Germany security reports

W

WeselMarketing GmbH

weselmarketing.de

69

WeselMarketing GmbH operates the official tourism and city marketing website for the city of Wesel, Germany. The website provides comprehensive information about cultural attractions, natural sites, events, travel planning, and local services aimed at tourists, visitors, and residents. The business is positioned as a key promoter of Wesel's tourism sector, leveraging digital channels to enhance visitor engagement and city branding. The site is well-structured, professionally designed, and offers multilingual support, reflecting a mature digital presence. Technically, the website is built on the Drupal CMS platform, utilizing modern web technologies including JavaScript libraries and Google Tag Manager for analytics and marketing. The site is mobile-optimized, accessible, and employs a robust cookie consent mechanism compliant with GDPR standards. Performance is moderate with good SEO and accessibility practices. From a security perspective, the site enforces HTTPS and uses session cookies appropriately. However, it lacks published security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced trust and compliance. No critical vulnerabilities or suspicious content were detected. Overall, the website demonstrates a strong business credibility and privacy compliance posture, with room for improvement in formal security documentation and incident readiness. The domain registration data aligns with the business location and sector, supporting legitimacy. Strategic recommendations include publishing security policies, adding vulnerability disclosure, and enhancing security headers to further strengthen the security posture.

W

WeselMarketing GmbH

wesel-tourismus.de

69

WeselTourismus.de is the official tourism website for the city of Wesel, Germany, managed by WeselMarketing GmbH. The site provides comprehensive information about local culture, nature, events, and travel planning, targeting tourists and local visitors. It features a professional design with clear navigation and multilingual support (German, English, Dutch). The website uses Drupal CMS and integrates Google Tag Manager for analytics and marketing purposes. Cookie consent mechanisms are implemented in compliance with GDPR. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Contact information is clearly provided, including phone, email, and physical addresses. No terms of service or explicit security policies were found. Overall, the site is trustworthy, well-maintained, and serves as a reliable resource for tourism in Wesel.

KRZN – Kommunales Rechenzentrum Niederrhein is a large, well-established municipal IT service provider in Germany, founded in 1971. It serves 46 local government administrations with over 18,000 IT workstations supported by more than 500 employees across two main locations. The organization offers a broad portfolio of IT solutions tailored for public sector needs, including web conferencing systems with official certifications. Technically, the website is built on Drupal CMS, hosted likely by Deutsche Telekom, and uses eTracker for analytics. The site is well-structured, mobile-optimized, and professionally designed, reflecting a mature digital presence. Security posture is solid with HTTPS and no evident vulnerabilities, though explicit security headers and incident response policies are absent. Privacy compliance is partially met with a comprehensive privacy policy but lacks a cookie consent mechanism. Overall, the domain registration data aligns well with the business profile, indicating high legitimacy and trustworthiness.

M

mecodia GmbH

mecodia.de

56

mecodia GmbH is a German-based software and educational agency specializing in software development, consulting, and digital education services. The company targets businesses and educational institutions seeking to leverage digital transformation and media competence. Their market position is that of a niche provider with a strong focus on practical digital solutions and educational media. The website reflects a professional and consistent brand image with clear service offerings and active engagement through a blog and social media channels. Technically, the site is built on WordPress using Elementor and Yoast SEO, indicating a modern and SEO-optimized infrastructure. Performance and mobile optimization are good, though accessibility could be improved. Security posture is solid with HTTPS enforced, but lacks explicit security headers and published security policies. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, mecodia GmbH presents a trustworthy and credible online presence with room for enhancement in security transparency and accessibility.

The website 'Kinderportal Schneverdingen' serves as a municipal children’s information portal for the town of Schneverdingen, Germany. It provides comprehensive information on leisure activities, sports, playgrounds, nature, and local government services targeted primarily at children and families. The site is positioned as a local government resource, offering public service content with a focus on community engagement and education. Technically, the website is built on the contentXXL Business CMS platform using ASP.NET Web Forms technology, with client-side libraries such as jQuery 2.1.1, Telerik UI components, and Google Maps API integration. The site demonstrates moderate performance and basic mobile optimization, with a clean and consistent design that supports good user experience and navigation clarity. From a security perspective, the site enforces HTTPS and uses standard form protections but lacks several modern security headers such as Content-Security-Policy and X-Frame-Options. The use of an outdated jQuery version introduces potential vulnerabilities. Privacy compliance is well addressed with a clear privacy policy, cookie consent mechanism, and GDPR adherence. However, no explicit security or incident response policies are published. Overall, the website is trustworthy and safe, with no adult or questionable content detected. It is suitable for its target audience and fulfills its role as a local government information portal. Strategic improvements in security headers, library updates, and enhanced mobile accessibility would further strengthen its posture.

M

Marktplatz Design und Software GmbH

marktplatz-agentur.de

61

Marktplatz Design und Software GmbH is a well-established German digital agency founded in 1999, specializing in innovative web and app development solutions. The company serves a diverse clientele including medium-sized businesses, institutions, and municipalities, offering a broad range of services from website creation and app development to corporate design and online marketing. Their portfolio includes proprietary digital products such as BIWAPP and KatS-Plan, positioning them as both a service provider and product innovator in the technology sector. Technically, the website leverages modern web technologies including Webflow CMS, Google reCAPTCHA for form security, Matomo for analytics, and GSAP for animations, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a high level of digital maturity. Security measures include HTTPS enforcement and GDPR-compliant cookie consent mechanisms, although explicit HTTP security headers are not detected. From a security perspective, the site demonstrates good practices with secure forms and privacy compliance, but lacks a published security policy or incident response contact, which could enhance trust and preparedness. The absence of WHOIS data limits domain registration trust verification, but the professional presentation and detailed business information mitigate concerns. Overall, the website presents a professional, trustworthy, and user-friendly digital presence with strong business credibility. Strategic recommendations include enhancing security headers, publishing a security policy, and improving WHOIS transparency to further strengthen trust and compliance.

The website sicher-melden.de serves as an informational landing page for a digital whistleblowing reporting platform operated by otris software AG. The platform enables anonymous reporting for companies via secure, cloud-based technology. The site targets corporate clients seeking compliant whistleblowing solutions and positions itself as a neutral authority in this niche. The business model is primarily B2B SaaS focused on compliance and risk management services. Technically, the site is simple and lightweight, built with standard HTML and CSS, and hosted behind Cloudflare DNS services which provide performance and security benefits. The site is mobile responsive and accessible at a basic level but lacks advanced SEO and accessibility features. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. From a security perspective, the site benefits from Cloudflare's infrastructure but lacks explicit security headers and published security or incident response policies. No forms or direct data collection occur on this page, reducing attack surface. Contact information is clearly provided, but cookie consent mechanisms and privacy policy details are minimal. Overall, the security posture is moderate but could be improved with enhanced headers and transparency. The overall risk is low given the nature of the site as an informational platform without direct user data collection. Strategic recommendations include implementing security headers, publishing detailed privacy and security policies, and adding cookie consent mechanisms to improve compliance and trust.

A

azubi.ms

azubi.ms

62

azubi.ms is a regional online apprenticeship job board focused on the Münsterland area in Germany, operated under the Zeitungsgruppe Münsterland media group. The platform offers categorized job listings, company profiles, and search filters tailored to young job seekers and students looking for vocational training opportunities. The website demonstrates a good level of digital maturity, employing modern JavaScript libraries and frameworks, and providing a responsive and accessible user experience. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Security posture is adequate with HTTPS enforced, though some common security headers are missing, which could be improved. The lack of WHOIS data raises concerns about domain registration legitimacy, but the professional presentation and association with a known media group mitigate some risk. Overall, the site is trustworthy and functional for its intended audience.

S

Soltau Therme

soltau-therme-online.de

69

Soltau Therme is a German regional wellness and leisure center offering a variety of services including sole baths, sauna, wellness treatments, swimming pools, and children's activities. The website reflects a well-structured and professionally maintained WordPress platform with modern plugins such as Yoast SEO, Events Manager, and Captcha EU, indicating a good level of digital maturity. The site is mobile optimized and provides clear navigation and relevant content for its target audience. Security posture is solid with HTTPS enforced and captcha protection on forms, although some security headers could be improved. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Business credibility is supported by clear contact information and social media presence. Overall, the website is trustworthy and suitable for its hospitality sector audience.

H

Heidekreis e-mobil

heidekreis-e-mobil.de

48

Heidekreis e-mobil is a regional electric mobility service provider in Germany, jointly operated by Stadtwerke Soltau and Stadtwerke Böhmetal. The company focuses on providing electric vehicle charging infrastructure, including wallbox sales and installation, a charging card with access to a broad European network, and services related to the THG-Quote for electric vehicle owners. The website is well-structured, professionally designed, and targets electric vehicle users in the Heidekreis region and beyond. Technically, the site uses Joomla CMS with modern front-end libraries and is hosted on AWS infrastructure, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS and CSRF protections but lacks explicit security headers and published security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and professional with room for improvement in security and privacy transparency.

B

Berufsverband der Mitarbeitenden im Pfarrbüro im Bistum Münster (BVMiP)

bvmip-muenster.de

58

The Berufsverband der Mitarbeitenden im Pfarrbüro im Bistum Münster (BVMiP) is a non-profit professional association dedicated to supporting church office staff within the Münster diocese. The website serves as an information hub for members, providing details about the board, professional roles, upcoming events, and training opportunities. Membership is free for eligible church office employees, emphasizing community and professional development. The association holds regular meetings and participates in national gatherings, highlighting its active role in the sector. Technically, the website is built on the Jimdo Creator CMS platform, leveraging Jimdo's hosting and static asset infrastructure. The site employs standard web technologies including JavaScript and CSS, with moderate performance and good mobile responsiveness. SEO and accessibility features are basic but functional. Cookie consent mechanisms are implemented, reflecting attention to privacy compliance. From a security perspective, the site uses HTTPS with good SSL configuration but lacks advanced security headers and explicit incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy and cookie policies are present and accessible, supporting GDPR compliance. The WHOIS data aligns with the hosting provider and domain purpose, indicating legitimacy. Overall, the website is a trustworthy, well-maintained resource for its niche audience, with room for improvement in security hardening and expanded contact information to enhance trust and compliance.

B

Bistum Münster

stellenmarkt-bistum-muenster.de

43

The website 'Kirchentalente' serves as the official job market platform for the Diocese of Münster, Germany. It provides a specialized employment portal focusing on church-related and social sector jobs within the Münster region. The platform offers job listings, search and filtering capabilities, and employer information, targeting job seekers interested in meaningful roles within the Catholic Church and affiliated organizations. The business model is non-profit and community-focused, supporting recruitment efforts for the Diocese and its partners. Technically, the site is built on the TYPO3 CMS platform, leveraging modern web technologies including JavaScript, CSS, and FontAwesome icons. It integrates Matomo analytics for visitor tracking and CCM19 for cookie consent management, demonstrating a commitment to privacy compliance. The site is hosted on servers indicated by the nameservers, likely associated with Your-Server.de and related providers. Performance and mobile optimization are good, with a clear navigation structure and professional design. From a security perspective, the website enforces HTTPS and includes a cookie consent mechanism aligned with GDPR requirements. While no explicit security headers were detected in the HTML, the site shows no signs of exposed sensitive data or vulnerable libraries. However, there is room for improvement by implementing additional security headers and publishing a security policy or incident response contact. No vulnerability disclosure or security.txt file was found. Overall, the website is trustworthy, professional, and well-aligned with its mission. It maintains good privacy practices and provides clear contact information. The domain registration is consistent with the Diocese of Münster, enhancing legitimacy. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility features to further strengthen the site's security posture and compliance.

D

Dialog Medien Publicity GmbH

kirche-und-leben.de

43

Kirche-und-Leben.de is a German-language Catholic online magazine operated by Dialog Medien Publicity GmbH, based in Münster, Germany. The site provides news, cultural insights, and religious content focused on the Catholic Church in Germany, the Vatican, and worldwide. It targets German-speaking Catholics and interested readers, offering subscription services, newsletters, and e-paper access. The website maintains a professional and consistent brand image with good content quality and clear navigation.

B

Bistum Münster

kirchentalente.de

43

The website 'Kirchentalente' serves as the official job market portal for the Diocese of Münster, Germany. It provides a platform for job seekers to find employment opportunities primarily within church-related and social service sectors in the Münster region. The site is professionally designed and maintained, leveraging TYPO3 CMS and modern web technologies. It offers categorized job listings, search by location, and additional career-related content, targeting individuals interested in meaningful employment within the Catholic Church community. The platform is positioned as a regional niche service with strong ties to its parent organization, the Diocese of Münster. Technically, the website employs a mature infrastructure with TYPO3 CMS, JavaScript, CSS, and FontAwesome for UI elements. It integrates Matomo Analytics for visitor tracking and CCM19 for cookie consent management, reflecting compliance with GDPR requirements. The site is mobile-optimized and demonstrates good SEO practices, although accessibility features could be enhanced. Hosting appears stable with dedicated nameservers. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms. While explicit security headers like Content-Security-Policy are not evident, no critical vulnerabilities or exposed sensitive data were detected. The absence of a published security policy or incident response contact is noted but not uncommon for this type of non-profit organizational site. Overall, the security posture is solid but could benefit from additional hardening. The overall risk assessment is low, with the site demonstrating high trustworthiness, GDPR compliance, and professional content quality. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility. The site is suitable for its intended audience and business purpose, with no indications of malicious or inappropriate content.

C

Centro – Psychologische Begleitung für Menschen im Dienst der Kirche

centro-muenster.de

52

Centro – Psychologische Begleitung für Menschen im Dienst der Kirche is a small non-profit organization based in Münster, Germany, providing psychological and spiritual support services specifically tailored for church personnel and those preparing for church-related roles. Their offerings include psychological status assessments, potential analyses, and long-term accompaniment integrating spiritual dimensions. The website is built on WordPress and uses common plugins such as Jetpack and MonsterInsights, though some plugins like Google Analytics are not fully configured. The site is accessible, mobile-optimized, and presents content professionally with clear contact information. Security posture is adequate with HTTPS enabled but lacks some security headers and formal privacy or cookie policies, indicating room for compliance improvement. No forms or social media links are present, and the site does not engage in advertising beyond Jetpack stats tracking.

SWING e.V. is a well-established non-profit student association at TU Ilmenau, Germany, focused on fostering academic and professional development of students through career fairs, workshops, and networking events. The website reflects a clear mission to support students' transition into the workforce and maintain strong ties with university and industry partners. Technically, the site is built on GravCMS with the Gantry5 framework and uses jQuery, providing a moderate performance and good mobile optimization. However, the site lacks advanced security headers and explicit incident response policies, which could be improved to enhance security posture. Privacy compliance is partially addressed with a privacy policy present, but cookie consent mechanisms are missing. Overall, the site is professional and trustworthy but could benefit from enhanced security and privacy features.

S

SWING e.V.

karriereforum-mitteldeutschland.de

44

inovailmenau is a well-established, student-organized career forum affiliated with TU Ilmenau and operated by the non-profit SWING e.V. The website effectively communicates its mission to connect students with potential employers through career fairs, workshops, and presentations. Technically, the site is built on WordPress with a modern tech stack including jQuery, Ecwid for e-commerce, and AWS Cloudfront CDN, ensuring moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and no obvious vulnerabilities, though improvements in security headers and incident response transparency are recommended. Privacy compliance is basic with a privacy policy present but lacking a cookie consent mechanism. Overall, the site is trustworthy, professional, and serves its educational and networking purpose well.

The website metallbau-buethe.de currently displays only a maintenance placeholder message in German, indicating the site is under construction or being updated. There is no substantive content, metadata, or business information available on the site. The domain WHOIS data shows standard name servers but lacks registrant details, limiting full trust verification. The technical infrastructure cannot be fully assessed due to minimal content and lack of visible technologies or security configurations. Security posture is weak with no HTTPS or security headers detected, and no privacy or cookie policies are present, indicating non-compliance with GDPR requirements. Overall, the website is low in digital maturity and business credibility, with significant room for improvement in content, security, and compliance.

N

NewDefinition GmbH

nd-alumni.de

51

NewDefinition GmbH operates NDAlumni, a comprehensive alumni management system tailored for universities, alumni associations, and companies primarily in German-speaking countries. The platform offers an integrated SaaS solution covering website CMS, communication, community engagement, event and member management, and financial processing. The company positions itself as a customer-focused provider with transparent pricing and strong service support, targeting small to medium-sized alumni organizations. Technically, the website is well-structured, mobile-optimized, and uses modern web technologies with ISO-certified hosting and SSL encryption. Security practices align with GDPR and German data protection laws, though some improvements in security headers and cookie consent are recommended. Overall, the website is professional, trustworthy, and content-rich, supporting a strong market presence in the alumni management niche.

Z

Zukunftsregion JadeBay

zukunftsregion-jadebay.de

48

Zukunftsregion JadeBay is a regional government-backed initiative focused on fostering sustainable development, innovation, and digital transformation within the JadeBay region in Niedersachsen, Germany. The website serves as an informational platform highlighting funding opportunities, projects, news, and partnerships with local counties. The technical infrastructure leverages modern frontend technologies such as Alpine.js, GSAP, Swiper.js, and Font Awesome, hosted via Schlund Technologies. The site is mobile-optimized and presents a professional design with clear navigation. Security posture is adequate with HTTPS and a Content-Security-Policy header, though additional security headers and policies could enhance protection. Privacy compliance is limited, with no visible privacy or cookie policies, which is a notable gap. Overall, the site is trustworthy and serves its public sector mission effectively.

P

PICO

pico-interactive.com

62

PICO is a leading virtual reality company specializing in all-in-one VR headsets and immersive interactive experiences. Founded in 2015, PICO has established a strong market presence, particularly in China and globally, offering a range of consumer and enterprise VR products. Their business model includes hardware sales, software platforms, developer support, and community engagement, targeting both end consumers and enterprise clients. The website reflects a mature digital presence with comprehensive product information, localized content, and active marketing efforts. Technically, the website is built on modern frameworks such as React and leverages advanced analytics and marketing tools including Google Analytics, TikTok Pixel, and Facebook Pixel. The hosting infrastructure appears to be managed by ByteDance-related services, ensuring fast performance and good mobile optimization. SEO and accessibility practices are well implemented, contributing to a positive user experience. From a security perspective, the site enforces HTTPS, employs standard security headers, and integrates cookie consent mechanisms aligned with GDPR requirements. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS domain registration data raises concerns about domain legitimacy and registration transparency, which should be further investigated. Overall, PICO's website demonstrates a high level of professionalism, security, and privacy compliance, supporting its position as a reputable VR technology provider. Strategic recommendations include enhancing transparency around security policies, incident response, and vulnerability disclosure to further strengthen trust and compliance.

L

LINET Services GmbH

linet-services.de

48

LINET Services GmbH is a regional IT system house based in Braunschweig, Germany, with over 20 years of experience providing IT solutions primarily to small and medium-sized enterprises, educational institutions, and compliance-focused organizations. Their services include IT infrastructure support, digital education solutions, and GDPR compliance consulting. The website is built on WordPress using modern plugins and themes, hosted by hosting.de, and demonstrates good digital maturity with mobile optimization and a cookie consent mechanism in place. Security posture is solid with HTTPS enforced and standard security headers present, though there is room for improvement in publishing explicit security policies and incident response information. Overall, the website is professional, trustworthy, and compliant with GDPR requirements.

C

Computer Leipzig GmbH

computer-leipzig.de

54

Computer Leipzig GmbH is a small, established IT service provider based in Leipzig, Germany, specializing in business software, IT consulting, managed services, and infrastructure solutions. Since 1999, it has supported over 200 companies and public clients with tailored IT solutions, focusing on ERP systems, e-commerce, and digital transformation. The company emphasizes privacy and open-source software, catering primarily to SMEs and public sector organizations in Leipzig and beyond. Technically, the website is built on WordPress with standard plugins such as jQuery and a cookie consent manager, offering good mobile optimization, accessibility, and SEO practices. The site is served over HTTPS with a cookie consent mechanism, but lacks some advanced security headers and explicit incident response policies. Security posture is solid with no visible vulnerabilities or exposed sensitive data, but the absence of WHOIS data and domain registration inconsistencies reduce overall trustworthiness. Privacy compliance is strong with comprehensive policies and consent mechanisms in place. Overall, the website presents a professional and trustworthy image with room for improvement in domain registration transparency and security header implementation. Strategic recommendations include verifying domain registration, enhancing security headers, and publishing incident response information.

S

sofatutor GmbH

sofatutor.com

70

sofatutor.com is a well-established German online learning platform offering a comprehensive suite of educational resources including thousands of videos, exercises, vocabulary trainers, worksheets, and a homework chat service staffed by qualified teachers. The platform targets students from grades 1 through 13, providing engaging and interactive learning experiences designed to improve academic performance. The business model is subscription-based with a free trial period, supported by strong trust signals such as multiple awards and high user ratings. Technically, the site employs modern web technologies including Ruby on Rails, video.js, and various analytics and marketing tools, all integrated with user consent mechanisms to comply with privacy regulations. Security posture is strong with HTTPS, CSRF protection, and script integrity checks, though explicit security policies and incident response information are not publicly disclosed. Overall, the site demonstrates a high level of professionalism, usability, and compliance, though the absence of WHOIS data slightly reduces transparency.

E

EGroupware

egroupware.org

64

EGroupware is a German-based software company specializing in online collaboration and groupware solutions. Their offerings include a comprehensive suite of business applications such as calendar, contacts, tasks, project management, timesheets, and e-invoicing. The company targets businesses and organizations seeking efficient collaboration tools, providing both SaaS and on-premises deployment options. The website reflects a mature market position with a focus on privacy and German hosting standards. Technically, the website is built on WordPress with modern plugins and frameworks, ensuring good performance, mobile responsiveness, and SEO optimization. The use of Borlabs Cookie for consent management and WPML for multilingual support indicates a commitment to privacy and international reach. The site employs HTTPS with strong security headers, contributing to a robust security posture. Security-wise, while the site demonstrates good practices such as HTTPS enforcement and cookie consent, it lacks a publicly visible security policy or incident response information. No vulnerabilities or exposed sensitive data were detected. The domain WHOIS data is privacy protected, which is typical for this business type and does not detract from legitimacy. Overall, EGroupware presents a professional, trustworthy, and secure online presence suitable for its business model. Strategic improvements could include publishing a dedicated security policy and incident response contacts to enhance transparency and trust.

D

Dr. Josef Raabe Verlags-GmbH

raabe.de

11

Dr. Josef Raabe Verlags-GmbH operates a comprehensive educational publishing platform focused on providing teaching materials, school management software, and professional development services primarily for German-speaking schools. The company has evolved from a traditional publisher to a modern media enterprise offering both analog and digital solutions tailored to educators, school leaders, and school authorities. Their market position is strong within the education sector, supported by a broad portfolio including RAAbits digital teaching materials and EduPage school management software. Technically, the website leverages modern frameworks such as Next.js and React, ensuring fast performance, mobile responsiveness, and good SEO practices. The integration of Usercentrics for GDPR-compliant consent management demonstrates a mature approach to privacy. Security posture is solid with HTTPS enforced and secure form handling, though explicit security policies and incident response contacts are not publicly detailed. Overall, the site is professional, trustworthy, and well-aligned with its business objectives.

M

MWAY DIGITAL GmbH

relution.io

10

Relution.io is the online presence of MWAY DIGITAL GmbH, offering privacy-compliant and platform-independent Unified Endpoint Management (UEM) and Mobile Device Management (MDM) software targeted at school authorities, public administrations, and enterprises. The website is professionally designed using modern web technologies such as Gatsby and React, hosted likely on AWS infrastructure, and incorporates standard analytics and cookie consent mechanisms. Security posture is strong with HTTPS, security headers, and reCAPTCHA integration, though explicit privacy and security policies are not found in the provided content. The domain registration data is consistent with the business claims, indicating a legitimate and established company founded in 2012. Overall, the website demonstrates good technical maturity and business credibility but would benefit from enhanced privacy and contact transparency.

T

Thomas-Krenn.AG

thomas-krenn.com

52

Thomas-Krenn.AG is a European-based technology company specializing in customized server and IT system solutions for professional applications. The company offers a wide range of products including rack servers, tower systems, workstations, industrial systems, and storage solutions, targeting businesses and IT professionals. Their business model focuses on B2B e-commerce combined with personalized consulting and support services, positioning them as a trusted provider in the server hardware market. The website reflects a mature digital presence with comprehensive product information, clear navigation, and professional design. Technically, the website employs modern web technologies such as Handlebars.js for templating, SwiperJS for sliders, and Salesforce Live Agent for live chat support. The site is mobile-optimized, accessible, and SEO-friendly, indicating a well-maintained technical infrastructure. Security measures include HTTPS enforcement, CSRF tokens in forms, and inferred security headers, contributing to a strong security posture. However, explicit security policies and incident response information are not published, representing an area for improvement. The WHOIS data is notably absent or inaccessible, which raises some concerns about domain registration transparency. Despite this, the website's professional content, detailed legal pages, and active customer support channels suggest legitimate business operations. No WAF or blocking mechanisms were detected, and the site is fully accessible. Overall, Thomas-Krenn.AG demonstrates a solid business and technical foundation with good security practices. Strategic recommendations include publishing explicit security and incident response policies, implementing a vulnerability disclosure program, and improving domain registration transparency to enhance trust and compliance.

S

STACKIT

stackit.de

67

STACKIT is a German cloud service provider offering enterprise-grade cloud infrastructure, colocation, and managed solutions with a strong emphasis on data sovereignty, EU compliance, and stability. The company targets businesses within Germany and the EU, providing tailored cloud services including consulting and user awareness training. Their market position is that of a trusted German cloud alternative, supported by ISO 27001 certification and GDPR compliance. Technically, the website is built on WordPress with modern SEO and privacy tools such as OneTrust and Google Tag Manager, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforcement, security headers, and privacy-by-default cookie settings, though explicit security policies and incident response contacts are not publicly detailed. Overall, the website is professional, accessible, and trustworthy, with no signs of blocking or malicious content.

I

ista SE

ista.com

65

ista SE is a leading energy service provider specializing in solutions that increase energy efficiency in buildings. The company offers digital products and services that help reduce CO2 emissions and make buildings safer and more comfortable. With over 6,300 employees across 20 countries and a customer base exceeding 460,000, ista SE holds a strong market position in the energy sector. Their 2024 sales reached EUR 1,220 million, reflecting a significant footprint in the industry. The website demonstrates a mature digital presence built on TYPO3 CMS, integrating modern technologies such as Google Tag Manager and Usercentrics for consent management. The site is well-optimized for mobile and accessibility, with clear navigation and professional design. Security posture is solid with HTTPS enforced and privacy compliance mechanisms in place, though some security headers are not explicitly detected. The absence of WHOIS registration data is a notable anomaly but does not detract from the overall legitimacy indicated by the corporate content and executive profiles. Strategic recommendations include enhancing security headers, publishing a security.txt file, and providing explicit incident response contacts to further strengthen trust and compliance.

S

Schüttflix Group

schuettflix.com

64

Schüttflix Group operates a comprehensive digital platform focused on sustainable logistics and circular economy solutions for the construction sector in Germany. The platform connects construction companies, material suppliers, waste disposal services, and transport providers to streamline ordering, transport, and disposal processes digitally. The company positions itself as Europe's largest platform for circular economy in construction, emphasizing sustainability and efficiency. Technically, the website is built on modern frameworks such as Next.js and React, with mobile optimization and fast performance. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response details are not published. Privacy compliance is partially addressed with a cookie consent mechanism but lacks a visible privacy policy. WHOIS data is missing, raising some legitimacy concerns, but the professional website content and business focus mitigate this risk. Overall, the site demonstrates a mature digital presence with room for improvement in transparency and compliance documentation.

V

Verbund der Öffentlichen Bibliotheken Berlins

voebb.de

61

The Verbund der Öffentlichen Bibliotheken Berlins (VÖBB) operates as the central public library network in Berlin, providing access to over 80 libraries including mobile and school libraries, alongside extensive digital offerings. The website serves as a portal for catalog search, event information, and user account management, targeting Berlin residents and library users. The business model is public service funded primarily through membership fees and public funding, positioning VÖBB as a key cultural and educational institution in the region. Technically, the site is built on a custom aDIS library management system with JavaScript and CSS, hosted likely by Berlin city administration infrastructure. The site is well-structured, mobile-optimized, and accessible, with professional design and clear navigation. Security posture is solid with HTTPS enforced and session management features, though it lacks some modern security headers and explicit incident response policies. Privacy compliance is good with a comprehensive privacy policy, but no visible cookie consent mechanism is present. Overall, the site is trustworthy, professional, and serves its public mission effectively.

I

iwa

iwa.info

72

IWA OutdoorClassics is a globally recognized trade exhibition specializing in the hunting, target sports, and outdoor industry. The event serves as a premier platform for manufacturers, retailers, distributors, and media to showcase new products, network, and explore market trends. The website reflects a professional and well-structured digital presence, emphasizing event details, exhibitor information, and industry insights. Technically, the site leverages modern web technologies including React and Next.js, hosted likely on infrastructure associated with NürnbergMesse GmbH, the event organizer. Security posture is strong with HTTPS enforcement, security headers, and GDPR-compliant cookie consent mechanisms. However, the absence of a public security policy or incident response contact is noted. Overall, the site is trustworthy, well-maintained, and serves its business purpose effectively.

P

PAN Veranstaltungslogistik und Kulturgastronomie GmbH

filmnaechte.de

47

Filmnächte is Germany's largest open-air cinema and concert festival, organized by PAN Veranstaltungslogistik und Kulturgastronomie GmbH. The website promotes events across seven locations with over 200 events, targeting a broad audience interested in cultural and entertainment activities. The business model centers on event organization, ticket sales, and partnerships. The site is professionally designed with consistent branding and clear navigation, reflecting a mature digital presence.

F

Friedel & Gisela Bohnenkamp-Stiftung

bohnenkamp-stiftung.de

48

The Friedel & Gisela Bohnenkamp-Stiftung is a regional non-profit foundation based in Germany focused on supporting and developing educational projects primarily in the Osnabrück area. Their website presents a professional and well-structured digital presence built on TYPO3 CMS, featuring clear information about their mission, projects, and contact details. The foundation emphasizes sustainable and innovative educational initiatives targeting children and youth, reflecting a strong community and regional engagement. Technically, the site is modern, mobile-optimized, and uses HTTPS, but lacks some advanced security headers and cookie consent mechanisms. Security posture is solid but could be improved with formal policies and disclosures. Overall, the website is trustworthy, informative, and serves its audience effectively.

K

Kodak Alaris Deutschland

kodakmoments.com

66

Kodak Moments Germany operates as a retail photo printing and personalized photo product service, leveraging the Kodak brand under license. The website offers a variety of photo products including photo books, canvases, magnets, and greeting cards, with a focus on instant print kiosks for immediate customer pickup. The company targets general consumers interested in preserving memories through physical photo products. Technically, the website is built on Drupal 11, uses modern JavaScript libraries such as jQuery and lazysizes for lazy loading images, and integrates OneTrust for cookie consent management. The site is mobile optimized and accessible, with good SEO practices and a professional design. Security posture is solid with HTTPS enforced and cookie consent implemented, though security headers could be improved and no explicit security policy or incident response contacts are published. WHOIS data confirms domain legitimacy and alignment with Kodak brand infrastructure. Overall, the site presents a trustworthy and professional digital presence with moderate to good security and privacy compliance.

Zamek Horakov is a small-scale website focused on martial arts and cultural content related to the Zámek Hořákov site. The site provides information about the dojo, history, spirit, and magnetokinesis, targeting enthusiasts and local visitors interested in martial arts. The website is hosted on Deutsche Telekom's homepage designer platform and uses older JavaScript libraries, indicating a modest technical infrastructure. The site lacks comprehensive privacy and security policies, and no contact information is provided, which limits its business credibility and compliance posture. Technically, the site uses cm4all widgets, jQuery 1.7, Prototype 1.7.3, and Font Awesome 4, with moderate performance and basic mobile optimization. Security posture is weak due to missing security headers and outdated libraries. Overall, the site is functional but requires improvements in privacy compliance, security best practices, and business transparency to enhance trust and professionalism.

W

WHISKYTEMPEL

whiskytempel.de

47

WHISKYTEMPEL is a specialized German e-commerce retailer focusing on rare and premium spirits including whisky, rum, cognac, and armagnac. The website targets collectors and connoisseurs seeking limited edition and rare bottles from regions such as Japan, Scotland, and the Caribbean. The business operates a niche online store with international shipping capabilities, catering to a mature audience interested in fine spirits. Technically, the website uses modern frontend technologies including Bootstrap 5 and jQuery 3.7.1, with a custom or proprietary e-commerce backend. The site is mobile optimized and SEO friendly, with proper meta tags and structured data for breadcrumbs and search actions. Hosting is provided via rzone.de nameservers, indicating a professional hosting environment. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data in the HTML. However, it lacks visible security headers and formal privacy or cookie policies, which are important for GDPR compliance and user trust. No incident response or vulnerability disclosure information is present. Contact information is not clearly provided, which may impact customer trust and compliance. Overall, WHISKYTEMPEL presents a professional and niche e-commerce platform with good technical foundations but requires improvements in privacy compliance, security headers, and contact transparency to enhance trust and regulatory adherence.

Z

ZMK Kassel

zmk-kassel.com

57

ZMK Kassel is a modern dental practice located in Kassel, Germany, offering a wide range of dental services including implantology, prophylaxis, endodontics, and aesthetic dentistry. The website presents a professional image with detailed service descriptions and emphasizes prevention and high-quality care. The business targets patients in the Kassel region and operates multiple specialized departments with over 40 years of combined experience. Technically, the website is built on WordPress using WPBakery Page Builder, hosted by Hetzner Online GmbH, and employs modern web technologies including HTTPS and Google Fonts. The site is mobile optimized and SEO friendly with structured data implemented. Security posture is good with HTTPS and cookie consent mechanisms in place, though some security headers and DNSSEC are missing. Privacy compliance is partial due to the absence of a visible privacy policy page. Overall, the website is trustworthy and professional, with minor improvements recommended in privacy and security disclosures.

L

Linklaters

linklaters.de

67

Linklaters is a global law firm focused on providing legal certainty in a changing world, targeting corporate clients and legal professionals. The website reflects a professional and consistent brand image with good content quality and user experience. Technically, the site uses modern JavaScript libraries and tracking tools such as Google Tag Manager and Cookiebot, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS implied, but lacks explicit security headers and published security policies. Privacy compliance is partially addressed through cookie consent mechanisms, but no privacy policy or terms of service were detected in the provided content. Overall, the site is legitimate and trustworthy, aligned with the Linklaters brand and German market presence.

Hostel-Home is a modern hostel located in Frankfurt am Main, Germany, operated by NAmedia GmbH. It offers a variety of accommodation options including sleeping capsules and rooms, targeting students, business travelers, and tourists. The website is built on TYPO3 CMS and features digital check-in/out and cashless payment options, reflecting a modern and user-friendly approach. The site links to trusted external domains for booking and local information, enhancing user experience. Security posture is good with HTTPS and some security best practices, though explicit security policies and incident response contacts are missing. Privacy compliance is partial due to lack of explicit privacy and terms of service pages. Overall, the website is professional, trustworthy, and well-positioned in the hospitality sector.

Wohnraum gesucht is a German regional initiative focused on addressing the critical shortage of affordable student housing in the Rhein-Main area. Supported by multiple universities and city administrations, the platform facilitates the connection between citizens offering private housing and students seeking accommodation. The website is built on TYPO3 CMS and employs modern web technologies including Matomo analytics with a GDPR-compliant cookie consent mechanism. The content is well-structured, professionally presented, and targeted primarily at students and local citizens. Security practices include HTTPS enforcement and cookie consent management, though explicit security policies and incident response contacts are not published. Overall, the website demonstrates a solid technical infrastructure and a trustworthy business model with a focus on education and non-profit service.

S

Studierendenwerk Frankfurt am Main

swffm.de

47

Studierendenwerk Frankfurt am Main is a regional non-profit organization dedicated to supporting students in the Rhein-Main area through housing, dining, financial aid, and counseling services. The website reflects a mature digital presence with a well-structured content offering and clear navigation tailored to its student audience. Technically, the site is built on TYPO3 CMS with Bootstrap, ensuring responsive design and moderate performance. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Privacy compliance is strong, with a comprehensive privacy policy and GDPR-aligned cookie consent. Overall, the domain and WHOIS data align well with the business claims, indicating legitimacy and trustworthiness.

C

CAMPUSERVICE GmbH

campuservice.de

63

CAMPUSERVICE GmbH is a professional service subsidiary of Goethe-Universität Frankfurt am Main, providing a broad range of services including event management, advertising, career services, academy training, campus shop operations, and administrative support. The website reflects a well-structured and professionally designed portal targeting students, university staff, companies, and regional partners. The business model focuses on supporting university-related activities and fostering collaboration with external stakeholders. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and Colibri Page Builder, ensuring good SEO and mobile responsiveness. Security posture is solid with HTTPS enabled and cookie consent implemented, though explicit security policies and incident response contacts are not published. Overall, the domain registration and WHOIS data align well with the university affiliation, indicating legitimacy and trustworthiness.

X

xmental – Digitale Lösungen

xmental.de

46

xmental – Digitale Lösungen is a specialized TYPO3 agency based in Berlin, Germany, with a strong focus on creating barrier-free, accessible websites primarily for clients in the cultural, educational, and societal sectors. Established since 2001, the company positions itself as a reliable and experienced partner for TYPO3 web projects, emphasizing compliance with upcoming accessibility laws and standards. Their key services include consulting, design, TYPO3 development, digital accessibility, and ongoing support. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website is built on TYPO3 CMS and leverages modern web technologies such as HTML5, CSS3, Bootstrap, and jQuery. It is hosted on servers indicated by the agenturserver nameservers and uses Matomo for privacy-conscious analytics. The site is mobile-optimized and demonstrates good SEO and accessibility practices, including a cookie consent mechanism and detailed privacy policy. From a security perspective, the site uses HTTPS with a good SSL configuration and implements cookie consent for compliance. However, it lacks explicit security headers and a published security or incident response policy. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent with the business claims, showing a domain age that matches the company's stated history, enhancing trustworthiness. Overall, the website presents a low-risk profile with strong business credibility and compliance posture. Strategic recommendations include enhancing security headers, publishing a security policy, and adding a vulnerability disclosure mechanism to further strengthen security and trust.

O

Open-Access-Tage: Open Access Days

open-access-days.de

56

The Open-Access-Tage website serves as the central hub for the annual Open Access and Open Science conference in the German-speaking region. It provides comprehensive information about the event, including past conference documentation and resources for interested hosting institutions. The site targets academic and research institutions and individuals engaged in Open Access initiatives. Technically, the website is built on TYPO3 CMS, uses modern JavaScript libraries like jQuery, and is hosted on a reputable academic hosting provider (GWDG). The site demonstrates good mobile optimization and SEO practices, though accessibility features are basic. Security posture is solid with HTTPS enforced and no exposed sensitive data, but could be improved by adding security headers and a vulnerability disclosure policy. Privacy compliance is adequate with a clear privacy policy, but lacks a cookie consent mechanism. Overall, the website is professional, trustworthy, and well-aligned with its non-profit educational mission.

F

Freiwillige Feuerwehr Höchstadt

feuerwehr-hoechstadt.de

45

The website represents the Freiwillige Feuerwehr Höchstadt, a volunteer fire department in Höchstadt, Germany, providing community emergency services and information about their operations, equipment, and events. The site targets local residents and volunteers, serving as an informational portal for the fire department and its associated club. Technically, the site is built on WordPress using the Astra theme and Elementor page builder, with several plugins supporting organizational charts, event calendars, and social media feeds. The hosting appears to be provided by a German hosting provider (1&1 IONOS), consistent with the local focus. Security posture is moderate with HTTPS enabled and no visible sensitive data exposure, but lacks advanced security headers and explicit security policies. Privacy compliance is partial, with a cookie consent mechanism present but no dedicated privacy policy or terms of service pages found. Overall, the site is safe, professional, and well-structured but could improve in privacy and security documentation to enhance trust and compliance.

L

Landratsamt Erlangen-Höchstadt

erlangen-hoechstadt.de

62

Landratsamt Erlangen-Höchstadt operates as the official government portal for the Erlangen-Höchstadt district in Germany, providing a wide range of public services including citizen services, vehicle registration, driver's license processing, and immigration services. The website targets local residents and offers comprehensive information and digital services such as online appointment booking and digital applications. The site is well-positioned as a regional government authority with a medium organizational size and a focus on public administration.

Fortuna Kulturfabrik is a local government cultural institution based in Höchstadt, Germany, providing a broad range of cultural, educational, and youth services including event hosting, a youth center, city library, music school, and adult education via VHS. The website serves as a community portal targeting local residents, families, and youth, emphasizing cultural engagement and education. The institution holds a stable market position as a key cultural hub in the region. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and demonstrates good mobile optimization, accessibility, and SEO practices. Security posture is adequate with HTTPS and cookie consent mechanisms, though lacks advanced security headers and published incident response policies. Overall, the site is professional, trustworthy, and compliant with GDPR, but could improve in security transparency and vulnerability disclosure. The domain WHOIS data aligns with the website's public identity, supporting legitimacy.

W

Wirtschaftsförderungs-GmbH für Stadt und Landkreis Lüneburg

wirtschaft-lueneburg.de

51

Wirtschaftsförderungs-GmbH für Stadt und Landkreis Lüneburg is a regional economic development agency focused on supporting business establishment, innovation, growth, and sustainable transformation in the Lüneburg region of Germany. The organization offers comprehensive services including startup support, innovation funding, location consulting, and talent development, positioning itself as a key facilitator for regional economic success. The website reflects a professional and well-structured digital presence, leveraging modern web technologies and a CMS platform (Neos) to deliver content effectively. It integrates cookie consent mechanisms and GDPR-compliant privacy policies, demonstrating attention to privacy and regulatory compliance. Security posture is solid with HTTPS enforced and no visible vulnerabilities, although formal security policies and incident response contacts are not published. Overall, the site is trustworthy, well-branded, and aligned with its governmental and regional development mission.