Security Directory

N

National Library of Finland (University of Helsinki)

finna.fi

0

Finna.fi is a Finnish national search portal operated by the National Library of Finland under the University of Helsinki. It aggregates cultural heritage, scientific, and educational materials from archives, libraries, museums, and other institutions, providing a comprehensive resource for researchers, educators, and the general public. The website is well-established since 2012 and holds a strong market position as a trusted government/non-profit service. Technically, the site uses modern frameworks such as VuFind and Solr, with Cloudflare DNS and Matomo analytics, ensuring fast performance, mobile optimization, and good accessibility. Security posture is strong with HTTPS, nonce-based CSP, and cookie consent mechanisms, though DNSSEC is not implemented and no explicit security policy or incident response contacts are published. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations.

T

Trimble

asiointi.fi

0

The website upa.trimble.com/fi-fi/ratkaisut/asiointi serves as a Finnish regional portal for Trimble's Utilities & Public Administration division. Trimble is a global technology company specializing in advanced solutions for sectors such as energy, public administration, and utilities. The site targets Finnish utilities and public sector organizations, offering digital transformation and operational efficiency solutions. The business model is B2B, focusing on providing software and technology services to utility companies and government entities. The website branding and content align well with Trimble's global identity, indicating a strong market position in the regional sector. Technically, the website employs modern web technologies including React, Webpack, and integrates multiple marketing and analytics tools such as Google Tag Manager, Google Analytics, Marketo Munchkin, and Leadfeeder. The site is moderately optimized for performance and mobile use, with basic accessibility features. However, explicit security headers and privacy policies are not evident in the provided HTML snapshot, suggesting areas for improvement in compliance and security transparency. From a security perspective, the site uses HTTPS and does not expose sensitive data in the HTML. No WAF or blocking mechanisms were detected, and no vulnerabilities were apparent from the content. However, the absence of visible security headers and privacy/cookie policies reduces the overall security posture score. Incident response and vulnerability disclosure information are also missing, which could be enhanced to improve trust and compliance. Overall, the website is professional, trustworthy, and aligned with Trimble's business objectives. The main risks relate to privacy compliance and security transparency, which can be addressed by adding clear policies and security headers. The domain WHOIS data for the subdomain is not available, which is typical, but the main domain trimble.com is well-established and legitimate, supporting the site's credibility.

T

Timmi Software Oy

timmi.fi

0

Timmi Software Oy is a Finnish software company specializing in time management and smart infrastructure solutions for public sector and healthcare organizations. With over 30 years of experience, they serve more than 100 Finnish companies and public institutions, offering products like Smart City and Smart Hospital software. Their market position is strong within Finland, supported by trusted client references and a focus on integration and ease of use. Technically, the website is built on Webflow with modern analytics and consent tools, demonstrating digital maturity and good performance. Security posture is solid with HTTPS, reCAPTCHA, and cookie consent, though explicit security policies and headers could be improved. Overall, the company presents a professional, trustworthy online presence with clear contact channels and compliance with GDPR.

C

Cloudpermit Oy

lupapiste.fi

0

Lupapiste, operated by Cloudpermit Oy, is a Finnish government-related online platform providing comprehensive services for construction permits and related permit acquisition processes. The platform targets Finnish residents and businesses involved in construction, offering a streamlined digital service including permit applications and an e-commerce store for permit documents. The website integrates official Finnish identity verification via Suomi.fi, enhancing trust and security for users. Technically, the website employs standard modern web technologies including HTML5, CSS3, and JavaScript, with a third-party LeadDesk chat widget for customer support. The site is mobile-optimized and presents a professional design with clear navigation. However, some technical improvements are needed, such as fixing the anti-CSRF token implementation and adding security headers to strengthen the security posture. Security-wise, the site enforces HTTPS and uses strong authentication mechanisms but lacks visible security headers and a cookie consent mechanism, which are important for GDPR compliance. No critical vulnerabilities were detected, but the placeholder anti-CSRF token suggests a potential security misconfiguration. Overall, the security posture is moderate but can be improved with targeted measures. The overall risk assessment is low, with the website appearing legitimate, trustworthy, and professionally maintained. Strategic recommendations include fixing security token implementation, enhancing privacy compliance with cookie consent, and publishing explicit security and incident response policies to improve transparency and user trust.

Kulutus-Web is a demonstration website for CGI's utility consumption management service, primarily targeting Finnish utility providers and their customers. The site offers a preview of the service but does not support actual meter reading input or report viewing. The business model is focused on service demonstration rather than direct customer interaction or transactions. The website is minimalistic, with basic content and limited technical sophistication. Technically, the site uses minimal JavaScript and static HTML with no detected CMS or advanced frameworks. The hosting and DNS infrastructure is managed through standard registrar services, but no HTTPS or security headers are evident, indicating a low level of digital maturity. The site lacks privacy, cookie, and terms of service policies, and no contact or business information is provided, limiting user trust and compliance. From a security perspective, the absence of HTTPS and security headers is a significant weakness. No vulnerabilities or malicious content were detected, but the lack of privacy and security policies and contact channels reduces the site's security posture. The domain is well aged and registered through a reputable registrar, which supports legitimacy, but the site itself is a basic demo with limited business credibility. Overall, the site scores low to moderate on content quality, technical implementation, and security posture, with critical gaps in privacy compliance and business credibility. Strategic improvements in security, privacy, and user engagement are recommended to enhance trust and compliance.

Ramboll Group is a leading international design and consultancy firm specializing in sustainable solutions across private and public sectors worldwide. With over 18,000 experts, Ramboll delivers engineering, environmental, and construction consulting services focused on creating positive societal impact. The website reflects a mature digital presence with modern technologies such as Next.js, React, and Chakra UI, supported by advanced analytics and consent management tools. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, although the absence of a public security policy and incident response contact is noted. The missing WHOIS data is unusual but does not detract significantly from the overall trustworthiness given the professional branding and comprehensive content. Strategic recommendations include publishing explicit security and incident response policies and verifying domain registration details for completeness.

L

Liana Technologies Oy

liana.fi

0

Liana Technologies Oy is a Finnish technology company specializing in digital marketing and communication tools under the Liana®Cloud product family. The company targets marketing and communication teams, offering SaaS solutions such as marketing automation, email marketing, webinar hosting, and analytics. The website reflects a professional and consistent brand image with a focus on digital marketing efficiency. Technically, the site employs modern web technologies including jQuery, Bootstrap, Matomo analytics, and integrates third-party services like Stripe for payments and Pipedrive for chatbot functionality. Security posture is strong with HTTPS enforced, cookie consent implemented, and privacy-respecting analytics in use. However, explicit privacy policies and terms of service pages were not found in the provided content, indicating room for improvement in compliance transparency. Overall, the website is well-designed, mobile-optimized, and trustworthy, with a moderate to high security maturity level.

S

Synology Inc.

sy.to

0

Synology Inc. is a well-established technology company specializing in data management, storage, backup, and cloud solutions. The company offers a broad portfolio of products including NAS and SAN storage systems, backup and recovery solutions, surveillance systems, networking devices, and productivity software. Positioned as a global leader in the data storage industry, Synology targets both business and individual users seeking scalable and secure data management platforms. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional branding consistent with its market position. Technically, the website employs modern web technologies such as Vue.js and jQuery, integrates Google Tag Manager and LiveChat for analytics and customer engagement, and demonstrates good performance and mobile optimization. The site is well-structured with proper SEO and accessibility considerations, indicating a high level of digital maturity. From a security perspective, Synology demonstrates strong commitment through HTTPS enforcement, detailed security policies, a secure development lifecycle, supply chain risk management, and a public bounty program. Cookie consent mechanisms and privacy policies align with GDPR compliance, enhancing user trust. No critical vulnerabilities or security issues were detected in the analysis. Overall, the website presents a low-risk profile with strong business credibility, technical robustness, and privacy compliance. Strategic recommendations include publishing a security.txt file to facilitate vulnerability reporting and explicitly listing a Data Protection Officer contact to further enhance compliance transparency.

CIRCUS DESIGN s.r.o. is a Czech Republic-based UX agency specializing in user experience design, user research, consulting, prototyping, and design services. The company has a clear market position supported by a portfolio of reputable clients and active community engagement through events like UX Circus. Their website reflects a professional and consistent brand image targeting businesses seeking UX expertise. Technically, the site uses modern frameworks such as Bootstrap and jQuery, with integration of analytics tools like Google Analytics and Hotjar, indicating a moderate level of digital maturity. However, the absence of explicit privacy and cookie policies suggests gaps in compliance. Security posture is moderate with HTTPS usage but lacks visible security headers and vulnerability disclosures. WHOIS data is unavailable, limiting domain legitimacy verification, but the business information on the site appears credible and transparent. Overall, the website is well-designed and functional but would benefit from enhanced security and privacy practices.

F

Fondation Restena

my.lu

0

The website my.lu/fr is the official platform managed by Fondation Restena for registering and managing .lu domain names. It offers two modes of domain management: classical paper forms and a modern online platform launched in June 2023. The site targets individuals and organizations in Luxembourg seeking .lu domain services. The business is positioned as the official registrar for .lu domains, providing trusted and secure domain management services. Technically, the site is built on Drupal 10 with modern frontend technologies including lazy loading images and Font Awesome icons. It is mobile optimized and accessible with good SEO practices. Security posture is solid with HTTPS and secure forms, though explicit security headers and policies are not published. Privacy and cookie policies are not found, indicating room for compliance improvement. WHOIS data confirms the legitimacy of the domain and its management by Fondation Restena. Overall, the site is professional, trustworthy, and safe for general audiences.

P

Poutapilvi

poutapilvi.fi

0

Poutapilvi is a Finnish digital agency specializing in digital service design, WordPress and WooCommerce development, and content marketing support. The company positions itself as a reliable partner for businesses and organizations seeking professional web solutions, emphasizing accessibility, usability, and customer service excellence. Their market presence is supported by multiple references and a high credit rating, indicating strong business credibility. Technically, the website is built on WordPress with a modern tech stack including Algolia search, Matomo analytics, and Google Tag Manager. The site demonstrates excellent performance, mobile optimization, and accessibility features, reflecting a mature digital infrastructure. Privacy compliance is well addressed with clear cookie consent mechanisms and comprehensive privacy policies. Security posture is solid with HTTPS enforced and privacy-respecting analytics, though the absence of explicit security policies and incident response contacts suggests room for improvement. No critical vulnerabilities or suspicious indicators were found, supporting a high trust level. Overall, Poutapilvi presents a professional, secure, and privacy-conscious digital presence suitable for its target audience. Strategic enhancements in security transparency and incident readiness would further strengthen their position.

L

Liedon Innovaatiokampus Oy

liedoninnovaatiokampus.fi

0

Liedon Innovaatiokampus Oy is a municipally owned innovation campus located in Lieto, Finland, established in 2023. It serves as a collaborative platform bringing together various business services, employment, education, logistics, and capital solutions to support local business growth and networking. The website reflects a regional government entity focused on fostering innovation and business development within the community. Technically, the site is built on WordPress with modern plugins for SEO, analytics, and cookie consent, hosted likely by Elisa Oyj. The site is well-structured, mobile-optimized, and provides clear navigation and relevant content for its target audience. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Overall, the domain registration details align well with the business identity, indicating high legitimacy and trustworthiness.

L

Etusivu | Liedon Lämpö

liedonlampo.fi

0

Liedon Lämpö appears to be a small Finnish company operating in the energy sector, likely providing heating-related services or products. The website is built on the Wix platform and uses Wix's Thunderbolt framework and standard JavaScript libraries. The site content is minimal, lacking detailed business descriptions, contact information, or compliance documentation. Technically, the site is moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. Security posture is adequate with HTTPS and some JavaScript hardening but missing important security headers and explicit privacy or cookie policies. Overall, the site presents a moderate risk profile due to limited transparency and compliance information.

M

Mealdoo

mealdoo.com

0

The website mealdoo.com presents minimal accessible content, primarily a basic Angular-based landing page with no visible business description, contact information, or policies. The domain is relatively new, registered in late 2022, consistent with a startup or new business. The technical infrastructure includes modern frontend technology (Angular 18.2.13) and hosting likely on AWS, but lacks visible security headers or HTTPS confirmation in the provided data. No privacy or cookie policies are present, indicating low privacy compliance. The absence of contact details and business information reduces trustworthiness and business credibility. Overall, the site appears to be in an early development or placeholder state with limited user engagement features.

S

Seravo

seravo.com

0

Seravo is a Finnish company specializing in premium managed WordPress hosting services, focusing on site speed, security, and automatic updates with continuous 24/7 monitoring. The company positions itself as a niche provider targeting WordPress site owners and agencies seeking reliable and secure hosting solutions. Their business model is subscription-based, emphasizing high-quality service and compliance with industry standards such as ISO 27001 and GDPR. The website reflects a professional and consistent brand image with comprehensive business and security information.

V

Visit Naantali

visitnaantali.com

0

Visit Naantali operates as the official tourism website for the Naantali region in Finland, providing comprehensive information about local attractions, events, accommodations, and activities. The site targets tourists and visitors seeking to explore Naantali, positioning itself as a trusted and authoritative source for travel planning in the area. The business model focuses on tourism promotion and visitor engagement through digital content and booking facilitation. Technically, the website is built on WordPress with modern technologies including Bootstrap 5 for responsive design, Yoast SEO for search optimization, and Cookiebot for GDPR-compliant cookie consent management. The infrastructure includes Google Tag Manager and Matomo Analytics for tracking and performance monitoring. The site demonstrates good mobile optimization and accessibility features, though some accessibility aspects could be enhanced. From a security perspective, the website enforces HTTPS and employs clientTransferProhibited status on the domain to prevent unauthorized transfers. Cookie consent is actively managed, and no critical vulnerabilities or exposed sensitive data were detected. However, DNSSEC is not enabled, and additional HTTP security headers could be implemented to strengthen security posture further. Overall, the website presents a professional, trustworthy, and user-friendly platform for tourism promotion with a solid technical foundation and good privacy compliance. The absence of explicit privacy policy and terms of service pages in the scanned content is a gap that should be addressed to improve compliance and user trust.

Rek.ai, operated by Sandskogen AI Aktiebolag, is a Swedish technology company specializing in AI-driven website personalization solutions. Founded in 2018, the company targets businesses seeking to enhance user engagement through personalized web experiences. The website reflects a professional and consistent brand image, with content primarily in Swedish and localized language options. Their market position is that of a niche AI personalization provider within the Scandinavian region, offering services centered on AI-powered personalization and analytics.

G

Grade Solutions Oy

kuntarekry.fi

0

Kuntarekry.fi is a Finnish job portal specializing in open municipal sector job listings across Finland. Operated by Grade Solutions Oy, the platform offers thousands of job opportunities and facilitates job application submissions for Finnish job seekers. The website is professionally designed with good SEO and mobile optimization, targeting a national audience interested in municipal employment. Technically, the site uses standard web technologies including HTML5, CSS3, and JavaScript, with integrations to Google APIs for performance and resource loading. Security posture is adequate with HTTPS enabled and Google site verification present; however, the absence of security headers and privacy policies indicates room for improvement in compliance and security best practices. Overall, the domain registration is consistent and trustworthy, matching the business entity and country. The site is safe for general audiences with no adult or explicit content detected.

T

THEMESPRIDE

themespride.com

0

THEMESPRIDE operates as a specialized e-commerce platform offering premium WordPress themes and theme bundles primarily targeting web developers, designers, and businesses seeking professional website templates. The company leverages the Shopify platform to deliver a streamlined shopping experience, supported by integrations with marketing and analytics tools such as Google Tag Manager, Facebook Pixel, Klaviyo, and Judge.me for customer reviews. The website presents a professional design with clear navigation and mobile optimization, enhancing user experience and engagement. From a technical perspective, THEMESPRIDE utilizes a modern tech stack centered around Shopify's Dawn theme, supported by JavaScript libraries like jQuery and various third-party scripts for analytics and marketing. The site benefits from Shopify's hosting infrastructure, ensuring fast performance and reliable uptime. Security measures include HTTPS enforcement and the use of hCaptcha for form protection, alongside a cookie consent mechanism compliant with GDPR requirements. However, explicit security headers and a dedicated security policy are absent, representing areas for improvement. The security posture is generally sound with no evident vulnerabilities or exposed sensitive data. Privacy compliance is well addressed through comprehensive privacy and cookie policies, though incident response and vulnerability disclosure information are lacking. The absence of WHOIS data due to privacy protection or unregistered status slightly diminishes trust but is common among small e-commerce businesses. Overall, THEMESPRIDE demonstrates a mature digital presence with room to enhance transparency and security best practices. Strategically, THEMESPRIDE should focus on implementing explicit security headers, publishing a security policy, and establishing incident response contacts to bolster trust and compliance. Regular audits of third-party scripts and enhanced transparency on data retention will further strengthen their security and privacy posture. These steps will support sustained growth and customer confidence in a competitive market.

L

Home | Luxembourg. Our Common Ground.

luxembourg-ourcommonground.lu

0

The website 'Luxembourg. Our Common Ground.' serves as a cultural and promotional platform highlighting Luxembourg's diversity, multilingualism, and inclusive society. It targets a general audience interested in Luxembourg's heritage, culture, and tourism. The site features rich multimedia content including images, videos, and interactive galleries, supported by modern web technologies such as Typekit fonts, Glide.js carousels, and lazy loading for performance optimization. Cookie consent is managed via CookieYes, indicating some level of privacy compliance. However, the absence of explicit privacy policy, terms of service, and contact information limits transparency and user trust. The WHOIS data is unavailable due to a malformed domain query, which reduces confidence in domain legitimacy but does not necessarily indicate malicious intent. Overall, the site is professionally designed and well-branded, with strong cultural and tourism messaging.

T

TSC

tsc.lv

0

TSC is a Latvian-based service provider specializing in the repair of mobile phones, tablets, smartwatches, laptops, electric scooters, and audio equipment. The company targets general consumers in Latvia seeking device repair services. The website is professionally designed with consistent branding and provides clear information about its services, primarily in Latvian. The business operates in the technology sector with a small company size and a local market focus. Technically, the website employs modern technologies including Bootstrap for responsive design, Google Tag Manager for analytics, and Cookiebot for cookie consent management. The site uses HTTPS with good SSL configuration and includes security headers, indicating a solid technical foundation. Performance is moderate with good mobile optimization and basic accessibility features. From a security perspective, the website demonstrates good practices such as enforced HTTPS, cookie consent mechanisms, and no visible exposure of sensitive data. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure information. Privacy compliance is strong with clear privacy and cookie policies and GDPR adherence. Overall, the website presents a trustworthy and professional online presence with moderate technical maturity and good privacy compliance. Strategic improvements could focus on enhancing accessibility, publishing security policies, and adding incident response information to strengthen security posture and user trust.

The website www.kn.lt is currently inaccessible due to a Cloudflare security challenge page that requires human verification via Turnstile captcha. This prevents access to any meaningful content or business information. The WHOIS query for the domain failed, returning an invalid domain name error, indicating possible registration or configuration issues. No metadata, privacy policies, contact information, or business details are available for analysis. The technical infrastructure is protected by Cloudflare services, but no further technical or security details can be assessed due to the blocked content. Overall, the site lacks publicly accessible information, which severely limits trust and credibility assessments.

Š

Škola kreativní fotografie s.r.o.

nauctesefotit.cz

0

Škola kreativní fotografie s.r.o. is a private photography school based in Prague, Czech Republic, offering a variety of photography courses, workshops, and certification programs primarily targeting photography enthusiasts and students preparing for art schools. The website is professionally designed using WordPress with modern plugins and technologies such as Yoast SEO and Google reCAPTCHA, ensuring a secure and user-friendly experience. However, the absence of WHOIS data and privacy/cookie policies indicates areas for improvement in transparency and compliance. The site demonstrates good security posture with HTTPS and form protections but lacks some security headers and formal privacy documentation. Overall, the business appears legitimate and well-established with a strong local presence and partnerships, though domain registration details should be clarified to enhance trust.

K

Kampus Hybernská

kampushybernska.cz

0

Kampus Hybernská is a cultural and educational hub located in Prague, focusing on fostering creativity, innovation, and academic collaboration. The website showcases a variety of events including lectures, performances, exhibitions, and workshops aimed at students, artists, researchers, and the general public. The platform is supported by partnerships with the Prague city government and Charles University, enhancing its credibility and community impact. Technically, the site is built on Webflow with modern JavaScript libraries and includes analytics and marketing tools such as Google Analytics and Facebook Pixel. Security posture is strong with HTTPS and security headers in place, complemented by GDPR-compliant privacy and cookie policies. However, the absence of WHOIS data limits domain trust verification. Overall, the website presents a professional, trustworthy, and well-maintained digital presence for a medium-sized educational and cultural institution.

H

HESTIA

hest.cz

0

HESTIA is a Czech non-profit organization established in 2001, specializing in volunteer services, coordination, and educational programs. The website presents a well-structured platform offering multiple volunteer programs, corporate volunteering initiatives, and training courses. It targets volunteers, non-profit organizations, companies interested in corporate social responsibility, donors, and media. The organization maintains partnerships with government bodies and foundations, enhancing its credibility and market position within the Czech Republic's volunteer sector. Technically, the website uses a custom CMS (Toolkit) hosted by ECN Studio, with integration of Google Analytics and Google Tag Manager for visitor tracking. The site is mobile-optimized with good navigation and content quality. However, some technical improvements are recommended, including the implementation of security headers and enhanced accessibility features. From a security perspective, the site uses HTTPS (implied by external Google Analytics scripts loaded over HTTPS), has a cookie consent mechanism compliant with GDPR, and does not expose sensitive data. There is no visible security or incident response policy, and no contact emails or phone numbers are provided on the homepage, which could be improved for transparency and user trust. Overall, the website is professional, trustworthy, and serves its non-profit mission effectively. Strategic recommendations include enhancing security headers, publishing explicit security and incident response policies, and providing clearer contact information to improve user confidence and compliance posture.

A

AI • DESIGN

aidesign.cz

0

AI • DESIGN is a small architectural design firm based in the Czech Republic, specializing in residential, interior, staircase, public, and private building projects. The website is professionally designed using the Squarespace platform, featuring clear navigation and good mobile optimization. The firm highlights significant projects such as the new Žižkov Center and a cultural and congress center in Zlín, indicating active engagement in notable architectural developments. Technically, the site employs modern web technologies and enforces HTTPS with HSTS, reflecting a good security baseline. However, the absence of visible privacy policies, cookie consent mechanisms, and contact information limits compliance and transparency. The WHOIS data is unavailable, likely due to privacy protection, which is common for small businesses but reduces domain trust verification. Overall, the website presents a professional image with moderate trustworthiness but would benefit from enhanced privacy and compliance disclosures.

C

Czech Repubrick

czechrepubrick.cz

0

Czech Repubrick is a small retail and educational business focused on Lego products, exhibitions, and educational programs for schools and companies. The website is built on the Wix platform, featuring a professional design and moderate technical maturity. It uses standard web technologies including JavaScript, jQuery, Google Analytics, and Poptin for marketing and analytics. Security posture is moderate with HTTPS enforced and cookie consent implemented, but lacks explicit security headers and published privacy policies. The absence of WHOIS registrant data reduces transparency and trustworthiness. Overall, the website is accessible and content is family-friendly, targeting Lego enthusiasts and educational institutions.

C

CANS Global

cans.com

0

CANS Global is a small Czech Republic-based e-commerce company specializing in natural sparkling alpine water with real fruit juice. The company emphasizes purity and natural ingredients, targeting general consumers interested in healthy beverage options. The website is built on the Shopify platform, leveraging modern web technologies and analytics tools such as Google Analytics and Microsoft Clarity. The site is well-designed, mobile-optimized, and provides a good user experience, although it lacks some standard compliance documents such as privacy policy and terms of service. Security posture is adequate with HTTPS and domain protections but could be improved by enabling DNSSEC and publishing security policies. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the business.

E

ekolo.cz s.r.o.

ekolo.cz

0

Ekolo.cz s.r.o. operates a leading Czech e-commerce and physical retail platform specializing in electric bicycles and related accessories. Established in 2007, the company has built a strong market position with over 18 years of experience, offering a wide range of products including over 700 e-bike variants from 16 manufacturers. Their services include sales, rental, and servicing of e-bikes, targeting cycling enthusiasts and urban commuters primarily in the Czech Republic. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive product information. Technically, the site leverages modern JavaScript libraries such as Swiper.js, Google Tag Manager, and integrates security features like Google reCAPTCHA to protect user interactions. Hosting is inferred to be on DigitalOcean with CDN support for performance. Security posture is strong with HTTPS enforced and secure form handling, though some HTTP security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies, GDPR adherence, and consent mechanisms. Contact information is transparent and includes multiple channels. Overall, the site demonstrates high professionalism, trustworthiness, and digital maturity.

3

Pizza your way | 360 Pizza

360pizza.com

0

360 Pizza operates an e-commerce platform focused on pizza ordering and courier shipping services. The website presents a modern, visually consistent brand with a focus on user experience and mobile optimization. The business appears to be established since 2005, with a domain age supporting its longevity. The technical infrastructure leverages modern web technologies including React with Next.js, Mapbox for mapping, and multiple analytics platforms such as Google Analytics, TikTok, Facebook, and Smartlook. Cookie consent is managed via Cookiebot, indicating some level of privacy compliance awareness. However, explicit privacy policies, terms of service, and contact information are not found on the analyzed page, which may impact user trust and regulatory compliance. Security posture is generally good with HTTPS enforced and domain transfer protection enabled, but DNSSEC is not enabled, and security headers beyond domain status are not explicitly identified. Overall, the website is functional and professional but could improve transparency and compliance documentation.

B

Bageterie Boulevard

bb.cz

0

Bageterie Boulevard is a well-established fast casual gourmet sandwich and food service chain primarily operating in the Czech Republic with some presence in Slovakia. The company offers a variety of freshly prepared sandwiches and related products, emphasizing quality and speed. Their business model includes physical retail locations, online ordering platforms, catering services, and franchise opportunities. The website reflects a mature digital presence with multiple branches listed, a mobile app promotion, and loyalty programs. Technically, the site uses a mix of legacy and modern web technologies including jQuery, Google Maps API, and various marketing and analytics tools such as Google Analytics, Facebook Pixel, and Cookiebot for consent management. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and vulnerability disclosure policies are absent. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, supporting a large retail hospitality business.

M

Městská část Praha 4

praha4.cz

0

Městská část Praha 4 operates as the official municipal government website for the Prague 4 district in the Czech Republic. It provides residents and visitors with comprehensive information on local government services, news, events, and public resources. The site targets local citizens and stakeholders, offering key services such as online forms, contact directories, event calendars, and public announcements. The website is well-positioned as a trusted source of municipal information with a consistent brand and clear communication channels including social media integration. Technically, the website is built on legacy ASP.NET WebForms technology with Telerik UI components and uses older versions of jQuery. It employs security scripts like Barracuda and FingerprintJS for visitor identification and basic protection. Hosting and domain registration are managed by Active24, a reputable provider. Performance and mobile optimization are moderate, with room for modernization and improved accessibility. From a security perspective, the site enforces HTTPS and includes cookie consent mechanisms, but lacks modern security headers such as CSP and X-Frame-Options. The use of outdated JavaScript libraries presents potential vulnerabilities. No explicit security or incident response policies are published. Overall, the security posture is adequate but could benefit from updates and enhanced controls. The domain WHOIS data is consistent with the website's municipal nature, showing a long-established registration since 1998 without privacy protection, reinforcing legitimacy. No suspicious or malicious content was detected, and the site is safe for general audiences. Strategic recommendations include updating technical components, enhancing security headers, and improving privacy and accessibility compliance to strengthen trust and resilience.

O

Open House Europe

openhouseeurope.org

0

Open House Europe is a non-profit cultural organization founded in 2023 and coordinated by the Public institution Architektūros fondas in Lithuania. It operates a network of architecture festivals across Europe, focusing on themes such as sustainability, accessibility, inclusion, and future heritage. The organization engages the public through events, volunteer programs, and annual summits, supported by European cultural funding and media partnerships. The website reflects a professional and consistent brand presence with rich content targeting architecture enthusiasts and the general public interested in urban heritage. Technically, the website is built on WordPress with modern technologies including Bootstrap, jQuery, and Lottie animations. It uses Yoast SEO for optimization and integrates Google Analytics and MailerLite for marketing and analytics. The site is mobile-optimized and performs moderately well, with good SEO and accessibility basics. From a security perspective, the site uses HTTPS with a valid SSL certificate and employs secure form handling with nonce tokens. However, DNSSEC is not enabled, and security headers are not explicitly detected. There is no visible security or incident response policy, and no cookie consent mechanism is implemented, which may impact GDPR compliance. The WHOIS data is consistent with the organization's claims, showing a legitimate and recently registered domain. Overall, the website presents a low-risk profile with strong business credibility and good technical implementation but could improve in privacy compliance and security best practices to enhance trust and regulatory adherence.

A

ANEXIA® Internetdienstleistungs GmbH

backboneeurope.com

0

Anexia Internetdienstleistungs GmbH operates Backbone Europe, a major network infrastructure project enhancing connectivity and DDoS protection across key European cities. The company provides IT services including software development, hosting, and network solutions primarily targeting enterprise customers. The website reflects a mature digital presence with modern technologies and interactive content, supporting a professional brand image. Security posture is moderate with HTTPS usage and domain transfer protection, but lacks DNSSEC and explicit security headers. Privacy compliance is partial, with a privacy policy linked externally but no cookie consent mechanism visible. Overall, the site is trustworthy and business-focused, with room for improvement in security and privacy transparency.

B

Business Finland

businessfinland.fi

0

Business Finland is a Finnish government agency dedicated to fostering growth by supporting Finnish companies in internationalization and innovation funding. The website serves as an authoritative portal for Finnish businesses seeking funding and international growth opportunities. It reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to its target audience. The technical infrastructure leverages modern technologies including Azure hosting, Google Tag Manager, and Cookiebot for consent management, indicating a well-maintained and secure platform. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit security policies and incident response contacts are not prominently published. Overall, the website demonstrates a high level of professionalism and trustworthiness suitable for a government entity.

Helsingin seurakuntayhtymä operates as a major religious and community service organization in Helsinki, Finland, providing a range of social and religious services to local residents and church members. The organization is well-established, with a domain registered since 2003, reflecting a stable presence in the community. The website serves as an informational and service portal, primarily in Finnish, targeting local audiences with clear contact and policy information. Technically, the website employs a modern but somewhat dated technology stack including Bootstrap 3 and standard web technologies like HTML5, CSS3, and JavaScript. Hosting and domain services are provided by Elisa Oyj, a reputable Finnish telecom provider. The site is mobile-optimized and performs moderately well, with good SEO and accessibility basics. From a security perspective, the website enforces HTTPS and includes standard security headers, though DNSSEC is not implemented. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place, aligning with GDPR requirements. However, explicit security policies and incident response contacts are not published. Overall, the website demonstrates a solid security posture and business credibility appropriate for a public non-profit organization. Strategic recommendations include implementing DNSSEC, publishing a vulnerability disclosure or security.txt file, enhancing accessibility, and maintaining regular security audits to ensure ongoing compliance and protection.

Yahoo is a major global internet brand operating a portfolio of websites and applications including Yahoo, AOL, Engadget, Rivals, In The Know, and Makers. The analyzed page is a Finnish language consent management interface for GDPR compliance, allowing users to accept or reject cookies and manage privacy settings. The business model centers on advertising and content delivery, targeting general internet users with a broad range of digital services. The website demonstrates consistent branding and good content quality aligned with Yahoo's corporate identity. Technically, the site uses standard web technologies including JavaScript and CSS, with some proprietary Yahoo libraries such as YAHOO.i13n.Rapid for analytics. The page is moderately optimized for performance and mobile devices, though accessibility and SEO could be improved. Security measures include CSRF tokens in forms, but no explicit security headers were detected in the provided data. The SSL configuration could not be assessed from the data but is expected to be standard for Yahoo domains. From a security and compliance perspective, the site shows good GDPR compliance with clear privacy and cookie policies linked, and a consent mechanism implemented. No contact or incident response information was found on this page, which is typical for a consent layer. The domain WHOIS data for the subdomain is not separately registered, which is normal for subdomains under a large corporate domain. Overall, the site is trustworthy and safe, with no adult or malicious content detected. Strategically, Yahoo should enhance security headers and accessibility features, improve SEO metadata, and consider publishing clear security and incident response policies linked from consent pages to strengthen trust and compliance posture.

D

DRUŠTVO CRVENOG KRIŽA ZAGREBAČKE ŽUPANIJE

dck-zagrebacka-zupanija.hr

0

The website represents the Croatian Red Cross Society of Zagreb County, a regional non-profit organization dedicated to humanitarian aid, blood donation, and volunteering. It serves the general public in Zagreb County and provides information and services aligned with the Red Cross mission. The site is built on a WordPress platform using modern themes and plugins, including Elementor and Modern Events Calendar Lite, indicating a moderate level of digital maturity. Accessibility features and GDPR-compliant cookie consent mechanisms are implemented, reflecting attention to user experience and privacy. Security posture is good with HTTPS enabled and no visible vulnerabilities, though some security headers could be improved. Overall, the site is trustworthy and professionally maintained, with clear branding and consistent content.

D

Društvo Crvenog križa Varaždinske županije

dck-vz.hr

0

Društvo Crvenog križa Varaždinske županije is a regional branch of the Croatian Red Cross, providing humanitarian aid, first aid training, blood donation campaigns, and volunteer coordination primarily for the Varaždin County community. The website is built on WordPress with common plugins such as Yoast SEO and Contact Form 7, featuring a modern design and good mobile responsiveness. Security posture is solid with HTTPS enforced and Google reCAPTCHA protecting forms, though additional HTTP security headers could improve defenses. Privacy compliance is evident with a cookie consent banner and a privacy policy page aligned with GDPR requirements. Contact information including emails, phone, and physical address is clearly presented, enhancing business credibility.

H

Hrvatski Crveni križ Društvo Crvenog križa Osječko-baranjske županije

dckobz.hr

0

Hrvatski Crveni križ Društvo Crvenog križa Osječko-baranjske županije is a regional humanitarian non-profit organization operating in Croatia's Osječko-baranjska županija. The organization focuses on community support, youth engagement, first aid training, disaster response, blood donation, and social welfare activities. Their website reflects a well-structured and content-rich platform that communicates their mission, projects, and news effectively to the general public and stakeholders. The organization maintains a consistent brand presence and provides multiple contact channels including email, phone, and a contact form, supported by active social media profiles.

H

Hrvatski Crveni križ - Gradsko društvo Crvenog križa Čakovec

crveni-kriz-cakovec.hr

0

The website www.crveni-kriz-cakovec.hr represents the Gradsko društvo Crvenog križa Čakovec, a local branch of the Croatian Red Cross. It provides humanitarian services including blood donation campaigns, volunteer coordination, social and health programs, and emergency response. The organization is well-established with a domain registered since 2009 and operates primarily in Croatia. The website targets the general public, volunteers, and vulnerable groups within the region. Technically, the site is built on WordPress with a modern plugin ecosystem, including accessibility and cookie consent tools, ensuring compliance with GDPR and accessibility standards. Security posture is good with HTTPS enforced and cookie consent mechanisms, though additional security headers could enhance protection. The site uses Google Analytics for user tracking with moderate privacy compliance. Overall, the website is professional, trustworthy, and serves as a reliable information and engagement platform for the Croatian Red Cross local branch.

D

Društvo Crvenog križa Krapinsko-zagorske županije

dckkzz-krapina.hr

0

Društvo Crvenog križa Krapinsko-zagorske županije is a regional non-profit humanitarian organization serving the Krapinsko-zagorska County in Croatia. The organization coordinates local Red Cross societies and provides key services such as blood donation campaigns, social welfare activities, emergency response, and addiction prevention programs. It also manages EU-funded projects to enhance its infrastructure and outreach. The website reflects a well-structured and content-rich platform that supports community engagement and transparency. Technically, the website is built on WordPress 6.8.1 with a modern tech stack including jQuery and several plugins for event management and content display. The site is mobile-optimized and uses HTTPS, ensuring secure communication. However, some security headers are not explicitly detected, and there is no cookie consent mechanism, which could be improved for better privacy compliance. From a security perspective, the site demonstrates good practices such as HTTPS enforcement and nonce usage in AJAX calls. The absence of exposed sensitive data and vulnerabilities in the visible content is positive. The WHOIS data is privacy protected, which is common for non-profits, but limits transparency. No incident response or security policies are published, which could be a gap in organizational security posture. Overall, the website is professional, trustworthy, and serves its community well. Strategic improvements in privacy compliance and security headers would enhance its security posture and regulatory adherence.

D

Društvo Crvenog križa Istarske županije

hck-istra.hr

0

Društvo Crvenog križa Istarske županije is a well-established regional humanitarian non-profit organization based in Croatia, focusing on blood donation, first aid, disaster response, and community social programs. With over 30 years of operation, it holds a strong market position in Istria County, supported by volunteers and partnerships. The website reflects a professional and consistent brand image, providing clear information and contact details to its audience. Technically, the site uses modern open-source libraries and frameworks like Bootstrap and jQuery, ensuring good mobile responsiveness and user experience. Security posture is moderate with room for improvement in HTTP security headers and documented security policies. Privacy compliance is strong, featuring GDPR-aligned privacy and cookie policies. Overall, the website is trustworthy, safe, and serves its community-focused mission effectively.

L

Living Room Conversations

livingroomconversations.org

0

Living Room Conversations is a US-based non-profit organization established in 2011, dedicated to fostering community dialogue and understanding through structured conversations. Their website serves as a platform to provide resources and frameworks to individuals and organizations interested in facilitating meaningful conversations. The organization operates in the non-profit sector with a focus on community engagement and education. Technically, the website is built on WordPress using popular plugins such as Elementor and GiveWP, hosted on SiteGround, and employs Google Analytics for visitor tracking. The site is mobile-optimized and presents a professional design with good navigation and content relevance. Security-wise, the site enforces HTTPS and has domain protections in place but lacks advanced security headers and published security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the website is trustworthy and functional but would benefit from enhanced privacy and security disclosures.

A

AllSides Education Fund

allsideseducationfund.org

0

AllSides Education Fund is a nonprofit organization dedicated to strengthening democratic society by enhancing media literacy, providing balanced news access, and fostering constructive conversations across political divides. Founded in 2015 as a joint initiative of AllSides, Living Room Conversations, and the Mediators Foundation, it offers educational resources, scholarships, and grants primarily targeting educators and community leaders. The website serves as a platform to promote these services and facilitate donations and grant applications. Technically, the website is built on WordPress using modern plugins such as Yoast SEO and GiveWP for donations, with a responsive design optimized for accessibility and SEO. Hosting is supported by Amazon AWS infrastructure, and the site employs Google Tag Manager for analytics and tracking. While the site uses HTTPS and has domain transfer protections, it lacks DNSSEC and some security headers, indicating room for security improvements. From a security perspective, the site demonstrates a moderate security posture with no visible vulnerabilities or exposed sensitive data. However, the absence of explicit security policies and incident response information, along with missing DNSSEC, suggests potential compliance and security gaps. Privacy policies and cookie policies are present but do not include explicit consent mechanisms, which may affect GDPR compliance. Overall, the website is professional, trustworthy, and well-aligned with its nonprofit educational mission. Strategic recommendations include enhancing DNS security, implementing security headers, and improving privacy compliance mechanisms to strengthen trust and security posture.

C

CFL multimodal

cfl-mm.lu

0

CFL multimodal is a Luxembourg-based logistics and transportation company specializing in rail freight, multimodal hubs, and comprehensive logistics services. It operates as part of the CFL Group, providing sustainable and efficient freight solutions across Europe. The website reflects a professional and well-structured digital presence with clear service offerings and a focus on environmental responsibility. Technically, the site uses modern web technologies including jQuery, Bootstrap, FontAwesome, and integrates analytics tools such as Google Tag Manager and Matomo. The security posture is adequate with HTTPS and cookie consent mechanisms, though explicit security headers and policies are not evident. The absence of WHOIS data limits domain trust assessment, but the overall business credibility is supported by consistent branding and social media presence. Privacy compliance is well addressed with GDPR-aligned policies and cookie management.

S

SNCB-NMBS International

b-europe.com

0

SNCB-NMBS International operates a professional online platform for booking international train travel across Europe, including services for Eurostar, TGV INOUI, ICE, and other major train operators. The website targets European travelers seeking convenient ticket purchasing and travel planning, offering additional services such as Interrail passes and special tickets for bikes and dogs. The platform is built on a modern technology stack including C#, JavaScript, and Sitecore CMS, with integration of Google and Facebook APIs and a robust consent management system for GDPR compliance. Security posture is generally good with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and published security policies are lacking. The absence of WHOIS domain registration data is a notable concern, potentially indicating a subdomain usage or incomplete WHOIS information. Overall, the website presents a trustworthy and user-friendly experience for its target audience, but would benefit from enhanced transparency in domain registration and security disclosures.

L

Liikenne- ja viestintävirasto Traficom

nytvalppaana.fi

0

Nyt valppaana is a Finnish government cybersecurity awareness campaign operated by Liikenne- ja viestintävirasto Traficom in collaboration with the Police and the Digital and Population Data Services Agency. The website provides comprehensive educational content aimed at helping the general public recognize common scams, protect personal data, and secure devices. The campaign is relatively new, with the domain registered in May 2024, aligning with the launch of this initiative. The site is well-branded, professionally designed, and offers clear navigation and relevant content in Finnish.

C

College Magazine, LLC

collegemagazine.com

0

College Magazine, LLC operates a professional online media platform focused on providing college-related content authored by students nationwide. The website offers comprehensive guides on colleges, majors, internships, career advice, and student life, positioning itself as a niche educational media outlet. The platform leverages a modern WordPress infrastructure with advanced SEO and analytics tools, ensuring a fast, mobile-optimized, and accessible user experience. Security posture is strong with HTTPS enforcement and privacy management tools, though explicit privacy and terms pages are missing, which should be addressed to improve compliance and trust. WHOIS data is unavailable or privacy protected, slightly impacting domain trust but not detracting from the professional presentation and content quality. Overall, the site is a credible resource for college students and prospective applicants.

I

Indiana University Bloomington

indiana.edu

0

Indiana University Bloomington is the flagship campus of the Indiana University system, offering a comprehensive higher education experience with a strong emphasis on research, innovation, and academic freedom. The website reflects a mature digital presence with professional design, clear navigation, and relevant content targeting prospective and current students. The university leverages modern web technologies including Google Tag Manager and Siteimprove Analytics to monitor and optimize user experience. Security posture is generally good with HTTPS enforced and no visible sensitive data exposure; however, explicit security headers and privacy policies are not evident in the provided content, indicating areas for improvement. The domain is a subdomain of iu.edu, which is consistent with institutional practices, though WHOIS data for the subdomain is unavailable. Overall, the site is trustworthy, professional, and safe for general audiences.