Germany security reports

M

Marktplatz Mittelstand GmbH & Co. KG

agentur.de

42

Agentur.de is a German online platform operated by Marktplatz Mittelstand GmbH & Co. KG that connects businesses, freelancers, and private individuals with qualified agencies across various sectors such as online marketing, graphic design, SEO, branding, software development, and more. The platform offers a comprehensive directory with over 70,000 listed agencies and facilitates free, non-binding inquiries for clients, positioning itself as a significant player in the German agency marketplace. The website features professional design, clear navigation, and a user-friendly interface optimized for mobile devices, reflecting a mature digital presence. Technically, the site employs modern web technologies including JavaScript, CSS, Bootstrap, and integrates third-party services like eTracker for analytics and OneTrust for cookie consent management. Security-wise, the site enforces HTTPS and uses cookie consent mechanisms but lacks explicit security headers and a published security policy or incident response contacts. Overall, the domain registration data aligns well with the business identity, supporting the site's legitimacy and trustworthiness.

C

Community OFFICEsax.de

officesax.de

52

OFFICEsax.de is a specialized job board and social recruiting platform focused on business administration jobs and internships in the Saxony region of Germany. It operates as a community under the Empfehlungsbund network, leveraging a recommendation code system to facilitate candidate referrals among partner companies. The platform targets job seekers and employers within the regional business administration sector, offering curated job listings and internship opportunities. The website demonstrates a consistent brand presence and a professional design that supports user engagement and navigation. Technically, the website employs modern frontend technologies including Vite, Bootstrap, and JavaScript ES modules, with integration of Sentry for error tracking. The site is mobile optimized and provides a moderate performance experience. However, it lacks some advanced security headers and explicit privacy and cookie policies, which are important for compliance and user trust. The site uses HTTPS and includes CSRF tokens, indicating a baseline security posture. From a security perspective, the website is accessible without WAF or blocking mechanisms, and no critical vulnerabilities were detected in the provided content. The absence of privacy and cookie policies, as well as incident response contacts, represents compliance gaps that should be addressed. The domain WHOIS data is limited but does not raise immediate concerns, though registrant details are sparse. Overall, OFFICEsax.de is a credible and focused regional job platform with good business credibility and technical implementation. Strategic improvements in privacy compliance and security transparency would enhance trust and regulatory adherence.

C

Community ITsax.de

itsax.de

53

ITsax.de is a specialized job board and social recruiting platform focused on the IT and software industry in Saxony, Germany. It serves as a community hub connecting IT professionals, students, and employers, facilitating job and internship placements. The platform is part of the Empfehlungsbund network, which emphasizes recommendations and referrals among partner companies. The website features a modern, responsive design with a clear focus on user experience and relevant content for its target audience. Technically, it employs contemporary web technologies including Bootstrap, Vue.js, and StimulusJS, hosted on infrastructure associated with GoDaddy. Security practices include HTTPS and CSRF protection, though explicit security headers and privacy policies are absent, indicating room for improvement in compliance and security transparency. Overall, the site is professional and trustworthy, with a strong market position in its niche.

B

Bundesministerium der Finanzen

bundesfinanzministerium.de

63

The Bundesfinanzministerium website serves as the official digital presence of the German Federal Ministry of Finance, providing comprehensive information on finance, taxation, public budget, and economic policy. It targets a broad audience including citizens, businesses, media, and policymakers. The site offers key services such as tax information, public finance data, customs details, and various online calculators and publications. The ministry holds a strong market position as the federal authority responsible for financial governance in Germany. Technically, the website is built on a government-specific CMS (Government Site Builder) and employs modern JavaScript libraries including jQuery and RequireJS. It integrates Matomo analytics with a strict consent mechanism ensuring GDPR compliance and user privacy. The site demonstrates good performance, mobile optimization, and excellent accessibility features including sign language and plain language options. From a security perspective, the site enforces HTTPS, anonymizes IP addresses in analytics, and respects user consent for tracking. While explicit security policies and incident response contacts are not published, the site follows best practices for privacy and data protection. No vulnerabilities or suspicious elements were detected in the content or WHOIS data, which aligns with the official government entity. Overall, the website is professional, trustworthy, and compliant with privacy regulations, making it a reliable source of official financial information for Germany.

B

BWmedien GmbH

bwmedien.biz

52

BWmedien GmbH is a German-based full-service IT and media provider established in 2001, specializing in web development, digital marketing, hosting, and proprietary software solutions including CMS, CRM, and ERP systems. The company positions itself as a regional pioneer with a strong focus on delivering tailored digital solutions to businesses and organizations. Their website reflects a professional and comprehensive service offering with clear navigation, modern design, and mobile optimization. Technically, the site uses a proprietary CMS (BWcms), modern JavaScript libraries like Swiper.js, and HTML5 video, hosted on infrastructure with DNS servers under net-build.net and domain registration via RegistryGate GmbH. Security posture is good with HTTPS enabled and domain transfer protection, though DNSSEC is not enabled and some security headers are not explicitly detected. Privacy compliance is strong with visible GDPR-aligned privacy and cookie policies and consent mechanisms. Contact information is clearly provided including phone and social media channels. Overall, BWmedien GmbH demonstrates a mature digital presence with high trustworthiness and professional credibility.

B

BWmedien GmbH

bwcms.eu

34

BWmedien GmbH operates BWcms, a cloud-based content management system designed to combine the simplicity of a homepage builder with the complex needs of businesses. The company targets professional users and enterprises seeking an easy-to-use yet powerful CMS solution. Their market position is that of a niche provider focusing on cloud CMS with integrated hosting and support services. The website reflects a mature digital presence with good content quality, clear navigation, and professional branding. Technically, the site uses modern JavaScript libraries such as Swiper.js and a proprietary CMS framework, with good mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and cookie consent mechanisms, though some security headers and explicit policies could be improved. Overall, the site is trustworthy and compliant with GDPR, supported by comprehensive privacy and cookie policies. The lack of WHOIS registrant data is due to EURid privacy policies, but the domain and business information are consistent and legitimate.

O

Originalmatcha.de

originalmatcha.de

55

Originalmatcha.de is a German e-commerce retailer specializing in authentic Japanese Matcha tea products. The website offers a range of organic and certified Matcha teas, targeting health-conscious consumers interested in premium green tea. The business operates primarily online with a niche market focus and maintains a consistent brand presence supported by certifications and customer reviews. Technically, the site is built on the Shoptet platform, leveraging common web technologies such as jQuery, Google Analytics, Facebook Pixel, and Hotjar for analytics and marketing. The site is mobile-optimized and provides a good user experience with clear navigation and product information. Security posture is solid with HTTPS enforced and CSRF protections in place, though some security headers are missing and the jQuery version is outdated. Privacy compliance is well addressed with GDPR-aligned cookie consent and privacy policies. Overall, the site is trustworthy and professional, though it could improve by publishing explicit security policies and updating some technical components.

S

So Loved Manufacture

soloved.de

74

So Loved Manufacture is a small German e-commerce retailer specializing in handcrafted and personalized jewelry such as rings, earrings, and necklaces made from materials like 925 silver, Fimo, and stainless steel. The company leverages an online platform to offer laser engraving personalization, targeting consumers seeking modern and lovingly designed accessories. The website is built on the Shopify platform, utilizing modern web technologies and third-party integrations for marketing, analytics, and customer support. The technical infrastructure is robust, with fast performance, mobile optimization, and good SEO practices. Security posture is strong, with HTTPS enforced, appropriate security headers, and GDPR-compliant cookie consent mechanisms. However, explicit security policies and incident response contacts are not publicly available. Overall, the site presents a professional and trustworthy online presence with room for improvement in transparency and accessibility.

W

webit! Gesellschaft für neue Medien mbH

webit.de

11

webit! Gesellschaft für neue Medien mbH is a well-established full service digital agency based in Dresden, Germany, founded in 1997. The company specializes in providing comprehensive digital solutions including strategy and consulting, UX/UI design, development, and operations, targeting primarily mid-sized enterprises. Their market position is strong, supported by partnerships with leading CMS and marketing platforms such as TYPO3, Sitecore, Ibexa, Kentico, and Storyblok. The website reflects a professional and modern digital presence with excellent content quality and user experience. Technically, the site leverages modern frameworks like Next.js and React, hosted on Vercel, and integrates advanced CMS and marketing automation tools.

U

UDG

udg.de

9

UDG is a German-based digital brand consultancy focused on enabling authentic, real-time, and networked interactions between consumers and brands. The company positions itself as a partner for smart brands navigating the digital world, offering services in brand management and integrated communication across channels. The website reflects a modern digital presence built on the Astro framework and Storyblok CMS, with analytics and consent management implemented via Google Tag Manager and Usercentrics respectively. Security posture is adequate with HTTPS enabled, but lacks explicit security headers and published security policies. Privacy compliance is partial, with a cookie consent mechanism present but no visible privacy policy or terms of service. Overall, the website is professional and well-structured, targeting business clients in the technology and marketing sectors.

I

ILE Nationalparkgemeinden e.V.

ile-nationalparkgemeinden.de

30

ILE Nationalparkgemeinden e.V. is a regional non-profit association of municipalities in the Bavarian Forest area focused on fostering cross-border cooperation, sustainable regional development, cultural initiatives, and climate and energy projects. The website serves as an information hub for member municipalities and stakeholders, providing news, project details, and contact information. The organization positions itself as a key regional player facilitating collaboration between Bavarian and Bohemian communities. Technically, the website is built on the BWcms content management system, utilizing modern JavaScript libraries such as Swiper.js for interactive content. The site is well-structured, mobile-optimized, and includes appropriate SEO metadata. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though it lacks explicit security policies and advanced security headers. Overall, the site is trustworthy, professional, and compliant with GDPR requirements. Strategic improvements could focus on enhancing security headers, publishing incident response information, and adding vulnerability disclosure mechanisms.

O

ORLEN Unipetrol Deutschland

orlenunipetrol.de

63

ORLEN Unipetrol Deutschland is a significant entity within the ORLEN Group, operating primarily in the energy and petrochemical sectors in Germany. The website reflects a corporate B2B focus, providing information about refining and petrochemical products and services. The company maintains a consistent brand presence aligned with its parent company, PKN ORLEN, and its subsidiaries. The digital infrastructure is based on Microsoft SharePoint, indicating a mature but traditional CMS choice. The site employs modern web technologies such as jQuery, Bootstrap, and Cookiebot for cookie consent management, demonstrating compliance with GDPR and user privacy standards. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although some security headers could be improved. No critical vulnerabilities or suspicious content were detected. Overall, the website is professional, trustworthy, and compliant with relevant privacy regulations.

O

ORLEN Deutschland GmbH

orlen-deutschland.de

61

ORLEN Deutschland GmbH is a large energy sector company operating over 600 fuel stations in Germany under the ORLEN and star brands. It is a subsidiary of the Polish multinational ORLEN S.A., a leading Central Eastern European energy company with significant revenues. The website provides corporate information, press releases, career opportunities, and partner programs, targeting customers, partners, and job seekers in Germany. Technically, the site is built on Microsoft SharePoint with ASP.NET Web Forms, using legacy jQuery and Cookiebot for cookie consent management. Google Analytics and Google Tag Manager are employed for analytics and tracking. Security posture is adequate with HTTPS and cookie consent but lacks published security policies or incident response contacts. Privacy compliance is partial, with no explicit privacy policy found in the scanned content. Overall, the site is professional and trustworthy but could improve transparency and accessibility.

G

Gemeinde Bayerisch Eisenstein

bayerisch-eisenstein.de

54

The website www.bayerisch-eisenstein.de serves as the official municipal portal for the community of Bayerisch Eisenstein, Germany. It provides comprehensive information and services for residents and tourists, including local government details, tourism highlights, event listings, and accommodation options. The site leverages TYPO3 CMS and integrates accessibility tools to enhance user experience. Social media channels are actively linked, supporting community engagement and tourism promotion. The content is well-structured, professionally presented, and localized in German, targeting both local citizens and visitors to the Bavarian Forest region. Technically, the site employs modern web technologies such as TYPO3 CMS, Owl Carousel, PhotoSwipe, and Google Analytics for tracking. Hosting is managed via agenturserver, with proper HTTPS encryption and cookie consent mechanisms in place, reflecting good digital maturity. Accessibility features and mobile optimization are well implemented, contributing to a positive user experience. From a security perspective, the website demonstrates a solid posture with HTTPS enabled, cookie consent, and no visible vulnerabilities or exposed sensitive data. However, some recommended security headers like Content-Security-Policy and X-Content-Type-Options are not explicitly detected and could be added to enhance security. No explicit security policies or incident response contacts are published, which could be improved to increase transparency and readiness. Overall, the website is trustworthy, professionally maintained, and compliant with GDPR requirements. It effectively supports the municipality's communication and tourism objectives while maintaining a good security and privacy baseline.

E

EUROPARC Federation

europarc.org

57

The EUROPARC Federation is a well-established non-profit organization representing a large network of European Protected Areas across 40 countries. It serves as a professional forum for collaboration, training, advocacy, and project management focused on nature conservation and sustainable tourism. The website reflects a mature digital presence with comprehensive content, clear navigation, and active social media engagement. Technically, the site is built on WordPress with modern plugins and APIs, delivering moderate performance and good mobile optimization. Security posture is solid with HTTPS and no obvious vulnerabilities, though some security headers could be improved. Privacy compliance is strong with GDPR-aligned policies and cookie consent mechanisms. The lack of WHOIS transparency slightly impacts domain trust but is offset by EU funding support and professional presentation. Overall, the site is trustworthy, content-rich, and well-positioned in its sector.

M

MMM Group

mmmgroup.com

68

MMM Group is a well-established company specializing in cleaning, disinfection, and sterilization solutions for healthcare and life science sectors. With a history dating back to 1954, the company positions itself as a leading system provider in Germany and Europe, offering a comprehensive product and service portfolio including modular construction and general contracting for medical product processing units. The website is professionally designed, multilingual, and optimized for SEO, reflecting a mature digital presence. Technically, the site runs on WordPress with modern plugins such as Yoast SEO and Borlabs Cookie for privacy compliance. Security posture is adequate with HTTPS and cookie consent but lacks some security headers and explicit privacy and terms of service documentation. WHOIS data is missing or not found, which raises concerns about domain registration legitimacy despite the professional appearance and detailed business information on the site. Overall, the site is safe, trustworthy, and targets healthcare professionals and organizations. Strategic improvements in transparency and security documentation are recommended.

R

Rhine-Ruhr 2025

rhineruhr2025.com

70

Rhine-Ruhr 2025 is the official organizer of the FISU World University Games scheduled for July 2025 across multiple German cities. The website serves as a comprehensive portal for event information, including schedules, sports, festival activities, news, and ticketing. It targets students, athletes, volunteers, media, and spectators, providing essential services such as ticket sales and volunteer coordination. Technically, the site is built on modern frameworks like Next.js and Material-UI, ensuring a responsive and visually appealing user experience. Security posture is solid with HTTPS and security headers implemented, though visible privacy and cookie policies are absent, representing a compliance gap. Overall, the site is professional and trustworthy, with legitimate WHOIS data supporting its authenticity.

K

Kooperationsprogramm Freistaat Sachsen – Tschechische Republik

sn-cz2020.eu

55

The website www.sn-cz2020.eu serves as an informational portal for the EU-funded cooperation program between the Free State of Saxony and the Czech Republic for the 2014-2020 funding period. It primarily targets public sector entities and project partners involved in cross-border collaboration. The site provides program details, project listings, and links to successor programs. Technically, the site uses standard JavaScript libraries including Piwik for analytics and Modernizr for feature detection, with a custom or unknown CMS. The site is moderately optimized for performance and accessibility but lacks advanced mobile responsiveness and SEO features. Security posture is moderate with no explicit HTTPS or security headers detected in the provided data, and no cookie consent mechanism is present, indicating room for improvement in privacy compliance. The domain registration aligns well with the program's governmental nature and regional focus, supporting high legitimacy. Overall, the site is professional and trustworthy but would benefit from enhanced security and privacy features.

G

GLS

gls-group.com

69

GLS is a well-established parcel delivery and logistics company operating primarily in Europe with an international presence. The website reflects a professional and consistent brand image, targeting both general consumers and businesses requiring parcel shipping services. The technical infrastructure includes modern JavaScript usage and cookie consent mechanisms, hosted likely by Deutsche Telekom AG, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and explicit security policies. Privacy compliance is strong with GDPR-aligned cookie consent and privacy policy. Overall, the website is trustworthy and professionally maintained, though improvements in security transparency and DNS security are recommended.

E

ERF Medien e.V.

bibleserver.com

64

ERF Bibleserver is a non-profit Christian media service operated by ERF Medien e.V., providing a comprehensive digital platform for Bible study with over 45 international Bible translations, study tools, and an AI chatbot assistant. The website is well-positioned in the religious media sector, leveraging partnerships with major Bible societies such as Biblica and Crossway to offer authoritative content. Technically, the site employs modern frameworks like Vue.js and Vuetify, ensuring a responsive and accessible user experience. Privacy and cookie consent mechanisms are robust and GDPR compliant, reflecting a mature approach to user data protection. Security posture is strong with HTTPS enforced and no evident vulnerabilities, although some security headers could be improved. Overall, the site presents a professional, trustworthy, and user-friendly platform for its target audience.

E

EUMETSAT

eumetsat.int

70

EUMETSAT is a European intergovernmental organization dedicated to operational satellite meteorology, climate, and environmental monitoring. The website serves as a comprehensive portal for satellite data, scientific research, and user engagement, targeting governmental agencies, meteorological services, researchers, and the public. It maintains a strong market position as a leading European satellite agency with a focus on weather and climate data provision. Technically, the website is built on Drupal 10 with modern web technologies including jQuery, Bootstrap, and Swiper.js, hosted on Microsoft Azure DNS infrastructure. It demonstrates good digital maturity with mobile optimization, accessibility features, and SEO best practices. Analytics are implemented via Google Analytics and Tag Manager with privacy-conscious configurations. From a security perspective, the site enforces HTTPS, uses cookie consent mechanisms, and obfuscates emails to reduce spam. However, explicit security policies and incident response contacts are not publicly available, and some security headers could be more explicitly defined. The domain WHOIS data confirms legitimacy and long-term registration consistent with an established governmental entity. Overall, the website is professional, trustworthy, and well-maintained, with minor recommendations to enhance security transparency and header configurations.

The Deutscher Wetterdienst (DWD) is Germany's national meteorological service, providing comprehensive weather and climate data, forecasts, warnings, and environmental consulting. The website serves both professional users and the general public with detailed meteorological information and research insights. It holds a strong market position as a government authority in weather and climate services. Technically, the site uses a government-specific CMS with modern web technologies, ensuring good performance, accessibility, and mobile optimization. Security posture is solid with HTTPS and privacy-conscious features, including consent mechanisms for third-party content. However, explicit security headers and a published security policy could enhance the security maturity. Overall, the site is professional, trustworthy, and compliant with GDPR and cookie regulations.

T

TrustYou GmbH

trustyou.com

70

TrustYou GmbH operates as a leading hospitality AI platform headquartered in Germany, offering advanced AI-driven solutions such as Customer Experience Platform (CXP), Customer Data Platform (CDP), and AI Agents to enhance guest experiences and optimize bookings. The company positions itself as a market leader in hospitality technology, serving global hospitality brands since 2008. Their digital presence is professional, leveraging modern web technologies and compliance tools to ensure a seamless user experience. The website is well-structured, mobile-optimized, and integrates essential analytics and marketing tools, reflecting a mature technical infrastructure. Security posture is strong with HTTPS enforcement, reCAPTCHA integration, and cookie consent mechanisms, although explicit security policies and vulnerability disclosure channels are not publicly available. The absence of WHOIS domain registration data is a notable gap, warranting further verification. Overall, TrustYou presents a credible and professional business with a solid digital footprint and good security hygiene.

Hamburger Hafen und Logistik AG (HHLA) is a leading European logistics and transportation company specializing in the development and operation of logistical and digital hubs for future transport flows. The company operates multiple seaport terminals across Europe and a dense intermodal transport network, positioning itself as a key player in sustainable and innovative logistics solutions. The website targets customers, investors, media, and career seekers, providing comprehensive information about services, corporate governance, sustainability, and career opportunities. Technically, the site is built on TYPO3 CMS, integrates privacy-respecting Matomo analytics, and uses modern web technologies such as Bootstrap and Splide.js for UI components. The security posture is solid with HTTPS enforced and no exposed sensitive data, though improvements can be made by adding security headers and explicit cookie consent mechanisms. Overall, the website reflects a mature digital presence aligned with the company's large enterprise status and strong market position.

E

Evangelische Kirche in Deutschland

ekd.de

67

The Evangelische Kirche in Deutschland (EKD) operates a comprehensive and professionally designed website serving as the central information hub for the Protestant churches in Germany. The site provides extensive resources including organizational information, contact details, thematic campaigns, and spiritual content targeting members and interested parties within the religious community. The EKD holds a strong national position as an umbrella organization for 20 regional churches and over 14,000 congregations. Technically, the website employs modern web standards with responsive design and integrates etracker analytics while respecting user privacy through cookie consent mechanisms. Security posture is solid with HTTPS enforced and no evident vulnerabilities, though formal security policies and incident response contacts are not published. Overall, the site demonstrates high trustworthiness and compliance with GDPR, making it a reliable source for its audience.

W

Wendepunkt e.V.

wendepunkt-ev.de

46

Wendepunkt e.V. is a German non-profit organization dedicated to promoting respect and non-violence in upbringing, partnerships, and sexuality. It offers a broad range of services including trauma counseling, child protection, family support, prevention programs, offender relapse prevention, and professional training. The organization targets children, youth, families, and professionals, positioning itself as a key regional player in Schleswig-Holstein for social and educational services. The website is built on WordPress with a moderate to good technical infrastructure, including modern plugins and responsive design. Security posture is solid with HTTPS and no visible vulnerabilities, though improvements in security headers and incident response transparency are recommended. Privacy compliance is good with a comprehensive GDPR privacy policy, but lacks a cookie consent mechanism. Overall, the site is professional, trustworthy, and well-aligned with its mission.

B

Behnshop

behnshop.de

47

Behnshop is a German e-commerce retailer specializing in a wide range of alcoholic beverages, including spirits, liqueurs, and regional classics. The website positions itself as a trusted source for well-known brands and offers a comprehensive online shopping experience targeting mature consumers interested in quality spirits. The business appears to be medium-sized with a history dating back to 2014, likely affiliated with the Waldemar Behn GmbH brand portfolio. Technically, the site employs modern web technologies such as jQuery, Font Awesome, and integrates an advanced accessibility tool (digiaccess) to enhance usability for users with disabilities. The platform is likely built on a commercial e-commerce CMS, possibly Shopware, and is hosted with domain control services provided by GoDaddy.

B

Behn Getränke

behn-getraenke.de

42

Behn Getränke is a regional beverage wholesaler and retailer operating in Schleswig-Holstein, Germany, with a long-standing family business history dating back to 1892. The company offers beverage markets in multiple locations and provides gastronomy consulting and event inventory services. The website is built on WordPress with common plugins such as Yoast SEO and WPBakery Page Builder, indicating a moderate level of digital maturity. Accessibility is a strong focus, with an advanced accessibility tool integrated to support various user needs. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, but lacks explicit security headers and incident response information. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is professional and trustworthy but could improve in privacy and security transparency.

K

Kommunikationswerk der Nordkirche in Kooperation mit dem Landeskirchenamt

kollekten.de

54

The website kollekten.de serves as an official platform for the Evangelisch-Lutherische Kirche in Norddeutschland (Nordkirche) to provide information about the Kollektenkatalog 2025/2026, which supports various church and social projects. It targets church communities, donors, and social organizations primarily in Northern Germany. The site offers detailed project descriptions, downloadable resources, and theological background on collections in church services. Technically, the site is built on TYPO3 CMS, enhanced with Yoast SEO for TYPO3 and uses Matomo analytics for user tracking. It is well-structured, mobile-optimized, and includes GDPR-compliant cookie consent mechanisms. Security posture is strong with HTTPS and standard security headers, though explicit security policies and incident response contacts are not published. Overall, the site reflects a professional, trustworthy non-profit church platform with clear contact information and consistent branding.

S

Stabsstelle Prävention - Fachstelle gegen sexualisierte Gewalt der Nordkirche

kirche-gegen-sexualisierte-gewalt.de

47

The website represents the Stabsstelle Prävention, a specialized non-profit church-affiliated organization focused on prevention, intervention, and support related to sexualized violence within the Evangelical Church in Northern Germany (Nordkirche). It provides resources, contact points, and educational materials for affected individuals and church staff. The site is positioned as a trusted regional authority with clear church ties and a focus on transparency and support. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries like jQuery and stickybits for UI enhancements. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. Security posture is good with HTTPS enforced, but lacks some advanced security headers and explicit incident response contacts. Privacy compliance is mostly met with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the site is professional, trustworthy, and well-aligned with its mission. The domain WHOIS data is limited but does not raise significant concerns. No blocking or WAF interference was detected, allowing full content access and analysis.

I

Investitionsbank Schleswig-Holstein (IB.SH)

ibsh-unternehmerinnenpreis.de

66

The website www.ibsh-unternehmerinnenpreis.de represents the IB.SH-Unternehmerinnenpreis, an entrepreneurship award initiative by the Investitionsbank Schleswig-Holstein (IB.SH) aimed at recognizing and promoting female entrepreneurs in Schleswig-Holstein, Germany. The site serves as an informational and promotional platform for the award, showcasing winners, jury members, and providing downloadable resources such as FAQs, press releases, and social media kits. The business model is non-profit and government-affiliated, focusing on fostering female entrepreneurship and economic diversity in the region. Technically, the website is built on TYPO3 CMS, a robust open-source content management system, and uses Matomo for analytics, reflecting a privacy-conscious approach. The site is mobile-optimized, accessible, and SEO-friendly with proper meta tags and structured content. However, some security headers are missing, which could be improved to enhance security posture. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms compliant with GDPR. No critical vulnerabilities or exposed sensitive data were detected. Contact information is clearly provided with multiple dedicated contacts, enhancing trust and transparency. The absence of explicit security or incident response policies is noted but not uncommon for this type of site. Overall, the website is professional, trustworthy, and well-aligned with its mission. It effectively supports the IB.SH's goal of empowering female entrepreneurs in Schleswig-Holstein. Strategic improvements in security headers and publishing security policies could further strengthen its security posture and user trust.

M

Markant

voila-startups.com

52

voila-startups.com is a professional platform operated under the Markant brand, designed to connect startups and innovators with one of the largest retail networks in Germany and Europe. The website facilitates product presentation to over 200 retail partners, offering startups a streamlined and cost-free channel to access retail shelves. The business model centers on enabling innovation diffusion within the retail sector, targeting startups seeking market entry and growth. The platform is moderately sized and founded in 2019, consistent with the domain registration data. Technically, the website is built on TYPO3 CMS, leveraging modern JavaScript libraries and tracking tools such as Facebook Pixel and Jentis for analytics and marketing. The site demonstrates good mobile optimization and SEO practices, though accessibility features are basic. Hosting and domain registration are managed by Deutsche Telekom AG, a reputable provider, ensuring stable infrastructure. From a security perspective, the site employs HTTPS and integrates cookie consent mechanisms, reflecting basic privacy compliance. However, it lacks explicit privacy and terms of service pages, security headers, and incident response contact information, which are areas for improvement. No WAF or blocking mechanisms were detected, and no vulnerabilities or suspicious patterns were found in the WHOIS data, indicating a trustworthy domain. Overall, voila-startups.com presents a solid business and technical foundation with moderate security posture. Strategic enhancements in privacy documentation, security headers, and contact transparency would elevate its compliance and trustworthiness, supporting its role as a credible startup-to-retail platform.

C

casavi

mycasavi.com

66

Casavi operates a specialized service portal platform for real estate management, primarily targeting property managers and tenants in Germany. The platform offers user account management, ticketing, document handling, and communication tools tailored for the real estate sector. The company has an established market presence since its domain registration in 2015 and hosts its services on Amazon AWS infrastructure, leveraging modern web technologies including React and Sentry for error tracking. Technically, the website demonstrates a mature digital infrastructure with secure login forms incorporating CSRF protection and input validation. The use of HTTPS and AWS hosting ensures a reliable and secure environment. However, the absence of DNSSEC and explicit security headers such as Content-Security-Policy indicates areas for security enhancement. The website is mobile-optimized with good design quality and clear navigation, supporting a positive user experience. From a security perspective, the site maintains a good posture with encrypted connections and secure form handling but lacks publicly available security policies and incident response contacts, which are important for transparency and trust. Privacy compliance is partially met with comprehensive privacy and terms of service pages, though the lack of a cookie consent mechanism may pose GDPR compliance risks. Overall, Casavi presents a trustworthy and professional online presence with room for improvement in security transparency and privacy compliance. Strategic enhancements in security headers, cookie consent, and incident response disclosures would strengthen its security posture and regulatory adherence.

Immonet is a major German real estate marketplace operated by AVIV Germany GmbH, offering a comprehensive platform for buying, renting, and selling properties including houses, apartments, and commercial real estate. The website targets individuals and businesses in Germany seeking real estate services, providing additional tools such as financing calculators, relocation services, and real estate valuation. The platform is well-positioned in the German market with a professional and user-friendly interface.

A

AVIV Germany GmbH

immowelt.de

65

Immowelt.de is a leading German real estate portal operated by AVIV Germany GmbH, offering a comprehensive platform for property search, rental, purchase, and related services such as financing and moving assistance. The website targets private individuals and real estate professionals seeking residential and commercial properties across Germany. It holds a strong market position, evidenced by multiple awards and partnerships with reputable service providers like SCHUFA and Interhyp. Technically, the website employs modern web technologies including React and integrates a consent management platform (Usercentrics) for GDPR compliance. Hosting is managed via Amazon AWS, ensuring reliable performance and scalability. The site is well-optimized for mobile devices and accessibility, with a clean, professional design and clear navigation. From a security perspective, immowelt.de enforces HTTPS, implements key security headers, and avoids exposing sensitive data in its HTML content. However, explicit security policies and incident response information are not publicly available, representing an area for improvement. Privacy compliance is partially addressed through the use of a consent management platform, but the absence of a clearly accessible privacy policy and terms of service reduces overall compliance confidence. Overall, immowelt.de presents a trustworthy and professional online presence with strong business credibility and technical maturity. Strategic enhancements in privacy transparency and security documentation would further strengthen its risk posture and user trust.

nivia.de is a German technology company specializing in avalanche transceiver devices featuring advanced 3D technology for faster and more precise search capabilities. The website presents a professional and focused product offering targeting skiers, mountaineers, and rescue professionals. The company positions itself as an innovator in avalanche safety technology with a small business footprint. Technically, the site uses modern web technologies including JavaScript ES modules, SVG graphics, and the UIkit framework, hosted on kasserver.com. The site is mobile optimized with good SEO and accessibility basics. Security posture is moderate with HTTPS implied but lacking explicit security headers and cookie consent mechanisms. No direct contact emails or phone numbers are visible, with contact likely via forms. Overall, the site is trustworthy and professional but could improve in privacy compliance and security transparency.

O

Ortovox

ortovox.com

62

Ortovox Sportartikel GmbH is a well-established German company specializing in outdoor equipment and apparel, particularly for mountain sports and safety. Founded in 1980 by Gerald Kampel, the company targets outdoor enthusiasts and safety-conscious consumers with a retail business model. The website is professionally designed, mobile-optimized, and provides clear contact information and social media presence, indicating a mature digital footprint. Technically, the site uses modern JavaScript libraries and analytics tools such as Matomo and Google Tag Manager, supporting moderate user tracking and marketing efforts. Security posture is generally good with HTTPS enforced, though explicit security headers are not detected, and no public security or incident response policies are found. The WHOIS data for the domain is missing, which raises some concerns about registration transparency but does not detract significantly from the overall legitimacy given the professional web presence. Strategic recommendations include enhancing security headers, publishing security policies, and verifying domain registration details to improve trust.

P

PAX

pax-bags.de

54

PAX-Bags.com represents a medium-sized manufacturing business specializing in emergency backpacks, insert bags, and accessories with custom sizing and interior fittings. The company targets organizations requiring specialized emergency equipment, positioning itself as a niche manufacturer in this sector. The website is built on TYPO3 CMS with a modern technology stack including Bootstrap and jQuery, and integrates privacy compliance tools such as Usercentrics CMP and Google Tag Manager with consent mode. The site is professionally designed with good navigation and mobile optimization, though SEO is limited by a noindex robots directive. From a security perspective, the website enforces HTTPS and uses consent management for privacy compliance, but lacks explicit security headers and detailed security or incident response policies. No contact emails or phone numbers are clearly presented on the homepage, which may impact user trust and support accessibility. The absence of WHOIS data for the domain is a notable anomaly, reducing domain registration trustworthiness despite the professional website presence. Overall, the site demonstrates a solid technical foundation and privacy compliance but would benefit from enhanced security headers, clearer contact information, and resolution of WHOIS data visibility to improve trust and legitimacy. Strategic improvements in these areas would strengthen the security posture and business credibility.

M

makandra GmbH

makandra.de

74

makandra GmbH is a German-based technology company specializing in custom software development, hosting, DevOps, AI consulting, and UI/UX design. The company positions itself as a reliable full-service agency focused on delivering high-quality, maintainable software solutions tailored to client needs. Their website reflects a mature digital presence with professional design, clear navigation, and comprehensive service descriptions targeting business clients seeking bespoke software solutions. The company leverages modern technologies including Ruby on Rails, JavaScript, and integrates analytics tools such as Matomo and Google Analytics to monitor performance and user engagement. Privacy compliance is well addressed with a comprehensive privacy policy and an active cookie consent mechanism, indicating adherence to GDPR requirements. Security posture is strong with HTTPS enforced, CSRF protection, and no visible vulnerabilities or exposed sensitive data. However, explicit security policies and incident response contacts are not publicly available, representing an area for improvement. Overall, makandra GmbH demonstrates a solid business and technical foundation with a high level of professionalism and trustworthiness.

The website tempus-termine.com represents a small telecommunications service provider named Berner Telecom-Dienste based in Wuppertal, Germany. The domain has been registered since 2013, indicating a stable presence, but the website content is extremely minimal, consisting only of a heading and a single word paragraph. There is no metadata, no contact information, no privacy or cookie policies, and no visible security or compliance features. The technical infrastructure is basic, with no detected CMS, frameworks, or modern technologies. Hosting is provided by Vautron Rechenzentrum AG, a reputable data center and registrar. From a security perspective, the site lacks essential security headers, HTTPS status is unknown, and DNSSEC is not enabled, which could expose the domain to certain risks. No forms or data collection mechanisms are present, reducing immediate data protection concerns but also indicating a lack of user engagement features. The absence of privacy and cookie policies suggests non-compliance with GDPR and related regulations. The domain registration data is consistent and legitimate, with no privacy protection or suspicious patterns. Overall, the website's risk profile is moderate due to minimal content and lack of security best practices. The business credibility is low due to the absence of contact details and trust indicators. Strategic improvements should focus on enhancing website content, implementing security best practices including HTTPS and security headers, and publishing privacy and cookie policies to improve compliance and user trust.

B

BippesBrandão GmbH

bippesbrandao.de

65

BippesBrandão GmbH is a small, professional digital agency based in Offenbach, Germany, specializing in tailored digital solutions including strategy, user experience, visual design, and development. The company targets national and international clients seeking high-quality digital agency services. Their market position is supported by a portfolio of notable clients and a consistent, professional web presence. Technically, the website employs modern web standards, including HTML5, CSS3, JavaScript, and integrates multimedia content via Vimeo. The use of a headless CMS (Directus) for media management indicates a modern content infrastructure. Security-wise, the site enforces HTTPS, implements cookie consent for analytics, and anonymizes IPs in Google Analytics (though GA is currently commented out). However, security headers are not explicitly detected, and no incident response or vulnerability disclosure policies are published. Overall, the site is well-designed, user-friendly, and trustworthy, with minor improvements recommended in security headers and explicit security policies.

T

Toplage Immobilien GmbH

toplage-immobilien.de

45

Toplage Immobilien GmbH is a regional real estate brokerage firm based in Kiel, Germany, specializing in property sales, rentals, and related consulting services. The company is part of the larger wankendorfer Unternehmensgruppe, which enhances its market position and resource access. The website is professionally designed using TYPO3 CMS and targets property buyers, sellers, and renters in Schleswig-Holstein with clear service offerings and contact options. Technical infrastructure includes modern JavaScript libraries and privacy-conscious analytics via Matomo with cookies disabled. Security posture is good with HTTPS enabled and cookie consent mechanisms in place, though explicit security headers and incident response policies are not publicly disclosed. Overall, the website reflects a trustworthy and professional real estate business with strong compliance to GDPR and user privacy.

A

Adlershorst Immobilien GmbH

adlershorst-immobilien.de

41

Adlershorst Immobilien GmbH is a medium-sized German real estate company specializing in property sales, condominium and rental building management, and in-house skilled trades such as painting, plumbing, and electrical services. The company targets property owners, tenants, and investors primarily in Hamburg and surrounding regions. Their website is built on TYPO3 CMS and employs modern JavaScript libraries, reflecting a moderate level of digital maturity. The site is well-structured, mobile-optimized, and provides detailed contact information for multiple team members, enhancing user trust and engagement. Security posture is solid with HTTPS enforced and cookie consent implemented, though additional security headers and incident response information are absent. Overall, the website presents a professional and trustworthy image with no detected vulnerabilities or suspicious content.

DER MEDIENVERTRIEB operates a dedicated extranet portal named DMV-Extranet, providing its clients with 24/7 access to sales reporting, special evaluations, billing documents, and market observation data. The portal targets business clients and account managers, facilitating efficient distribution and management of media-related data. The website content is primarily in German, consistent with the company's German market focus. Technically, the website is built using JavaServer Faces with the PrimeFaces 6.2 framework, supplemented by jQuery and Font Awesome for UI components. The site demonstrates moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. The login form is standard, using POST with masked password input, but no advanced security headers or CSRF protections are evident. Security posture is moderate; while HTTPS is assumed (not explicitly confirmed in HTML), the absence of security headers and privacy compliance mechanisms such as cookie consent or GDPR policies indicates room for improvement. No vulnerabilities or exposed sensitive data were detected in the provided content. The WHOIS data shows consistent domain registration with professional name servers, supporting legitimacy. Overall, the site is functional and serves its business purpose but requires enhancements in privacy compliance, security headers, and user experience to improve trust and security posture.

K

karlsruhe.digital

karlsruhe.digital

54

karlsruhe.digital is a well-established digital initiative promoting Karlsruhe as a leading digital location and smart city. The website serves as a hub for information on digital innovation, events, expert groups, and community engagement, targeting a broad audience including students, researchers, startups, and residents. The technical infrastructure is modern, leveraging WordPress with advanced SEO, multilingual support, and cookie consent management, ensuring a high-quality user experience with excellent performance and accessibility. Security posture is strong with HTTPS enforced and privacy compliance mechanisms in place, although explicit security headers could be improved. The WHOIS data is limited due to TLD restrictions and privacy protection, but the website's professionalism and trust indicators support its legitimacy. Overall, karlsruhe.digital demonstrates a mature digital presence with a focus on transparency, user privacy, and community engagement.

I

Initiative Markt- und Sozialforschung e.V.

deutschlands-marktforscher.de

54

Initiative Markt- und Sozialforschung e.V. operates a professional and informative website focused on educating the German public about market and social research. The organization promotes participation in surveys to support evidence-based decision-making in politics, business, and society. The website is well-positioned nationally with clear communication, trust signals, and a strong emphasis on privacy and data protection. Technically, the site is built on WordPress with modern plugins and tools, including Yoast SEO and Matomo analytics configured for privacy compliance. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Overall, the site is trustworthy, accessible, and professionally maintained.

R

Rat der Deutschen Markt- und Sozialforschung

rat-marktforschung.de

57

The Rat der Deutschen Markt- und Sozialforschung e.V. is an independent self-regulatory institution in Germany focused on ensuring adherence to professional principles and codes of conduct in market and social research. It serves as a complaint body for various stakeholders including respondents, clients, and competitors, promoting integrity and quality in the industry. The organization has a clear market position as a trusted regulator within the German research community. Technically, the website is built on WordPress with the Avada theme and uses caching plugins to optimize performance. It is hosted likely by Deutsche Telekom-related infrastructure, ensuring reliable service. The site is mobile-optimized and includes modern SEO practices such as Open Graph and JSON-LD structured data, although some accessibility features could be improved. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks some security headers and does not provide explicit incident response or security policies. Privacy compliance is partially addressed with a privacy policy present, but no cookie consent mechanism was detected. Contact information is primarily via a web form, with no direct emails or phone numbers publicly listed. Overall, the website presents a professional and trustworthy front for the organization, with good content quality and business credibility. Strategic improvements in security headers, privacy consent, and contact transparency would enhance its security posture and compliance standing.

D

Deutscher Verband für Wohnungswesen, Städtebau und Raumordnung e.V.

netzwerk-quartier.de

57

The website 'Gemeinsam für das Quartier' is a German government-funded initiative focused on fostering partnerships and cooperative urban development in neighborhoods, city centers, rural areas, and small towns. It is managed by the Deutscher Verband für Wohnungswesen, Städtebau und Raumordnung e.V. and STADT ALS CAMPUS e.V., with funding from the Federal Ministry for Housing, Urban Development and Building. The site serves as a platform for networking, knowledge exchange, and organizing workshops to promote community-oriented city development. Technically, the site is built on the Webflow CMS platform, uses modern web technologies like Google Fonts and jQuery, and is hosted on a performant CDN. It is mobile-optimized and provides a good user experience with clear navigation and professional design. Security-wise, the site enforces HTTPS but lacks advanced security headers and explicit incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and professional, with no signs of malicious activity or suspicious content.

The website ebz-ak.de currently serves only a 404 error page indicating that the requested content is not found. The visible branding indicates the entity 'EBZ Akademie', but no further business description or services are presented on this page. The site is hosted on HubSpot CMS and uses HubSpot's analytics and marketing tools. The technical infrastructure is modern but minimal in content and SEO optimization. Security posture is weak due to lack of visible security headers and absence of privacy or cookie policies. No contact or incident response information is provided, limiting transparency and trust. Overall, the site is accessible but lacks substantive content, which severely limits its business credibility and user experience.

D

DPV Deutscher Pressevertrieb GmbH

dpv-hamburg.de

39

DPV Deutscher Pressevertrieb GmbH operates as a full-service subscription service provider specializing in the distribution and management of magazines, newspapers, and digital media products. The company targets publishers seeking reliable subscription fulfillment, customer service, technology solutions, logistics, and direct marketing support. Their market position is that of an established and professional service provider within the German media distribution sector, offering modular CRM solutions such as KIMBA for both print and digital offerings. The website reflects a medium-sized enterprise with consistent branding and a clear focus on their core services.