Security Directory

A

AllSides, Inc.

mismatch.org

0

Mismatch.org is an educational platform operated by AllSides, Inc., focused on fostering civic dialogue and understanding among students and educators across political, racial, geographic, and socio-economic divides. The platform supports teachers in building partnerships to strengthen civic learning through meaningful conversations. The website is positioned as a niche non-profit educational service with a clear target audience of educators and students interested in civic engagement. Technically, the site is built on WordPress using a modern theme, hosted on AWS infrastructure, and employs responsive design with good SEO practices. Security posture is adequate with HTTPS enabled and domain transfer protections, but lacks advanced DNS security (DNSSEC) and visible security headers. Privacy compliance is weak due to absence of privacy and cookie policies on the site. Business credibility is strong, supported by consistent WHOIS data, social media presence, and partner affiliations. Overall, the site is professional and trustworthy but would benefit from enhanced privacy disclosures and security practices.

Wefunder is a well-established equity crowdfunding platform founded in 2011, enabling individuals to invest in startups and small businesses with low minimums. The platform positions itself as a community-driven investment hub backed by notable venture capitalists and angel investors. The website demonstrates a high level of digital maturity, employing modern JavaScript frameworks, analytics tools, and secure payment integrations with Stripe and Plaid. Security posture is strong with HTTPS enforced, CSRF protections, and reputable third-party services, although explicit security policies and vulnerability disclosures are not publicly visible. Privacy compliance is partial due to the absence of visible privacy and cookie policies in the provided content. Overall, the website is professional, trustworthy, and well-optimized for user experience and mobile devices.

C

Cactus

cactus.lu

0

Cactus is a well-established retail supermarket chain based in Luxembourg, offering a broad range of products including fresh food, household goods, and additional services such as restaurants, home delivery, and customer loyalty programs. The website is professionally designed using Drupal 10 and incorporates modern frontend technologies and analytics tools, indicating a mature digital presence. Security posture is moderate with HTTPS usage and anonymized IP tracking in analytics, but lacks explicit security headers and published privacy policies, which are areas for improvement. The absence of WHOIS data reduces domain trustworthiness from a registration perspective, though the website content and branding strongly suggest a legitimate business. Overall, the site provides a good user experience with clear navigation and mobile optimization.

L

Littlepay

littlepay.com

0

Littlepay is a specialized payments infrastructure provider focused on transit and mobility sectors, offering modular systems for contactless open loop fare collection. The company positions itself as a key player in improving payment experiences for transit operators and mobility services. The website reflects a mature business with a professional digital presence, leveraging modern marketing and analytics tools such as HubSpot, Google Tag Manager, and Visual Website Optimizer. The technical infrastructure is built on WordPress, hosted with Amazon-related services, and employs HTTPS with a valid SSL certificate, ensuring secure communications. However, the site lacks explicit privacy and terms of service policies, which are critical for compliance and user trust. Security posture is generally good with domain protections in place, but could be improved by enabling DNSSEC and adding security headers. Overall, the website is professional and trustworthy but would benefit from enhanced transparency on privacy and security policies.

The website hsl.fi represents HSL Helsingin seudun liikenne, the Helsinki Regional Transport Authority responsible for public transportation services in the Helsinki metropolitan area. The domain is registered consistently with the organization's identity and has been active since 2009, aligning with the business history. However, the website content is currently inaccessible due to a Cloudflare Turnstile human verification challenge, preventing direct content analysis. This limits visibility into the site's privacy policies, contact information, and user experience. The technical infrastructure includes Cloudflare as a security and performance provider, indicating a modern approach to web delivery and protection. Security posture is difficult to fully assess due to the blocking, but the use of Cloudflare suggests baseline protections are in place. Overall, the site is legitimate and trustworthy based on WHOIS data and domain age, but the current access restrictions significantly reduce the ability to evaluate content quality, privacy compliance, and security details.

P

Planet Zemlja

planet-zemlja.hr

0

Planet Zemlja is a Croatian non-profit organization dedicated to environmental awareness, personal ecology, and ecological news dissemination. The website serves as a community platform offering news articles, event announcements, photo and video galleries, and educational content related to ecology. The target audience is the general public interested in environmental issues within Croatia. The business model is informational and community-driven without evident commercial transactions. Technically, the site uses a custom PHP-based CMS with jQuery and various plugins for RSS feeds, weather, and media galleries. External integrations include Google Analytics and Facebook SDK for tracking and social media engagement. However, the site lacks HTTPS on its main URLs, which is a significant security concern. Security headers are absent, and no advanced security or privacy compliance mechanisms are evident. Contact information is limited to forms without explicit emails or phone numbers. Overall, the site is functional but requires modernization and security improvements.

H

Hrvatski Crveni križ

hck.hr

0

Hrvatski Crveni križ is a well-established Croatian humanitarian organization with a strong national presence and a comprehensive portfolio of social, health, and crisis response services. The website reflects a mature digital presence with clear navigation, regional contact points, and integrated donation mechanisms. Technically, the site uses modern web technologies including Bootstrap, Google Analytics, and Google Maps API, ensuring a responsive and accessible user experience. Security posture is solid with HTTPS enforced and privacy compliance evident through cookie consent and privacy policies. However, some security headers are missing and no explicit vulnerability disclosure or incident response contacts are published. Overall, the domain registration data aligns well with the organization's identity, supporting high legitimacy and trustworthiness.

L

Liikenne- ja viestintävirasto Traficom

droneinfo.fi

0

Droneinfo.fi is an official Finnish government website operated by the Finnish Transport and Communications Agency Traficom. It serves as a comprehensive informational portal for drone enthusiasts and professionals, providing regulatory guidance, registration services, theory exam information, and updates on drone-related airspace restrictions. The site targets drone operators in Finland, ensuring compliance with EU drone regulations and promoting safe drone usage. The business model is informational and regulatory, supporting government mandates and public service. The website is well-positioned as the authoritative source for drone-related information in Finland.

L

Liikenne- ja viestintävirasto Traficom

kyberturvallisuuskeskus.fi

0

Kyberturvallisuuskeskus, operated by the Finnish Transport and Communications Agency Traficom, is a government cybersecurity center focused on developing and overseeing the operational reliability and security of communication networks and services in Finland. It provides cybersecurity situational awareness, vulnerability disclosures, and guidance to both individuals and organizations. The website is well-maintained, professionally designed, and regularly updated with relevant cybersecurity news and alerts. The organization holds a strong market position as the national authority for cybersecurity under the Finnish government. Technically, the website leverages modern web technologies including React and Apollo GraphQL, with performance optimizations and mobile responsiveness. It uses Matomo for analytics, ensuring privacy compliance with GDPR. The domain is secured with HTTPS and DNSSEC, and the WHOIS data confirms the domain is registered to the official government agency, reinforcing trust and legitimacy. Security posture is robust with no detected vulnerabilities or exposed sensitive data. The site provides comprehensive privacy and cookie policies with user consent mechanisms. However, explicit security headers could be more visible, and a security.txt file for vulnerability reporting is recommended. Overall, the site demonstrates a mature security culture and strong compliance with regulatory requirements. The risk assessment indicates a low risk profile with strong trust indicators. Strategic recommendations include enhancing security header implementation, publishing a security.txt file, and continuous monitoring of third-party scripts. These measures will further strengthen the site's security and trustworthiness.

I

Indiana University

iu.edu

0

Indiana University is a large, established public educational institution in the United States offering over 930 academic programs across nine campuses. The university emphasizes world-class research, global impact, and a comprehensive student experience. The website reflects a mature digital presence with a professional design, clear navigation, and rich content targeting prospective and current students, researchers, and alumni. Technically, the site uses modern web technologies including Rivet UI framework, jQuery, and Google Tag Manager, with good mobile optimization and accessibility features. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security headers and cookie consent mechanisms are lacking. Overall, the domain registration and website content are consistent and legitimate, supporting a high trust level.

I

Infinit s.r.o.

infinitdarky.cz

0

Infinit s.r.o. operates the website infinitdarky.cz, offering wellness-related e-commerce services including massages, wellness packages, gift vouchers, and private experiences primarily in the Czech Republic. The company targets a general audience interested in wellness and relaxation services, positioning itself as a reputable regional provider with multiple physical locations. The website demonstrates a good level of digital maturity with modern tracking and consent mechanisms, a clear navigation structure, and professional content presentation. Security posture is adequate with HTTPS and cookie consent implemented, though improvements in security headers and WHOIS transparency are recommended. Overall, the site is trustworthy and professionally maintained, supporting a medium-sized business in the hospitality sector.

V

Valtion tieto- ja viestintatekniikkakeskus Valtori

oskari.org

0

Oskari.org is a Finnish government-affiliated open source project providing a flexible web mapping application platform. The platform targets developers and government agencies needing spatial data infrastructure solutions, leveraging modern web technologies like React and Next.js. The website demonstrates a mature technical infrastructure with fast performance, good accessibility, and clear navigation. Security posture is solid with HTTPS enabled and no exposed sensitive data, though improvements are recommended in DNS security and security headers. Privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the site is trustworthy and professional, reflecting its government backing and active community engagement.

T

Trapeze Finland Oy

junalahdot.fi

0

The website junalahdot.fi is an official Finnish transportation information service operated by Trapeze Finland Oy under the Fintraffic brand. It provides real-time train departure and arrival schedules for all passenger train stations in Finland, leveraging live train movement data. The site targets the general public and train passengers, offering a user-friendly interface with search and favorites functionality. The domain registration and WHOIS data are consistent with the business identity and location, indicating legitimacy and stability. Technically, the website uses a modern tech stack including Bootstrap, FontAwesome, OpenLayers, and jQuery, with Matomo analytics for privacy-conscious user tracking. The site is mobile-optimized and designed with good usability and navigation clarity. However, some security best practices such as security headers are not visibly implemented, representing an area for improvement. The site enforces HTTPS and does not expose sensitive data, contributing to a solid security posture. From a security and compliance perspective, the site includes a comprehensive privacy policy consistent with GDPR requirements and a cookie consent mechanism. No explicit incident response or vulnerability disclosure policies are found on the site, which could be enhanced to improve transparency and security readiness. No critical vulnerabilities or suspicious patterns were detected. Overall, junalahdot.fi is a trustworthy, well-maintained public service website with good technical and business credibility. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure information, and maintaining transparency in data protection practices to further strengthen trust and compliance.

T

The Lawfare Institute

lawfaremedia.org

0

The Lawfare Institute operates a professional, non-profit multimedia platform dedicated to providing in-depth, non-partisan analysis on national security law and policy. The website offers a rich mix of articles, podcasts, videos, and research projects, positioning itself as a trusted source in its niche. Technically, the site is built on the Sitefinity CMS, leveraging modern JavaScript libraries and CDN hosting to ensure fast, responsive, and accessible user experiences. Security posture is strong with HTTPS enforced and sandboxed embedded content, though some security headers could be improved. Privacy compliance is moderate, with a privacy/support page present but no explicit cookie or terms of service pages detected. Overall, the site demonstrates high professionalism and trustworthiness, supported by its affiliation with the Brookings Institution. WHOIS data is unavailable, likely due to privacy protection, but this is consistent with the organization's profile.

G

glammr.us

glammr.us

0

glammr.us operates as a niche Mastodon instance dedicated to individuals interested in galleries, libraries, archives, museums, memory work, and records (GLAMMR). It provides a decentralized, harassment-free social media platform emphasizing inclusivity and community support. The platform encourages diverse content beyond GLAMMR topics, fostering a welcoming environment for all users. The business model relies on community donations via Patreon and Ko-Fi to sustain server operations. Technically, the site is built on the Mastodon platform using modern web technologies including React and ES modules, delivering a moderately performant and mobile-optimized user experience. Security posture is adequate with HTTPS enforced and domain transfer protections in place, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is basic, with a privacy policy present but lacking cookie consent mechanisms and GDPR-specific disclosures. Overall, the site demonstrates good business credibility and technical maturity for a small independent social media server.

S

Saturation

saturation.social

0

Saturation.social is a small, invitation-only decentralized social media server powered by Mastodon and a Hometown fork. It targets users who value a social media experience focused on community and trust rather than commercial interests or power dynamics. The platform emphasizes open source technology and a grassroots approach to social networking. Technically, the site uses modern web technologies including React-based components and serves content over HTTPS with good SSL configuration. However, it lacks some security headers and formal security policies. Privacy compliance is basic with a privacy policy present but no cookie consent or GDPR-specific indicators. The site does not engage in advertising or tracking, enhancing user privacy. Overall, the platform is a niche community with moderate technical maturity and a good security posture but could improve in privacy compliance and formal security documentation.

T

tech.lgbt Moderators

tech.lgbt

0

tech.lgbt operates as a niche Mastodon instance providing a federated social networking platform primarily for LGBTQIA+ individuals and allies interested in technology and academic topics. The platform fosters community engagement through posts, hashtags, and news aggregation from across the fediverse, positioning itself as a trusted space for marginalized identities within the tech sector. The website's content and user base reflect a focused community with approximately 2.7K active users, indicating a small but engaged audience. The business model centers on community-driven social networking without commercial advertising or tracking, emphasizing privacy and inclusivity. From a technical perspective, the site leverages modern web technologies including React and JavaScript ES modules, hosted on DigitalOcean with domain registration via NameCheap. The platform runs Mastodon version 4.4.0-alpha.5+glitch, indicating active maintenance and use of open-source social networking software. The website demonstrates good mobile optimization and basic accessibility features, though SEO and performance optimizations are moderate. The absence of cookie consent mechanisms and some security headers suggests areas for improvement in compliance and security hardening. Security posture is solid with HTTPS enforced and no exposed sensitive data detected. However, the lack of DNSSEC and security headers such as CSP or HSTS represents potential vulnerabilities. The WHOIS data shows privacy protection for the domain registrant, which is justified given the community nature of the platform. No incident response or vulnerability disclosure policies are publicly available, which could be enhanced to improve trust and security readiness. Overall, tech.lgbt presents a professional, trustworthy, and community-focused platform with a strong emphasis on privacy and inclusivity. Strategic recommendations include enabling DNSSEC, implementing comprehensive security headers, adding cookie consent and vulnerability disclosure policies, and providing clearer contact information for security incidents. These steps would enhance compliance, security posture, and user trust, supporting sustainable growth and resilience in the federated social networking space.

W

Wiener Städtische Versicherungsverein

airt.at

0

The website www.airt.at represents the cultural exhibition series "Architektur im Ringturm" managed by the Wiener Städtische Versicherungsverein, part of the Vienna Insurance Group. It serves as a platform to showcase architectural and cultural exhibitions primarily focused on Central and Eastern Europe. The site offers detailed information about current and past exhibitions, architecture talks, and historical context of the Ringturm building. It targets architecture and culture enthusiasts and operates as a free-entry exhibition series supported by sponsorships. Technically, the site is built on WordPress with modern plugins and libraries, including multilingual support and spam protection via Google reCAPTCHA. The website demonstrates good digital maturity with responsive design, SEO optimization, and accessibility considerations. Security posture is solid with HTTPS enforced and spam prevention on forms, though some security headers could be improved. Privacy compliance is strong, featuring a comprehensive privacy policy, cookie consent banner with opt-in, and GDPR-aligned data collection practices. Overall, the site is professional, trustworthy, and well-maintained, reflecting the reputable parent organization. No critical security or compliance issues were detected.

J

Jarrett & Lam

jandl.digital

0

J&L Digital is a UK-based IT services and software development company founded in 2023, offering a broad range of digital solutions including website development, software systems, IT services, app development, and VoIP telephone systems. The company targets businesses seeking tailored IT and digital solutions and operates with a professional and consistent brand presence. Their market position is that of a small but globally oriented technology service provider with regional offices in Europe, Asia, and Australia. Technically, the website employs modern web standards with HTML5, CSS3, and JavaScript, integrating Matomo and Google Tag Manager for analytics. Hosting and DNS services leverage Cloudflare and IONOS SE, ensuring good performance and security. The site is mobile optimized and SEO friendly, with a cookie consent mechanism that supports GDPR compliance. From a security perspective, the website uses HTTPS with a strong SSL configuration and displays a Cyber Essentials certification badge, indicating adherence to recognized UK security standards. However, DNSSEC is not enabled, and no explicit security policy or incident response contact information is published. The domain registration is privacy protected but consistent with the business's UK location and recent founding date, supporting legitimacy. Overall, the website is professional, secure, and compliant with privacy regulations, with minor recommendations to enhance DNS security and publish security policies. The risk level is low, and the company demonstrates a solid foundation for trust and digital maturity.

F

Fiva Events

fivaevents.com

0

Fiva Events operates as a niche platform dedicated to classic and historic vehicle events, providing event listings and application forms primarily for enthusiasts and organizers within this specialized community. The website presents a professional and consistent brand image with a focus on user-friendly event search and application functionalities. Technically, the site leverages modern frontend technologies such as Alpine.js and Laravel Livewire, ensuring a responsive and interactive user experience. The presence of HTTPS and reCAPTCHA integration indicates a baseline commitment to security, although the absence of comprehensive security headers and privacy policies suggests room for improvement in compliance and protection measures. The lack of publicly available WHOIS data raises questions about domain registration transparency, which could impact trustworthiness. Overall, the site is functional and well-designed but would benefit from enhanced privacy compliance and clearer business contact information to strengthen credibility and user trust.

I

Istarska županija

istra-istria.hr

0

The website www.istra-istria.hr serves as the official online presence of the Region of Istria, a Croatian regional government entity. It provides comprehensive information about the region's governance, geography, culture, economy, and contact details. The site targets residents, tourists, and stakeholders interested in regional affairs. The business model is focused on public administration and information dissemination, positioning itself as a trusted government resource with certifications such as ISO 9001 and membership in the Assembly of European Regions. Technically, the site is built on Django CMS and leverages modern web technologies including jQuery, Google Analytics, and Slider Revolution. It demonstrates good mobile optimization, accessibility, and SEO practices. Hosting and domain registration are consistent with a Croatian government entity, registered with CARNET since 2001. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism, but lacks published security policies, incident response information, and security headers. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with no dedicated privacy policy page but a functional cookie banner and settings modal. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements include publishing a privacy policy, security policy, and incident response details, enhancing security headers, and adding a security.txt file to improve transparency and security posture.

V

Valamar

valamar.com

0

Valamar is a prominent hospitality company operating holiday hotels and resorts primarily in Croatia and Austria. Their website showcases a wide range of properties catering to diverse holiday types including family, premium, lifestyle, camping, and wellness. The company targets tourists seeking quality accommodation and holiday experiences in popular destinations such as Dubrovnik, Makarska, Hvar, and others. The website is built using modern technologies like SvelteKit and integrates advanced marketing and analytics tools, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and consent management implemented, though explicit security policies and incident response details are not publicly available. The absence of WHOIS registration data is a concern but does not detract significantly from the overall professionalism and trustworthiness of the site. Strategic recommendations include publishing detailed security and incident response policies and establishing a vulnerability disclosure program to enhance transparency and trust.

P

Plava Laguna

plavalaguna.com

0

Plava Laguna is a hospitality company specializing in providing accommodation services including hotels, villas, and apartments primarily in the Istria region of Croatia, focusing on destinations such as Porec and Umag. The company targets tourists seeking quality lodging options in this popular travel area. The website demonstrates a solid digital presence with a modern technical infrastructure built on Next.js and React, integrating advanced analytics and marketing tools such as Google Tag Manager and Cookiebot for privacy compliance. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response information are not publicly available. The website is well-optimized for SEO and mobile devices, providing a good user experience. However, the WHOIS data is missing or inaccessible, which raises some concerns about domain registration transparency. Overall, the site appears professional and trustworthy, with room for improvement in publishing security and compliance documentation.

IRTA d.o.o. is a medium-sized regional tourism development agency based in Istria, Croatia, established in 2004. The company manages official tourism portals, contact and sales centers, and develops cultural and outdoor tourism products to promote the Istrian region. Their market position is strong within the regional tourism sector, serving tourists and local businesses with comprehensive information and services. Technically, the website uses a custom CMS with modern JavaScript libraries and Google services, but lacks HTTPS which is a significant security gap. The privacy policy is comprehensive and GDPR compliant, with a named data protection officer, reflecting good privacy awareness. However, the absence of HTTPS and security headers lowers the security posture. Overall, the site is professional and trustworthy but requires security improvements to align with best practices.

A

Aminess d.d.

aminess.com

0

Aminess d.d. operates a professional hospitality website offering hotels, resorts, campsites, and holiday homes primarily located along the Croatian Adriatic coast. The company targets tourists seeking quality accommodation and leisure experiences, supported by a loyalty program and themed holiday types. The website is built on modern JavaScript frameworks (Nuxt.js and Vue.js) and integrates analytics and advertising tools such as Google Tag Manager and Bing Ads. It demonstrates good digital maturity with responsive design, SEO optimization, and accessibility features. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, though the absence of a published security policy and incident response information is noted. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The lack of WHOIS data for the domain is a concern but does not detract significantly from the overall legitimacy given the professional presentation and contact transparency. Strategic recommendations include publishing security and incident response policies and considering a vulnerability disclosure program to enhance trust.

The website zhuk.cc is a personal blog primarily focused on technology topics, especially Joomla extensions, Oracle, Java, and various hobbies. It serves a niche audience of developers and technology enthusiasts interested in Joomla components and related software. The site offers technical articles, extension releases, and community forums, positioning itself as a resource hub for Joomla users. The business model revolves around content publishing and software extension distribution, with demonstration sites and forums supporting user engagement. Technically, the site is built on WordPress 6.8.1 using the Total theme and incorporates multiple JavaScript libraries such as jQuery, Owl Carousel, and Font Awesome. The platform is moderately optimized for performance and mobile use, with basic SEO and accessibility features. The site is fully accessible over HTTPS, indicating good SSL configuration, but lacks advanced security headers and privacy compliance mechanisms. From a security perspective, the site shows a moderate security posture with HTTPS enabled and no exposed sensitive data. However, it lacks explicit security headers, privacy and cookie policies, and incident response contacts, which are important for compliance and trust. No WAF or blocking mechanisms are detected, and the site content is safe for general audiences with no adult or questionable material. Overall, the site is a well-maintained personal technology blog with good content quality and business credibility but has room for improvement in privacy compliance and security best practices. Strategic recommendations include implementing privacy and cookie policies, adding security headers, and providing clear contact information for security incidents to enhance trust and compliance.

E

European Mathematical Society - EMS - Publishing House GmbH

ems-ph.org

0

EMS Press is the official publishing house of the European Mathematical Society, specializing in high-quality academic publishing in mathematics. It offers a portfolio of peer-reviewed journals and books, focusing on open access and sustainable publishing models. The website reflects a mature digital presence with modern technologies such as React and Next.js, ensuring fast performance and excellent mobile optimization. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC and explicit security policies could be improved. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, EMS Press presents a trustworthy and professional platform serving the academic mathematics community.

A

American Mathematical Society

ams.org

0

The American Mathematical Society (AMS) is a well-established non-profit organization dedicated to advancing mathematical research, education, and professional development. The website serves as a comprehensive portal for AMS's diverse offerings including publications, memberships, conferences, grants, and advocacy efforts. The AMS holds a strong market position as a leading mathematical society with a global reach and a history dating back to 1888. The site targets mathematicians, educators, students, and professionals, providing valuable resources and community engagement opportunities. Technically, the website employs modern web technologies such as Bootstrap 5, jQuery, MathJax, and integrates multiple analytics and tracking tools including Google Analytics, Hotjar, and Microsoft Clarity. The site is mobile-optimized, accessible, and demonstrates good SEO practices. Security posture is strong with HTTPS enforced and no visible vulnerabilities, although explicit security headers could be improved. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms in place. Overall, the AMS website reflects a mature digital infrastructure supporting a reputable organization. The lack of WHOIS data is mitigated by consistent branding, comprehensive contact information, and domain name alignment. The security and privacy practices align well with expectations for a large non-profit educational entity. Strategic recommendations include enhancing security headers, publishing a dedicated security policy and incident response contacts, and ongoing monitoring of third-party scripts to maintain security integrity.

P

PWN

pwn.nl

0

PWN is a well-established regional utility company based in the Netherlands, specializing in sustainable drinking water supply and nature management in the Noord-Holland region. The website reflects a professional and consistent brand presence, targeting residents and businesses in the area with services such as water supply and water meter reading. The digital infrastructure leverages modern web technologies including Angular, Cookiebot for consent management, and analytics platforms like Piwik PRO and Google Tag Manager, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place; however, the absence of explicit security headers and published security policies suggests room for improvement. Privacy compliance is partially addressed through cookie consent but lacks a visible privacy policy and terms of service, which are critical for full GDPR compliance. Overall, the website is trustworthy and safe for general audiences, with no adult or questionable content detected.

C

Centrum Wiskunde & Informatica (CWI)

cwi.nl

0

Centrum Wiskunde & Informatica (CWI) is the national research institute for mathematics and computer science in the Netherlands. It conducts pioneering fundamental research in key areas such as algorithms, data and intelligent systems, cryptography and security, and quantum computing. The institute collaborates closely with Dutch universities and industry partners, providing education and knowledge transfer through semester programmes and joint research initiatives. CWI is positioned as a leading academic and research entity within the Dutch and international scientific community. The website infrastructure is modern and professionally implemented, utilizing JavaScript, CSS, MathJax for mathematical rendering, and Piwik/Matomo for analytics. The site is mobile-optimized, accessible, and SEO-friendly, with clear navigation and consistent branding. Privacy and cookie policies are present with consent mechanisms, reflecting good compliance with GDPR requirements. However, explicit security policies and incident response information are not published. Security posture is strong with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. The site could improve by adding security headers and publishing a vulnerability disclosure or security.txt file. WHOIS data confirms the legitimacy of the domain, matching the institutional identity and country. Overall, the website is trustworthy, professional, and serves its academic audience effectively.

F

Foundation Compositio Mathematica

compositio.nl

0

Compositio Mathematica is a well-established academic journal specializing in pure mathematics, owned by the Foundation Compositio Mathematica. The website serves as a portal for publishing research papers, supporting open access journals, and sponsoring mathematical activities. The target audience primarily consists of academic researchers and mathematicians. The business model revolves around academic publishing with revenues reinvested into the mathematical community. Technically, the site uses modern web technologies including React and Ant Design, hosted by Hostnet B.V., with moderate performance and good mobile optimization. Security posture is solid with HTTPS and DNSSEC enabled, though improvements can be made by adding security headers and cookie consent mechanisms. Overall, the website is professional, trustworthy, and content-rich, with no signs of malicious activity or compliance violations.

The website liesen.lu is an official educational platform managed by SCRIPT, a Luxembourg government entity focused on reading initiatives in primary schools. It serves as an information hub providing catalogs, reading projects, pedagogical materials, and related educational content targeted at educators and schools in Luxembourg. The site is well-branded with government logos and maintains a consistent educational focus. Technically, the site is built on Drupal 9 CMS, leveraging modern frontend libraries such as Font Awesome and jQuery. It employs tarteaucitron.js for cookie consent management and uses Matomo for privacy-conscious analytics. The hosting appears to be managed by Restena Foundation, a known Luxembourg educational network provider. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, but lacks visible security headers and explicit public security policies. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website's government and educational nature, indicating legitimacy and trustworthiness. Overall, the site presents a low-risk profile with good privacy compliance and business credibility. Strategic improvements could include adding explicit security headers, publishing security policies, and enhancing incident response transparency.

S

Service national de la jeunesse

snj.lu

0

The Service national de la jeunesse (SNJ) is a Luxembourg government entity dedicated to youth development and support. It operates multiple youth centers and programs aimed at fostering responsible citizenship and active participation among young people. The website reflects a well-established governmental service with a clear mission and target audience of youth and youth sector actors. The digital infrastructure is based on WordPress with modern compliance features such as GDPR cookie consent and Matomo analytics hosted locally, indicating a mature digital presence. Security posture is good with HTTPS and privacy mechanisms, though some security headers and formal policies could be improved. The absence of WHOIS data limits domain trust assessment, but the official branding and contact information support legitimacy. Overall, the site is professional, trustworthy, and well-aligned with its public service role.

S

Service de médiation scolaire

mediationscolaire.lu

0

The website mediationscolaire.lu represents the official Service de médiation scolaire, a government entity in Luxembourg dedicated to supporting parents, students, and school personnel in resolving conflicts within the educational system. The service operates independently within the Ministry of National Education and targets the Luxembourg community with mediation services related to primary and secondary education. The site is professionally designed with clear navigation, multilingual support, and accessibility features, reflecting a strong commitment to user experience and inclusivity. Technically, the website is built on WordPress 6.7.1, utilizing Bootstrap for responsive design, jQuery, and Matomo for analytics. It employs GDPR-compliant cookie consent mechanisms and demonstrates good mobile optimization and SEO practices. The hosting provider is not explicitly identified, but the site uses HTTPS with excellent SSL configuration, ensuring secure data transmission. From a security perspective, the site enforces HTTPS and cookie consent but lacks explicit security headers and a published security or incident response policy. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the website's government affiliation and Luxembourg location, supporting the site's legitimacy. Overall, mediationscolaire.lu is a trustworthy, well-maintained government service website with strong privacy compliance and good technical implementation. Strategic improvements include adding security headers, publishing a security policy, and providing incident response contact information to enhance security posture and user trust.

Restopolis is a Luxembourg-based service provider specializing in school and university catering. The website offers multilingual content targeting students, adults, and visitors, providing menu consultation, booking, and account management services. The platform integrates with IAM for secure user access and supports sustainable food procurement initiatives. Technically, the site is built on ASP.NET WebForms using the DNN CMS, leveraging modern JavaScript libraries and Google services for analytics and security. Security posture is good with HTTPS and reCAPTCHA, though explicit security headers are missing. Privacy compliance is basic with a cookie consent banner and privacy policy available. WHOIS data is unavailable, limiting domain trust verification, but the website's professional appearance and government affiliations support legitimacy.

The website summerschool.lu serves as an informational portal for a summer school program in Luxembourg, primarily targeting students in fundamental and secondary education. The site is multilingual, supporting Luxembourgish, French, German, English, and Portuguese, reflecting inclusivity for the diverse population. The presence of official government logos and links to Luxembourg government domains strongly suggests this is a public sector or government-affiliated educational initiative. The site offers basic navigation and language selection but lacks detailed business or contact information on the homepage. From a technical perspective, the website uses modern JavaScript libraries such as jQuery 3.7.1 and integrates Google Tag Manager for analytics and tracking. The site loads external fonts from Adobe Typekit and uses HTTPS, although no advanced security headers were detected in the provided content. The site appears moderately optimized for mobile devices and has basic accessibility features. However, the absence of privacy and cookie policies and lack of visible security headers indicate room for improvement in compliance and security posture. Security-wise, the site does not expose sensitive data and uses HTTPS, but the lack of security headers and privacy notices reduces its overall security maturity. No vulnerabilities or malicious content were detected. The WHOIS data is unavailable due to query rate limits, but the domain is registered under Luxembourg's official DNS registry (RESTENA DNS-LU), which is typical for government domains and suggests legitimacy despite privacy protection. Overall, the website is a legitimate, government-affiliated educational resource with basic technical implementation and moderate security posture. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and compliance.

N

Naturpark Landseer Berge

landseer-berge.at

0

Naturpark Landseer Berge is a regional nature park located in Austria, focusing on promoting tourism, cultural heritage, and outdoor recreational activities. The website serves as an informational portal providing details about the park's attractions, events, and regional highlights. The target audience includes tourists, families, and nature enthusiasts interested in exploring the area. Technically, the site is built on the Worldsoft CMS platform and uses legacy JavaScript libraries such as jQuery 1.12.4 and jQuery UI 1.12.1, which may pose security risks. The website is moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but missing critical security headers and using outdated libraries. No privacy or cookie policies are present, indicating compliance gaps. Overall, the site is functional and informative but requires updates to improve security, privacy compliance, and technical modernization.

R

RIKA Innovative Ofentechnik GmbH

rika.ch

0

RIKA Innovative Ofentechnik GmbH is a medium-sized Austrian manufacturer specializing in high-quality heating stoves including pellet, wood-burning, and combination stoves. The company emphasizes Austrian craftsmanship and innovative stove technologies, targeting homeowners seeking efficient and aesthetic heating solutions. The website is professionally designed with excellent content quality, clear navigation, and strong branding consistency. It supports multiple languages and offers tools such as an online stove configurator and dealer locator to enhance customer engagement. Technically, the site uses modern JavaScript libraries, is hosted on DigitalOcean CDN, and implements security best practices including HTTPS, reCAPTCHA, and cookie consent mechanisms. However, explicit security headers and a public security policy are absent. The WHOIS data confirms the legitimacy and consistency of the domain registration with the company's Austrian base. Overall, the website demonstrates a mature digital presence with good privacy compliance and a solid security posture.

R

RIKA Innovative Ofentechnik GmbH

rika.be

0

RIKA Innovative Ofentechnik GmbH is an Austrian manufacturer specializing in high-quality heating stoves including wood, pellet, and combination stoves. The company targets homeowners and consumers seeking efficient and innovative heating solutions. Their market position is that of an established European brand known for quality and technological innovation, supported by a broad dealer network and online configurator tools. Technically, the website employs modern JavaScript libraries and is hosted on a reliable CDN platform, ensuring good performance and mobile optimization. Security posture is strong with HTTPS, reCAPTCHA on forms, and cookie consent mechanisms, though some security headers are missing and no explicit incident response or vulnerability disclosure information is provided. Overall, the site is professional, trustworthy, and compliant with GDPR requirements. The WHOIS data is restricted, but the domain and website content align with a legitimate business presence.

R

RIKA Innovative Ofentechnik GmbH

rika.se

0

RIKA Innovative Ofentechnik GmbH is an Austrian manufacturer specializing in high-quality wood, pellet, and combination stoves for residential heating. The company maintains a strong market presence in Europe with multiple regional websites and a dealer network, emphasizing innovation and quality craftsmanship. Their business model includes direct sales through dealers and an online configurator tool to customize stoves. The website is professionally designed, targeting Swedish-speaking customers with multilingual support for other regions. Technically, the website employs modern JavaScript libraries such as Alpine.js and Flickity, hosted on DigitalOcean's CDN infrastructure, ensuring moderate performance and good mobile optimization. Security measures include HTTPS enforcement, reCAPTCHA integration, and cookie consent mechanisms, although explicit security headers could be improved. Privacy compliance is well addressed with a comprehensive privacy policy and cookie management. The security posture is solid with no visible vulnerabilities or exposed sensitive data. However, the absence of WHOIS data for the exact domain suggests the use of subdomains or proxying, which is not uncommon but reduces transparency. Overall, the site demonstrates a mature digital presence with good business credibility and moderate technical sophistication. Strategic recommendations include enhancing security headers, publishing a dedicated security policy, and improving accessibility compliance to further strengthen trust and compliance.

R

RIKA Innovative Ofentechnik GmbH

rika.es

0

RIKA Innovative Ofentechnik GmbH is a reputable Austrian manufacturer specializing in high-quality wood, pellet, and combined stoves for residential heating. The company holds a strong market position as a leader in pellet stoves within German-speaking countries and maintains a broad international presence through multiple localized websites. Their business model focuses on manufacturing, direct sales, and a network of distributors, supported by digital tools such as an online stove configurator. Technically, the website employs modern JavaScript libraries and is hosted on a reliable CDN infrastructure, ensuring good performance and mobile optimization. Security measures include HTTPS enforcement, reCAPTCHA integration, and cookie consent mechanisms, although some advanced security headers and incident response disclosures are absent. Overall, the site demonstrates a professional and trustworthy online presence with comprehensive privacy compliance and clear contact information.

R

RIKA Innovative Ofentechnik GmbH

rika.it

0

RIKA Innovative Ofentechnik GmbH is an established Austrian manufacturer specializing in high-quality wood, pellet, and combined stoves for residential heating. The company maintains a strong market position in the European energy sector, offering innovative products supported by an extensive dealer network and digital tools such as an online stove configurator. The website is professionally designed, multilingual, and targets homeowners seeking efficient heating solutions. Technically, the site leverages modern JavaScript frameworks and libraries, is hosted on DigitalOcean infrastructure, and integrates marketing and analytics tools with user consent mechanisms. Security posture is solid with HTTPS enforcement, reCAPTCHA protection on forms, and cookie consent, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR requirements.

R

RIKA Innovative Ofentechnik GmbH

rika.fr

0

RIKA Innovative Ofentechnik GmbH is an Austrian-based manufacturer specializing in high-quality wood, pellet, and hybrid stoves, with a strong market presence in France and Europe. The company emphasizes innovation, sustainability, and customer-centric services such as an online stove configurator and a broad dealer network. Their website reflects a professional and modern digital presence, leveraging advanced JavaScript libraries and CDN hosting to ensure fast and responsive user experience. Privacy and cookie policies are comprehensive and GDPR compliant, with clear consent mechanisms implemented. Security posture is strong, with HTTPS enforced, security headers present, and no visible vulnerabilities or exposed sensitive data. However, WHOIS data is unavailable, likely due to privacy protection, which is justified given the business nature. Overall, the website is trustworthy, well-branded, and provides clear contact and support channels.

R

RIKA Innovative Ofentechnik GmbH

rika.eu

0

RIKA Innovative Ofentechnik GmbH is an Austrian manufacturer specializing in high-quality wood-burning, pellet, and combination stoves for residential heating. The company maintains a strong market position with innovative technologies such as RIKATRONIC controllers and online stove configurators, serving a broad international audience through multiple country-specific domains and a dealer network. The website reflects a mature digital presence with comprehensive product information, customer testimonials, and multilingual support. Technically, the website employs modern JavaScript libraries and CDN hosting to ensure good performance and mobile optimization. It integrates Google Tag Manager and Facebook Pixel for analytics and marketing, alongside Cookiebot for GDPR-compliant cookie consent. Security best practices include HTTPS enforcement and reCAPTCHA on forms, though some security headers and incident response disclosures could be improved. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear privacy and cookie policies. Business credibility is high, supported by transparent contact information, professional content, and trust signals. WHOIS data is privacy protected per EURid policy, which is typical for European domains, and does not detract from the legitimacy of the business. Overall, RIKA's website demonstrates a professional, secure, and user-friendly platform aligned with its business goals and regulatory requirements.

X

Xplore Fitness Na Příkopě

xplorefitness.cz

0

Xplore Fitness Na Příkopě is a prominent fitness center located in the heart of Prague, offering a wide range of fitness and wellness services including gym facilities, group classes, martial arts, and additional amenities such as solariums and massages. The business positions itself as the largest and most modern fitness center in Prague's city center, targeting fitness enthusiasts and the general public. The website is professionally designed, content-rich, and provides clear navigation and multilingual support (Czech and English). The company maintains active social media channels and regularly updates its content with news and events. Technically, the site is built on WordPress with several plugins for enhanced user experience and analytics integration. However, the WordPress version is outdated, posing potential security risks. The site employs HTTPS and cookie consent mechanisms, demonstrating good privacy compliance. Security policies and incident response information are not explicitly published, representing an area for improvement. Overall, the website is trustworthy, well-maintained, and compliant with GDPR requirements.

M

MČ Praha 5

praha5.cz

0

The website www.praha5.cz serves as the official online presence for the Municipal District Prague 5, providing residents and visitors with information about local government services, community events, and administrative resources. The site targets the local population of Prague 5 and operates as a government/public service entity. Technically, the site is built on WordPress 6.4.1, utilizing common plugins such as Events Manager and Cookiebot for event management and cookie consent respectively. The infrastructure shows moderate performance and good mobile optimization, though accessibility features are basic. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism, which are positive indicators. However, no explicit security headers were detected, and the WHOIS data for the domain is unavailable, which slightly reduces trustworthiness. No critical vulnerabilities or exposed sensitive data were found in the analysis. Privacy compliance is partial, with a cookie policy present but no clear privacy policy or terms of service pages identified. Overall, the website is a legitimate municipal government portal with good content quality and user experience. The absence of WHOIS data and some missing compliance documents suggest areas for improvement. Strategic recommendations include implementing comprehensive privacy and security policies, enhancing security headers, and verifying domain registration details to strengthen trust and compliance.

M

MEDIA FACTORY Group

mfgroup.cz

0

MEDIA FACTORY Group is a Czech-based digital services company specializing in web development, system development, and tailored promotional strategies to help businesses innovate and grow online. The company positions itself as an expert in digital innovation, marketing, and analytics, targeting business clients seeking advanced digital solutions. The website is professionally designed, mobile-optimized, and integrates modern technologies such as Webflow CMS, Google Tag Manager, reCAPTCHA, and Cookiebot for privacy compliance. Security posture is strong with HTTPS enforced and security headers present, although no explicit security policy or incident response information is published. The absence of WHOIS registration data is a concern for domain legitimacy, but the website's professional presentation and privacy compliance mitigate some risk. Overall, the site demonstrates a mature digital infrastructure suitable for its business model.

B

BESTA

besta.cz

0

BESTA operates as a Czech Republic-based e-commerce retailer specializing in bathroom, plumbing, and heating products. The website presents a professional and well-structured online store powered by the Shoptet platform, targeting general consumers seeking installation and heating supplies. The business appears to be a small-sized local retailer with a focused market niche. Technically, the website employs standard modern web technologies including Google Analytics, Facebook Pixel, and Biano Pixel for marketing and tracking purposes, alongside a cookie consent mechanism to comply with privacy regulations. However, the use of an outdated jQuery version and absence of explicit privacy and terms of service pages indicate areas for improvement. Security posture is moderate with HTTPS enforced but lacking explicit security headers and incident response information. The absence of WHOIS data reduces domain trustworthiness, though the website content and technical setup suggest a legitimate business presence. Overall, the site is accessible without WAF or blocking mechanisms and contains no adult or questionable content.

Y

Úvod | Yankeesvicky.cz

yankeesvicky.cz

0

The website www.yankeesvicky.cz is a small-scale e-commerce platform focused on retailing Yankees sports merchandise primarily targeting the Czech Republic market. The site features basic content and design, with a functional user interface and mobile optimization. It integrates several third-party technologies including jQuery, Google Maps API, and delivery service scripts, indicating a moderate level of technical maturity. However, the absence of a privacy policy and limited business information reduces its compliance and trustworthiness. Security posture is moderate with HTTPS usage and CSRF token presence but lacks advanced security headers and explicit vulnerability disclosures. Overall, the site is functional but would benefit from enhanced transparency, security practices, and privacy compliance to improve user trust and regulatory adherence.