflects a professional and consistent brand image, targeting central banks and related governmental entities involved in procurement activities. Technically, the site is built on WordPress with modern frontend technologies and includes GDPR-compliant cookie consent mechanisms. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. The absence of explicit privacy and terms of service policies is a notable gap. Overall, the site is trustworthy and well-positioned as an official coordination office for Eurosystem procurement.

C

Comité du Risque Systémique

cdrs.lu

0

The website cdrs.lu represents the Comité du Risque Systémique, an institutional entity likely focused on systemic risk in Luxembourg. The site is primarily informational, presented in French, and built on WordPress using the Divi theme. The technical infrastructure is standard for a small institutional website, with moderate performance and basic mobile optimization. However, the site lacks critical privacy and security policies, contact information, and advanced security headers, which limits its compliance and trustworthiness. No WAF or blocking mechanisms were detected, indicating full accessibility. The WHOIS data shows Luxembourg-based name servers consistent with the domain's country code but lacks detailed registrant information, limiting full legitimacy assessment. Overall, the site is safe and suitable for general audiences but requires improvements in privacy, security, and contact transparency to enhance trust and compliance.

B

Banque centrale du Luxembourg

apieceofluxembourg.lu

0

The website 'A Piece of Luxembourg' is an official platform managed by the Banque centrale du Luxembourg, offering unique numismatic products that celebrate Luxembourg's culture, history, and heritage. It targets collectors and enthusiasts interested in Luxembourg-themed euro coins and related products, positioning itself as a niche leader in this specialized market. The business model revolves around e-commerce sales combined with cultural promotion, leveraging the authority and trust of the central bank. Technically, the website is built on WordPress and employs modern web technologies such as jQuery, FontAwesome, Swiper.js, and integrates Google Tag Manager for analytics. The site is mobile-optimized with good SEO practices and a moderate performance profile. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. From a security perspective, the site uses HTTPS with an excellent SSL configuration and implements cookie consent. However, it lacks explicit security headers and publicly available security policies or incident response information. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data reduces domain registration transparency but does not significantly detract from the site's legitimacy given its official affiliation. Overall, the website presents a low-risk profile with strong business credibility and good technical and security posture. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility features to further strengthen trust and compliance.

R

RTL

rtl.lu

0

RTL Lëtzebuerg operates as a leading media and broadcasting company in Luxembourg, offering a comprehensive range of services including news, television, radio, and digital content. The website is professionally designed with excellent content quality and clear navigation, targeting a general audience interested in regional and international news and entertainment. Technically, the site employs a modern technology stack with extensive use of JavaScript libraries, consent management tools, and analytics platforms, supporting both web and mobile app platforms. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response information are not publicly available. Privacy compliance is robust, featuring a comprehensive GDPR consent mechanism. The absence of WHOIS data due to malformed queries slightly reduces domain trustworthiness but does not detract from the overall legitimacy of the site. Strategic recommendations include publishing security and incident response policies, providing clear contact information, and adding terms of service to enhance legal clarity and user trust.

R

Runa Capital

runacap.com

0

Runa Capital is a well-established global venture capital firm specializing in early-stage investments in software and deep tech startups. With over $600 million in assets under management and a presence in multiple countries, the firm targets deeptech, enterprise software, and fintech infrastructure sectors. The website reflects a professional and consistent brand image, supported by a modern WordPress infrastructure and comprehensive SEO optimization. The firm maintains multiple global offices, reinforcing its international market position. Technically, the website employs a modern tech stack including Google Analytics, HubSpot, and Cloudflare DNS services, ensuring good performance and mobile optimization. The site is secured with HTTPS and domain registration protections, although DNSSEC is not enabled. Privacy compliance is partially addressed with a clear privacy policy, but lacks a cookie consent mechanism and explicit security policies. Security posture is solid with no visible vulnerabilities or exposed sensitive data, but could be improved by adding security headers, vulnerability disclosure policies, and incident response contacts. Overall, the website is trustworthy and professional, with moderate user tracking and good advertising transparency. Strategically, Runa Capital should focus on enhancing privacy compliance and security transparency to align with evolving regulatory requirements and improve user trust further.

Casinoble is a French-language online media platform specializing in casino and sports betting guides, comparisons, and industry insights. Established in 2016 and operating under the .lu domain, it targets French-speaking users interested in iGaming. The website offers detailed content on bonuses, game availability, payment methods, and responsible gaming, positioning itself as a trusted guide in the gambling media sector. Technically, the site is built on WordPress with modern analytics and tracking tools, delivering a good user experience with mobile optimization and SEO best practices. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit privacy and cookie policies are missing, which impacts compliance. Overall, Casinoble presents a professional and trustworthy online presence with room for improvement in privacy transparency and contact accessibility.

Œ

Œuvre Nationale de Secours Grande-Duchesse Charlotte

oeuvre.lu

0

Œuvre Nationale de Secours Grande-Duchesse Charlotte is a well-established Luxembourg non-profit organization dedicated to supporting associations in social, cultural, environmental, sport & health, and heritage projects. Funded primarily by the Luxembourg National Lottery, it has a long history dating back to 1944 and holds a reputable position in the local community. The website reflects a professional and accessible digital presence, leveraging Drupal 10 and modern web technologies, with strong emphasis on accessibility and user experience. Security posture is good with HTTPS and secure embedding practices, though explicit security headers could be improved. The lack of WHOIS data limits domain trust analysis but does not detract from the organization's evident legitimacy. Overall, the site is safe, well-designed, and compliant with privacy regulations.

C

CMCM / Caisse Médico-Complémentaire Mutualiste

cmcm.lu

0

CMCM (Caisse Médico-Complémentaire Mutualiste) is a large mutual health insurance provider based in Luxembourg, serving approximately 145,000 families and 280,000 individuals. The organization emphasizes solidarity and non-exclusion, offering comprehensive complementary health coverage without medical exams or additional family fees. Their key services include hospitalization coverage, dental and optical benefits, and business solutions. The website is professionally designed using Drupal 9, with good mobile optimization and accessibility features. GDPR compliance is evident through a detailed privacy policy and cookie consent mechanism. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit security policies and incident response contacts are absent. Overall, the domain registration data aligns well with the business claims, indicating a trustworthy and legitimate entity.

L

Lightbulb s.à r.l.

lightbulb.lu

0

Lightbulb s.à r.l. is a Luxembourg-based digital design and software development agency founded in 2013. The company specializes in transforming complex problems into user-friendly software solutions, offering services such as custom development, UX-focused design, and innovative digital solutions. Their client portfolio includes notable organizations, and they maintain an active social media presence to engage with their audience. The website is professionally designed, mobile-optimized, and provides clear navigation and contact information, positioning Lightbulb as a credible and trustworthy service provider in the technology sector. Technically, the website is built on WordPress, leveraging modern JavaScript and CSS technologies, with performance optimized through caching and preload strategies. Hosting is managed via EuroDNS, consistent with the Luxembourg location. The site employs Matomo analytics with a cookie consent mechanism, reflecting a moderate level of digital maturity and privacy awareness. Accessibility and SEO optimizations are well implemented, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and uses cookie consent to comply with GDPR requirements. However, explicit security headers are absent, and no formal privacy policy or security incident response information is published, indicating areas for improvement. No vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the security posture is good but could be enhanced by adopting additional best practices and transparency measures. The overall risk assessment is low, with the website demonstrating professionalism, legitimacy, and compliance with basic privacy standards. Strategic recommendations include publishing a comprehensive privacy policy, implementing security headers, and providing clear incident response contacts to strengthen trust and compliance.

B

Banque centrale du Luxembourg

bcl.lu

0

The Banque centrale du Luxembourg (BCL) website serves as the official online presence of Luxembourg's national central bank, a key member of the Eurosystem. It provides comprehensive information on monetary policy, financial stability, payment systems, research, and publications. The site targets a broad audience including financial institutions, researchers, policymakers, and the general public. The business model is government-oriented, focusing on monetary authority functions and financial oversight. The website demonstrates consistent branding and professional content aligned with its authoritative role. Technically, the site is built on Infopark CMS Fiona with Bootstrap framework, incorporating modern web technologies such as Font Awesome icons and Google Custom Search. It features embedded multimedia content and is mobile responsive. Performance is moderate with room for improvement in accessibility and SEO optimization. No critical technical flaws were detected. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks visible security headers and published security policies or incident response contacts. The absence of privacy and cookie policies reduces compliance confidence. WHOIS data is unavailable due to a malformed query, which slightly impacts domain trustworthiness but does not detract from the site's authoritative content. Overall, the website is a reliable and professional resource for central banking information in Luxembourg, with recommendations to enhance privacy compliance, security headers, and WHOIS transparency to strengthen trust and security posture.

C

CFL

cfl.lu

0

CFL is the national railway company of Luxembourg, providing passenger and freight transport services along with mobility solutions such as carsharing, bicycles, tram, and funicular. The website serves as a comprehensive travel portal offering timetable searches, ticket bookings (both national and international), travel packages, and customer services. The company holds a strong market position in Luxembourg's transportation sector with a large operational scale and multiple subsidiaries. Technically, the website employs modern frameworks like Bootstrap and FontAwesome, integrates Google Tag Manager and Matomo for analytics, and is optimized for mobile and accessibility. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, though explicit security policies and incident response contacts are not found. Privacy compliance is good with privacy and cookie policies and consent mechanisms in place. Overall, the website is professional, trustworthy, and user-friendly, though the lack of WHOIS data slightly reduces trustworthiness from a domain registration perspective.

S

Sport-Santé

sport-sante.lu

0

Sport-Santé is a Luxembourg-based non-profit federation focused on promoting therapeutic physical activities for patients with chronic diseases. Managed by the Fédération Luxembourgeoise des Associations de Sport de Santé (FLASS), it serves as a recognized label and resource hub offering information, events, and videos to support health through physical activity. The website is well-structured, multilingual, and optimized for SEO, targeting patients and healthcare professionals in Luxembourg. Technically, it is built on WordPress with modern plugins and libraries, providing a good user experience across devices. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks explicit security headers and published security policies. The absence of WHOIS data limits domain trust verification, but the presence of official partnerships and consistent branding supports legitimacy. Overall, the site is professional, informative, and trustworthy within its healthcare niche.

Anefore is a Luxembourg-based agency dedicated to managing and promoting European educational and youth mobility programs such as Erasmus+, the European Solidarity Corps, and eTwinning. The website serves as an information hub and support platform for educational institutions, youth organizations, and participants in these programs. It is positioned as the official national agency for these European initiatives in Luxembourg, targeting educators, students, and youth organizations. The business model is non-profit and government-affiliated, focusing on program coordination and dissemination of information. Technically, the website is built on WordPress 6.4.5 with a mix of jQuery versions and several plugins including Contact Form 7 and Mailchimp for WordPress. The site uses modern web technologies like Masonry for layout and Google Analytics for tracking. Performance is moderate with good mobile optimization and basic accessibility features. SEO is adequately addressed with proper meta tags and structured navigation. From a security perspective, the site enforces HTTPS and uses secure forms but lacks visible security headers such as CSP or HSTS. No vulnerabilities or exposed sensitive data were detected in the HTML content. However, the absence of privacy and cookie policies and no published incident response or security policies represent compliance gaps. The WHOIS data is unavailable due to a malformed query response, which slightly reduces domain trustworthiness but does not negate the legitimacy indicated by the official program affiliations. Overall, the website is professional, content-rich, and trustworthy for its intended audience but would benefit from enhanced privacy compliance, security header implementation, and transparent domain registration information to improve its security posture and trust signals.

C

Carte Jeunes

cartejeunes.lu

0

Carte Jeunes is a youth-focused organization providing the European Youth Card in Luxembourg, targeting young people aged 12 to 30. The website offers card issuance services, discount information, and youth engagement content. It maintains a strong digital presence with social media integration and a mobile app. The technical infrastructure is based on WordPress with modern plugins for SEO, newsletter management, and social media feeds. Security posture is solid with HTTPS, captcha protection, and cookie consent mechanisms, though some security headers could be improved. Privacy compliance is well addressed with clear policies and GDPR adherence. Overall, the website is professional, trustworthy, and well-optimized for its audience.

A

Agence Nationale pour l'Information des Jeunes

jugendinfo.lu

0

Jugendinfo.lu is a government-affiliated youth information portal based in Luxembourg, operated by the Agence Nationale pour l'Information des Jeunes. The website provides comprehensive information and services targeted at young people aged 12 to 30, covering education, employment, engagement, housing, health, and daily life. It holds a strong market position as a national youth information service with a clear mission to support and inform the youth demographic. The business model is non-profit and government-supported, focusing on public service and youth empowerment. Technically, the website is built on a modern WordPress CMS platform with popular plugins such as Yoast SEO, WPBakery Page Builder, and Smart Slider 3. It integrates Google Analytics and Google Tag Manager for analytics and marketing purposes. The site demonstrates good mobile optimization and basic accessibility features, with a moderate performance profile. SEO is well addressed through meta tags and structured data. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms compliant with GDPR. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not detected, and no published security or incident response policies are found. No vulnerabilities or suspicious activities are evident in the content or technical stack. The WHOIS data confirms domain legitimacy with consistent registration details aligned with the website's government affiliation. Overall, Jugendinfo.lu presents a trustworthy, professional, and well-maintained online presence for youth information in Luxembourg. Strategic recommendations include enhancing security headers, publishing security policies, and adding vulnerability disclosure information to further strengthen trust and compliance.

E

Eurodesk Luxembourg

eurodesk.lu

0

Eurodesk Luxembourg is a government-affiliated youth information service providing a range of opportunities and resources for young people in Luxembourg and Europe. The website serves as a portal for volunteering missions, European opportunities, youth testimonials, and educational content. It targets youth and young adults, operating as a non-profit public information agency with a consistent and professional online presence. The site is well-branded and supported by reputable European and national partners.

F

Fleetback

fleetback.com

0

Fleetback is a Luxembourg-based company founded in 2015 that provides a comprehensive digital platform for automotive dealerships to streamline and digitalize their sales, after-sales, self-service, audits, and parking processes. The company serves over 2,000 customers across 26 countries, positioning itself as a key player in the automotive digital solutions market. The website reflects a professional and consistent brand image, targeting automotive professionals such as technicians, salespeople, and service advisors. Technically, the website is built on WordPress with modern libraries and frameworks including jQuery, Bootstrap, and various analytics and marketing tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. The site is hosted with Amazon Registrar and uses AWS DNS services. It features a cookie consent mechanism compliant with GDPR and employs Google reCAPTCHA v3 for bot protection. The site is mobile optimized and SEO friendly, though accessibility features are basic. From a security perspective, the site uses HTTPS with good SSL configuration and implements best practices like bot protection and cookie consent. However, it lacks explicit security headers and does not publicly disclose a security policy or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Overall, Fleetback's website demonstrates a mature digital presence with strong business credibility and privacy compliance. Recommendations include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to further strengthen trust and security posture.

Villeroy & Boch AG is a well-established premium brand specializing in high-quality porcelain, glassware, cutlery, and stylish bathroom and kitchen ceramics. With a history dating back to 1748, the company holds a strong market position in the retail sector, targeting both end consumers and business clients. The website reflects a mature digital presence with a modern React-based tech stack, good mobile optimization, and comprehensive privacy compliance including GDPR adherence. Security posture is robust with HTTPS, security headers, and consent management in place, though the absence of WHOIS data limits full domain trust assessment. Overall, the site is professional, trustworthy, and aligned with industry best practices.

E

enovetic global SA

enovetic.com

0

enovetic global SA is a newly founded (2023) financial services company specializing in digital platforms and consulting for European pension funds and occupational retirement provision. Positioned in Luxembourg, a leading European financial center, the company offers cross-border advisory services, partner network integration, and administration solutions to employers, employees, and distribution partners. The website reflects a professional and modern digital presence built on WordPress with Tailwind CSS and integrates advanced analytics and user tracking tools such as Datadog RUM and Google Tag Manager. Security posture is solid with HTTPS and Cloudflare DNS, though improvements like DNSSEC and explicit security headers are recommended. Privacy compliance is well addressed with comprehensive cookie and privacy policies and an opt-in consent mechanism. Contact is primarily via web forms, with no direct emails or phone numbers publicly listed. Overall, the website and domain registration are consistent and trustworthy, supporting the company's market positioning in the European pension fund sector.

T

Truck1 Sp.z.o.o.

truck1.lu

0

Truck1 Sp.z.o.o. operates a large-scale online marketplace specializing in trucks, construction machinery, agricultural machines, and other heavy vehicles. The platform serves a broad European audience, including Luxembourg, and offers over 150,000 industrial vehicle listings. The business model focuses on connecting sellers and buyers, providing dealer services, advertising, and financing options. The company has a strong market presence with multiple country and language versions, indicating a mature international operation. Technically, the website employs a modern technology stack with extensive use of JavaScript, Google Tag Manager, and multiple analytics and advertising pixels from major providers such as Google, Facebook, TikTok, LinkedIn, and Criteo. The site is served over HTTPS with appropriate security headers, ensuring a secure browsing experience. Mobile optimization and SEO practices are good, though accessibility features could be improved. From a security perspective, the site demonstrates good practices with HTTPS and security headers but lacks publicly available security policies or incident response contacts. The absence of WHOIS data and domain registration transparency is a concern, slightly reducing trustworthiness. The site uses extensive tracking technologies, which may impact privacy compliance, though GDPR-related policies are present. Overall, Truck1 is a professional and trustworthy platform with a solid business foundation and technical infrastructure. Strategic improvements in transparency, security policy disclosure, and privacy compliance would enhance its security posture and user trust.

I

IAESTE A.s.b.l.

iaeste.org

0

IAESTE A.s.b.l. is a well-established global non-profit organization headquartered in Luxembourg, specializing in facilitating paid internships primarily in STEM fields for students worldwide. With a presence in over 100 countries and a history dating back to 1948, IAESTE connects students, employers, and universities to foster professional development and intercultural exchange. The website reflects a mature digital presence with comprehensive internship listings, volunteer opportunities, and alumni engagement. Technically, the site uses modern web technologies including Ruby on Rails, Cloudflare DNS, and integrates marketing and analytics tools such as Google Tag Manager and MailerLite. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though improvements can be made by enabling DNSSEC and adding explicit security headers. Privacy compliance is moderate with cookie consent but no visible privacy policy in the provided content. Overall, the site is professional, trustworthy, and serves its educational and non-profit mission effectively.

C

Clearly

clearly.lu

0

Clearly is a European e-commerce retailer specializing in health-related products, operating multiple country-specific domains to serve a broad audience. The website is built on Shopify, leveraging a modern tech stack with extensive marketing and analytics integrations. The site demonstrates good content quality, professional design, and clear navigation, targeting general consumers interested in health and wellness. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit security policies and incident response details are absent. Overall, the site is trustworthy and compliant with GDPR, but could improve transparency around security and contact information.

L

Luxembourg City Tourist Office

lcto.lu

0

Luxembourg City Tourist Office operates a professional and content-rich website aimed at promoting tourism in Luxembourg City. The site offers extensive information on guided tours, events, accommodations, and local attractions, targeting tourists and visitors. The website demonstrates a mature digital presence with multilingual support and structured navigation, enhancing user experience and accessibility. Technically, the site employs modern tracking and analytics tools such as Google Tag Manager, Microsoft Clarity, and Facebook Pixel, alongside a cookie consent mechanism, indicating awareness of privacy compliance requirements. However, the absence of explicit privacy and terms of service pages, as well as missing WHOIS registration data, introduces trust and compliance concerns. Security posture is generally good with HTTPS enforced, but lacks explicit security headers and vulnerability disclosure information. Overall, the website is professional and trustworthy from a content and design perspective but would benefit from improved transparency and security documentation.

A

Administration communale de la Ville de Luxembourg

vdl.lu

0

The website www.vdl.lu is the official digital presence of the Administration communale de la Ville de Luxembourg, serving as the primary portal for municipal information and services. It targets residents, visitors, and businesses in Luxembourg City, offering comprehensive content on city governance, administrative procedures, mobility, cultural events, and community engagement. The site is well-branded with consistent official logos and provides clear contact channels including email, phone, and social media links. Technically, the site is built on Drupal 9, leveraging modern web technologies and integrating Matomo for analytics and CookieYes for consent management. The site demonstrates good mobile optimization, accessibility, and SEO practices. Security is robust with HTTPS enforced and appropriate security headers, although no explicit security policy or incident response information is published. From a security and privacy perspective, the site implements a comprehensive cookie consent mechanism aligned with GDPR requirements, and no vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS data due to registry restrictions limits domain trust verification. Overall, the site presents a low risk profile with strong compliance and professional standards. Strategically, the site should consider publishing a dedicated security policy and incident response contacts to enhance transparency and trust. Additionally, implementing a vulnerability disclosure policy or security.txt file would further strengthen its security posture.

B

Buderus

buderus.lu

0

Buderus is a well-established company specializing in heating, solar, and ventilation system solutions, targeting both consumers and businesses primarily in Luxembourg and neighboring regions. The website presents a professional and modern interface, leveraging CoreMedia CMS and integrating Google Tag Manager for analytics and marketing purposes. While the site is well-structured and optimized for mobile devices, some technical improvements such as enhanced security headers and accessibility features could be implemented to strengthen its digital maturity. Security posture is generally good with HTTPS enabled, but the absence of WHOIS data limits the ability to fully verify domain legitimacy and registrant details. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting a commitment to user data protection. Overall, the website is trustworthy and serves as a credible digital presence for Buderus, though domain registration transparency should be improved.

C

Culligan Luxembourg

culligan.lu

0

Culligan Luxembourg is a professional provider of water fountain solutions and hydration services tailored for businesses of all sizes in Luxembourg. The company offers a range of products including bottle-based and network-connected water fountains, water delivery services, and related accessories. The website reflects a strong market position as part of an established international brand, with a focus on quality service and environmental sustainability. Technically, the site is built on WordPress with modern frameworks like Bootstrap and includes security features such as HTTPS and Google reCAPTCHA. Privacy compliance is well addressed with clear policies and consent mechanisms. However, the absence of WHOIS data limits domain trust analysis. Overall, the site is professional, secure, and user-friendly, supporting Culligan's business credibility in the hydration solutions market.

A

Administration du Cadastre et de la Topographie (ACT)

geoportail.lu

0

The Geoportal of the Grand-Duchy of Luxembourg is an official government platform providing comprehensive geospatial data, maps, and related services to individuals, professionals, and developers. It serves as the authoritative source for governmental geodata, supporting sectors such as energy, environment, spatial planning, and real estate. The platform offers a variety of applications including cadastral extract ordering, 3D modeling, route planning, and mobile apps, positioning itself as a key digital infrastructure for Luxembourg's geospatial needs. Technically, the website employs a moderate technology stack including jQuery, Modernizr, and Matomo analytics, with good mobile optimization and accessibility features. The site is served over HTTPS with no detected blocking or WAF interference, ensuring accessibility and security. However, some security best practices such as explicit security headers and published incident response policies are missing. From a security perspective, the platform enforces strong authentication for sensitive services and uses privacy-conscious analytics. The absence of cookie consent mechanisms and vulnerability disclosure policies indicates room for improvement in privacy compliance and transparency. Overall, the site demonstrates a solid security posture appropriate for a government service but could enhance user trust by adopting additional security and privacy measures. The domain registration aligns well with the website's governmental nature, registered to a Luxembourg government entity, reinforcing legitimacy and trustworthiness. No suspicious or malicious content was found, and the site is safe for general audiences.

M

MHZ Hachtel S.à r.l.

mhz.lu

0

MHZ Hachtel S.à r.l. operates a professional website focused on custom-made sun protection products including Plissees, Wabenplissees, Rollos, Jalousien, Markisen, and insect protection solutions. The company targets architects, dealers, and end customers primarily in Luxembourg and the Benelux region, offering a digital configurator and dealer portal to enhance customer engagement. The website is built on TYPO3 CMS with modern styling and includes GDPR-compliant cookie consent mechanisms, reflecting a mature digital presence. Security posture is strong with HTTPS and security headers implemented, though explicit security policies and incident response information are absent. WHOIS data is unavailable, limiting domain trust assessment, but the website's professional design and content suggest legitimacy. Overall, the site is well-structured, user-friendly, and compliant with privacy regulations, supporting MHZ's market position as a reputable regional manufacturer and retailer of sun protection products.

V

Visit Luxembourg

visitluxembourg.com

0

Visit Luxembourg is an official tourism promotion website showcasing Luxembourg as a travel destination blending medieval charm with modern sophistication. The site targets tourists and visitors seeking cultural, event, and travel information about Luxembourg. The business model focuses on tourism promotion and visitor engagement, positioning itself as a key resource for travel planning in Luxembourg. Technically, the site is built on TYPO3 CMS, employs Cookiebot for cookie consent management, and integrates Google Tag Manager and CrowdRiff for analytics and visual content. The site is well-optimized for mobile and accessibility, with good SEO practices and moderate performance. Security posture is solid with HTTPS enforced and cookie consent mechanisms, though explicit security headers could be improved. The absence of WHOIS data and explicit contact information slightly reduces business credibility but does not detract from the overall professionalism. Strategic recommendations include enhancing security header implementation, publishing security policies, and improving transparency around contact details.

U

Up Luxembourg

up-luxembourg.lu

0

Up Luxembourg is a medium-sized company operating in the finance sector, specializing in digital employee benefits such as meal vouchers, gift vouchers, and discount platforms. It is part of the international Up Group cooperative, which has a strong presence in Europe. The website is professionally designed, multilingual, and optimized for SEO and mobile use. The technical infrastructure is modern, leveraging WordPress CMS, AWS hosting, and advanced JavaScript libraries for animations and user experience. Security posture is good with HTTPS enforced and privacy compliance evident through GDPR-aligned cookie consent mechanisms. However, explicit security policies and incident response contacts are not published, representing an area for improvement. Overall, the website is trustworthy, well-branded, and serves its target audience effectively.

B

Blickwinkel AG

blickwinkel.lu

0

Blickwinkel AG is a marketing, design, and communication agency based in Luxembourg, offering pragmatic and creative solutions in branding, content creation, print, and online media. The website is professionally designed, targeting businesses seeking marketing services, and is presented primarily in German. The technical infrastructure includes modern JavaScript libraries such as three.js, jQuery, and Swiper, and the site is managed via CONTENS CMS. The website enforces HTTPS and includes a cookie consent mechanism compliant with GDPR, reflecting a good level of privacy compliance. However, the absence of WHOIS data limits the ability to fully verify domain legitimacy and registration details. No explicit contact emails or phone numbers were found in the provided content, which slightly impacts business credibility. Security posture is moderate with HTTPS enforced but lacks visible security headers in the provided data. Overall, the site is professional and trustworthy but would benefit from improved transparency in domain registration and contact information.

D

DZ PRIVATBANK S.A.

dz-privatbank.com

0

DZ PRIVATBANK S.A. is a specialized financial institution focusing on private banking, fund services, and currency loans within the cooperative banking group Volksbanken Raiffeisenbanken. With headquarters in Luxembourg and multiple locations in Germany and Switzerland, it offers tailored wealth management and asset servicing solutions. The website reflects a professional and consistent brand presence, targeting private banking clients, fund initiators, and institutional investors. Technically, the site employs modern tracking and consent management tools, ensuring GDPR compliance and a good user experience across devices. Security posture is strong with HTTPS and no visible vulnerabilities, though some security headers and explicit policies could be improved. However, the domain WHOIS data is missing, raising concerns about domain registration legitimacy that should be further investigated. Overall, the site is trustworthy and professionally maintained, but domain registration inconsistencies reduce the trust score.

F

FEDIL

fedil-echo.lu

0

FEDIL écho is a well-established business publication founded in 1920 and operated by FEDIL, focusing on economic and social news relevant to Luxembourg's manufacturing, construction, and business services sectors. The website serves as a platform for articles, interviews, opinions, and legal chronicles, targeting industry professionals and companies. Technically, the site is built on WordPress with common plugins such as Gravity Forms and Yoast SEO, hosted by hostinginterface.eu, and includes modern features like Google Tag Manager and GDPR-compliant cookie consent. Security posture is adequate with HTTPS enabled and no exposed sensitive data, though it lacks advanced security headers and formal security policies. Privacy compliance is strong, with a clear privacy policy and cookie consent mechanism. The site demonstrates good content quality, professional design, and clear navigation, making it a trustworthy source for its audience.

F

FEDIL - The Voice of Luxembourg's Industry

hellofuture.lu

0

Hello Future is a Luxembourg-based platform dedicated to promoting careers and qualifications in the industrial sector. Supported by FEDIL, the Luxembourg government, and the Chamber of Commerce, it targets students, educators, and young professionals by providing sector information, internship opportunities, and educational resources. The website is professionally designed with consistent branding and clear navigation, reflecting a strong market position in industry promotion within Luxembourg. Technically, the site is built on WordPress with modern plugins and frameworks, offering good mobile optimization and moderate performance. Security measures include HTTPS, GDPR-compliant cookie consent, and Google reCAPTCHA integration, though some HTTP security headers could be improved. Overall, the site demonstrates a solid security posture with no critical vulnerabilities detected. Contact information is comprehensive, including phone, email, physical address, and social media channels, enhancing business credibility. The domain registration aligns with the website's claims, supporting legitimacy. Strategic recommendations include enhancing security headers, adding explicit security policies, and maintaining regular updates to plugins and CMS for continued security and compliance.

F

FEDIL

fedil.lu

0

FEDIL is a well-established multisector entrepreneurial federation based in Luxembourg, representing over 750 members across 37 sectors and accounting for 35% of the country's GDP. Founded in 1918, it serves as a key voice for Luxembourg's industrial and entrepreneurial community, providing advocacy, events, publications, and networking opportunities. The website is professionally designed, multilingual, and content-rich, reflecting the organization's authoritative market position. Technically, the website is built on WordPress with modern plugins and libraries such as jQuery and Google Tag Manager. It demonstrates good mobile optimization, accessibility, and SEO practices. The presence of a cookie consent mechanism and GDPR charter indicates a mature approach to privacy compliance. Security-wise, the site enforces HTTPS and uses cookie consent but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. The WHOIS data shows standard name servers with no privacy protection, consistent with a legitimate business presence. Overall, FEDIL's website presents a strong, trustworthy digital presence with minor areas for security enhancement. It effectively supports the organization's business goals and stakeholder engagement.

The University of Luxembourg is an international research university with a multilingual and interdisciplinary character, serving students and researchers primarily in Luxembourg. The website reflects a professional academic institution with a focus on education and research services. The digital infrastructure is built on WordPress with advanced SEO and privacy tools such as Yoast SEO Premium, Matomo analytics, and Cookiebot for cookie consent management. The site demonstrates good mobile optimization, accessibility, and user experience. Security posture is solid with HTTPS and privacy-aware analytics, though explicit security headers and incident response information are lacking. WHOIS data is unavailable, limiting domain trust assessment, but the website content and branding strongly support legitimacy. Overall, the site is well-maintained, privacy-conscious, and professionally presented.

The website at mercedes-benz.lu is currently inaccessible, returning a 502 Bad Gateway error with minimal HTML content. This prevents any meaningful extraction of business, security, or compliance information. Mercedes-Benz is a globally recognized automotive brand, and this domain likely serves the Luxembourg market. However, the current server error blocks access to any digital assets or customer-facing content. The technical infrastructure appears to be hosted or managed via corpinter.de/net name servers, but no further hosting or CMS details are available. Security posture cannot be evaluated due to lack of accessible content and absence of security headers or HTTPS confirmation. Overall, the site is non-functional at this time, representing a critical risk for business continuity and customer trust.

F

Fondation Restena

dns.lu

0

The website dns.lu is the official registry for the .lu national domain extension, managed by Fondation Restena. It provides domain registration infrastructure, accreditation for registrars, and DNS services including DNSSEC support. The site is professionally designed using Drupal 10, with good mobile optimization and accessibility. Security posture is strong, evidenced by ISO 27001 certification and secure DNS practices, although some security headers and explicit policies could be improved. The WHOIS data confirms the legitimacy of the domain ownership with consistent registrant information. Overall, the site serves a critical national infrastructure role with a trustworthy and professional online presence.

F

Film Fund Luxembourg

filmfund.lu

0

Film Fund Luxembourg is a government-established entity founded in 1990 to promote and financially support the audiovisual production sector in Luxembourg. It operates as the official national film fund, providing selective funding programs for development, production, distribution, and promotion of audiovisual projects. The website reflects a mature digital presence with comprehensive content tailored to industry professionals and producers. Technically, the site is built on WordPress with modern SEO and accessibility features, integrating Google Tag Manager and reCAPTCHA for security and analytics. Security posture is strong with HTTPS, cookie consent management, and secure form handling, though some HTTP security headers could be improved. Overall, the site is trustworthy, professional, and compliant with GDPR and cookie regulations, supporting its role as a key industry player in Luxembourg's media sector.

S

Sooner

sooner.lu

0

Sooner is a Luxembourg-based streaming platform specializing in independent cinema, offering a curated selection of classics, European films, and award-winning international movies. The platform targets film lovers seeking niche and quality content through subscription plans and rental options. The business operates with a clear market position focusing on independent and European cinema, supported by a professional and consistent brand presence. Technically, the website leverages modern frameworks such as Next.js and Prismic CMS, with integrations for analytics and cookie compliance, indicating a mature digital infrastructure. Security posture is generally good with HTTPS enforced and cookie consent mechanisms in place; however, the absence of WHOIS data and security headers suggests areas for improvement. Overall, the platform presents a trustworthy and user-friendly experience, though domain transparency and explicit security policies could be enhanced to strengthen trust and compliance.

D

D'Filmakademie

dfilmakademie.lu

0

D'Filmakademie is a Luxembourg-based film academy dedicated to promoting cinema and audiovisual arts within the country. It organizes key cultural events such as the Lëtzebuerger Filmpräis, supports film professionals, and fosters community engagement through various activities and membership programs. The organization holds a significant position in Luxembourg's cultural landscape, supported by official sponsors including the Chamber of Commerce Luxembourg, CNA, and FilmFund Luxembourg. Technically, the website is built on WordPress, utilizing modern plugins and frameworks such as WPBakery Page Builder, Smart Slider 3, and Contact Form 7. It employs standard web technologies including jQuery, Tailwind CSS, and integrates Google Analytics and Tag Manager for analytics. Hosting is provided by OVH, a reputable provider. The site is mobile-optimized with good SEO practices and a professional design. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism compliant with GDPR. However, it lacks explicit security headers and publicly available security policies or incident response documentation. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the hosting provider and shows no suspicious patterns, supporting the legitimacy of the domain. Overall, the website demonstrates a strong commitment to privacy compliance and user experience, with clear contact information and trust indicators. Strategic improvements include enhancing security headers, publishing security policies, and adding vulnerability disclosure mechanisms to further strengthen the security posture.

C

Commune de Kopstal

kopstal.lu

0

The Commune de Kopstal website serves as the official digital presence for the local government of Kopstal, Luxembourg. It provides residents and visitors with comprehensive information about municipal services, news, events, publications, and administrative procedures. The site is well-structured, professionally designed, and targets local citizens and stakeholders. The business model is typical of a government entity focused on public service delivery and community engagement. Technically, the website is built on Drupal 10, leveraging modern web technologies including Tailwind CSS and Alpine.js for frontend interactivity. It integrates Piwik PRO for analytics and Usercentrics for GDPR-compliant cookie consent management, indicating a mature digital infrastructure with attention to privacy and user experience. The site is mobile-optimized and accessible, with good SEO practices. From a security standpoint, the site enforces HTTPS and implements cookie consent mechanisms. However, there is a lack of visible security headers and no published security or incident response policies, which are areas for improvement. The absence of WHOIS data due to a failed query reduces domain registration transparency, though the official .lu domain and consistent branding support legitimacy. Overall, the website is a reliable and professional government portal with strong content and technical foundations but could enhance its security posture and transparency regarding domain registration and privacy policies.

L

LuxDev

luxdev.lu

0

LuxDev is the Luxembourg agency for development cooperation, operating for over 45 years across Africa, Asia, Latin America, and Europe. The agency focuses on sustainable development, capacity building, climate action, digitalisation, and finance impact projects. Their market position is strong as a government agency with a medium-sized operational footprint and a clear mission to eradicate poverty and promote inclusive development. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support. Technically, the site is built on Drupal 10 with modern JavaScript frameworks like Alpine.js and uses Matomo for privacy-respecting analytics. Hosting is managed via EuroDNS nameservers, and the site is well-optimized for performance and mobile devices. Security posture is good with HTTPS enforced and cookie consent implemented, though explicit security headers and incident response policies are not publicly disclosed. Overall, the security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear cookie and privacy policies. The absence of direct contact information in the provided content is noted but may exist elsewhere. The domain WHOIS data aligns well with the agency's legitimacy and history. Strategically, LuxDev should consider publishing explicit security policies and incident response contacts to enhance trust further. Continuous monitoring of security headers and vulnerability disclosures will maintain a strong security posture.

R

renault

renault.lu

0

Renault Luxembourg operates as the official regional website for Renault in Luxembourg, providing comprehensive information on new vehicles including electric and hybrid models. The site targets consumers interested in purchasing Renault vehicles and offers configurators and promotional content. Technically, the site is built using modern React frameworks and integrates privacy compliance tools such as OneTrust for cookie consent, alongside Google Analytics for user tracking. The security posture is good with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and incident response contacts are not published. The absence of WHOIS data limits domain trust assessment, but the professional branding and content strongly indicate legitimacy. Overall, the site is well-designed, user-friendly, and compliant with GDPR, making it a reliable source for Renault vehicle information in Luxembourg.

1

1618 Investment Funds

1618am.com

0

1618 Investment Funds is a Luxembourg-based financial services company founded in 1992 and promoted by CBH Compagnie Bancaire Helvétique SA. It offers a comprehensive range of actively managed investment funds targeting institutional and private clients globally. The company emphasizes transparency and economic research, providing regular market insights to its clients. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to its target audience. Technically, the site is built on WordPress with modern plugins and SEO optimizations, delivering a moderate performance and good mobile experience. Security posture is adequate with HTTPS and reCAPTCHA integration, though improvements in DNSSEC and security headers are recommended. Privacy compliance is strong, featuring a comprehensive cookie policy and consent mechanism. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

A

apartdesignstudio

apart.lu

0

Apart Design Studio is a well-established digital design agency based in Luxembourg, specializing in creating, developing, and deploying comprehensive digital experiences. The company targets businesses and organizations seeking professional digital creative services. Their market position is supported by a portfolio of case studies and a consistent brand presence across social media and their website. Technically, the website is built on TYPO3 CMS, leveraging modern JavaScript libraries and analytics tools like Piwik PRO and Facebook Pixel, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, reflecting good digital maturity. Security-wise, the website enforces HTTPS, uses cookie consent mechanisms, and avoids exposing sensitive data, though it lacks explicit security policies and incident response information. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, with room for improvement in formal security documentation and enhanced security headers.