Security Directory

D

DIE KÄSEMACHER GmbH

kaesemacher.at

23

Die Käsemacher GmbH is a small Austrian specialty food manufacturer focused on producing high-quality cheese and antipasti products using traditional methods and sustainable milk production. The company operates a well-structured website with a comprehensive product catalog and an online shop subdomain, targeting both end consumers and B2B partners. Technically, the website is built on the concrete5 CMS platform and uses modern JavaScript libraries to enhance user experience and mobile responsiveness. However, the absence of HTTPS is a critical security flaw that significantly impacts the site's security posture. While cookie consent mechanisms and privacy policy references exist, formal security policies and incident response contacts are not found. Overall, the site demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and build trust.

I

illwerke vkw AG

illwerkevkw.at

40

illwerke vkw AG is a well-established energy company based in Austria, specializing in renewable energy production including hydropower, wind, and photovoltaic sources, as well as energy trading and supply. The company has a strong regional presence in Vorarlberg and operates several subsidiaries in related sectors such as energy networks and tourism. The website reflects a professional and consistent brand image with comprehensive business information and active social media engagement. Technically, the site uses modern JavaScript libraries and frameworks, including Bootstrap and jQuery, and integrates Google Tag Manager and Usercentrics for analytics and consent management. However, the lack of a valid SSL certificate and HTTPS support is a significant security shortfall, impacting the overall security posture and user trust. Privacy policies and cookie consent mechanisms are well implemented, indicating good compliance with GDPR requirements. Overall, the website is informative and user-friendly but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

Weatherford's PetroVisor website presents a mature and comprehensive SaaS platform focused on unifying data and analytics for the energy sector, specifically oil and gas production optimization. The platform integrates AI/ML capabilities and offers multiple modules addressing production, artificial lift, completion optimization, ESG, and enhanced oil recovery. The website is professionally designed, content-rich, and targets enterprise-level energy industry professionals. Technically, the site uses a modern tech stack including Kentico CMS, jQuery, and various analytics and marketing tools. However, a critical security gap exists as the site lacks a valid SSL certificate and does not serve content over HTTPS, exposing users to potential risks. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security incident response or vulnerability disclosure information is found. Overall, the domain registration data supports the legitimacy and maturity of the business. Strategic security improvements are necessary to enhance trust and protect user data.

P

PXP Financial

pxpfinancial.com

40

PXP Financial is a UK-based payment technology company offering a unified commerce platform that simplifies global payments and commerce operations. The company targets a broad range of industries including retail, hospitality, gaming, and travel, providing services such as point of sale, eCommerce, acquiring, and cross-border payments. Their platform emphasizes intelligent payment routing, real-time business intelligence, and self-service capabilities, positioning them as a modern and innovative player in the payment solutions market. Technically, the website is built on HubSpot CMS with integrations of popular marketing and analytics tools such as Google Analytics, Hotjar, and Cookiebot for privacy compliance. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which is a critical issue for a financial services provider. The domain registration is consistent and mature, registered with a reputable UK registrar, and the business is FCA authorized, enhancing credibility. Overall, the website is professional and content-rich but requires urgent improvements in SSL/TLS security to meet industry standards and protect user data.

Ö

Österreichische Gesundheitskasse

ooegkk.at

40

The Österreichische Gesundheitskasse (ÖGK) operates as a major public health insurance provider in Austria, delivering comprehensive health insurance services and support to insured individuals, employers, and contract partners. The website serves as an official portal offering information, appointment scheduling, customer service, and career opportunities, targeting Austrian residents and stakeholders in the healthcare sector. The digital presence is supported by a modern technology stack including Apache, Jakarta Faces, and jQuery, managed via a Gentics CMS platform, and hosted within the Austrian social insurance infrastructure. Despite a professional and content-rich website, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. The site implements a strong Content Security Policy and cookie consent mechanisms, reflecting good privacy compliance, but the lack of HTTPS and TLS protocols is a critical vulnerability. Social media integration and clear contact information enhance trust and user engagement. Overall, the website is functional and credible but requires urgent security improvements to protect user data and comply with modern standards.

W

Werner Mertz Professional

wmprof.com

31

Werner Mertz Professional is a medium-sized manufacturing company specializing in high-performance hygiene solutions for professional cleaning markets. With over 50 years of history and a strong commitment to sustainability, the company operates under well-known brands such as Green Care Professional and Tana Professional. The website reflects a mature digital presence with comprehensive content, professional design, and strong SEO practices. However, the lack of a valid SSL certificate and proper HTTPS configuration represents a significant security risk that undermines user trust and data protection. The company has implemented cookie consent mechanisms and privacy policies compliant with GDPR, indicating awareness of privacy regulations. Overall, the business is credible and well-positioned in its sector but must urgently address its security posture to meet modern standards.

R

rmDATA GmbH

rmdatagroup.com

27

rmDATA GmbH is a well-established technology company specializing in intelligent software and customized services for geomatics, surveying, information systems, data management, and reality capturing. With a history spanning over 40 years, rmDATA serves clients primarily in Austria, Germany, and Switzerland, offering comprehensive solutions for infrastructure and land management. The company operates a professional website powered by TYPO3 CMS, featuring rich content, clear navigation, and strong branding consistency. Their digital presence includes active social media channels and detailed business information, supporting a medium-sized enterprise profile. Technically, the website employs modern web technologies such as jQuery, Slick Carousel, and FontAwesome, integrated with marketing and analytics tools including Microsoft Dynamics 365 and Google Analytics Tag Manager. Despite these strengths, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts its security posture. Security headers are well configured, but the absence of encryption and TLS protocols is a critical vulnerability. From a security and compliance perspective, rmDATA demonstrates good privacy practices with comprehensive privacy and cookie policies, including a consent mechanism aligned with GDPR requirements. However, there is no visible security policy, incident response information, or vulnerability disclosure page. The WHOIS data confirms domain legitimacy and consistency with the company's business claims, enhancing trustworthiness. Overall, rmDATA's website is professional and content-rich but requires urgent security improvements, particularly implementing HTTPS to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing security transparency to align with best practices and regulatory expectations.

G

GeoVille Information Systems and Data Processing GmbH

geoville.com

26

GeoVille Information Systems and Data Processing GmbH is a medium-sized Austrian technology company specializing in satellite-based Earth Observation services. With over 25 years of experience and a global footprint spanning 140 countries and 510 implementations, GeoVille offers a range of services including satellite imagery, data access, land monitoring analytics, platform interfaces, and advisory capacity building. Their target audience includes government agencies, environmental organizations, and sectors such as energy, security, and urban planning. The website is built on TYPO3 CMS with modern frontend technologies and demonstrates good design and navigation, though performance data is limited. From a technical perspective, the website uses Apache server technology and integrates libraries such as Bootstrap, jQuery, FontAwesome, and Google Tag Manager. However, the site lacks HTTPS encryption, which is a critical security deficiency. Security headers are minimal, and no advanced security mechanisms like HSTS or OCSP stapling are enabled. Privacy compliance is basic, with a privacy policy page present but no cookie consent mechanism detected. Contact information is limited to a contact form, with no direct emails or phone numbers published. The security posture is weak due to the absence of SSL/TLS, exposing users to potential interception risks. No incident response or vulnerability disclosure policies are published, which could impact trust. The domain registration data is consistent with the company's claims, showing a long-established presence since 1998. Social media presence is strong, supporting business credibility. Overall, the website is professionally designed and content-rich but requires urgent security improvements, especially enabling HTTPS and enhancing privacy compliance. Strategic recommendations include installing a valid SSL certificate, implementing cookie consent mechanisms, publishing security policies, and improving contact transparency to enhance trust and compliance.

F

Franziskus Spital GmbH

franziskusspital.at

30

Franziskus Spital GmbH operates as a non-profit healthcare provider with two hospital locations in Vienna, Austria, offering a broad range of medical services including internal medicine, surgery, anesthesiology, and specialized centers such as hernia surgery and breast health. The website targets patients, visitors, referring physicians, and career seekers, positioning itself as a regional healthcare institution with a focus on individualized medicine and comprehensive patient care. Technically, the website employs a mix of legacy and modern JavaScript libraries and includes Google Analytics and a cookie consent mechanism, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. Security headers are partially implemented but lack advanced protections such as HSTS and DNSSEC. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent. Overall, the site is professionally designed and content-rich but requires urgent security improvements to meet modern standards.

S

SABIC

sabic.com

40

SABIC is a large multinational petrochemical company headquartered in Saudi Arabia, specializing in manufacturing and supplying polymers, chemicals, specialties, and agri-nutrients. The website reflects a mature enterprise with a comprehensive digital presence targeting industrial customers, investors, and job seekers. The content is professionally presented with clear navigation and consistent branding. Technically, the site uses ASP.NET technology with modern JavaScript libraries and Google Tag Manager for analytics and marketing. However, the SSL/TLS configuration is critically flawed with no valid certificate and no TLS protocols enabled, severely impacting security posture. Privacy compliance is strong with clear policies and cookie consent mechanisms. Overall, the site is trustworthy and professional but requires urgent remediation of HTTPS and SSL issues to ensure secure user interactions.

GMB Union is a well-established UK trade union with a mature domain and a large membership base exceeding 500,000. The website serves as a comprehensive platform for union campaigns, news, member benefits, and sector-specific advice, targeting workers across public and private sectors. The technical infrastructure is based on MODX Revolution CMS, hosted on a Plesk platform with nginx web server, and uses modern JavaScript libraries for enhanced user experience. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a significant security concern. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security or incident response policies are found. Overall, the website is professionally designed, content-rich, and trustworthy but requires urgent improvements in its security posture to protect user data and enhance trust.

Ö

Österreichische Gesundheitskasse

meineoegk.at

40

The website meineoegk.at serves as the official service portal for the Österreichische Gesundheitskasse, Austria's public health insurance provider. It offers a broad range of online services including e-Rezept, insurance data access, pension applications, and various social insurance related forms. The portal targets insured Austrian residents and provides a secure login mechanism via ID Austria, ensuring user data protection and access control. The site is professionally designed with clear navigation and comprehensive content relevant to its audience. Technically, it employs a custom CMS with Jakarta Faces framework and uses modern JavaScript libraries such as jQuery 3.6.0 and Slick Carousel for UI components. Analytics is managed through Piwik PRO with user consent mechanisms in place, reflecting good privacy practices. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the site's security posture. The Content Security Policy is robust but includes unsafe directives that could be improved. Overall, the site is trustworthy and authoritative but requires urgent security enhancements to protect user data and comply with best practices.

École polytechnique is a prestigious French engineering school offering a wide range of educational programs including Bachelor, Master, Doctorate, and Executive Education. It is a founding member of the Institut polytechnique de Paris and focuses on research, innovation, and entrepreneurship. The website targets students, researchers, entrepreneurs, alumni, and corporate partners, providing comprehensive information about academic programs, research labs, innovation centers, and community engagement. Technically, the site is built on Drupal CMS with modern frontend technologies but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are well implemented with GDPR compliance and consent mechanisms. Social media presence is strong with official accounts on Facebook, YouTube, LinkedIn, and Instagram. Overall, the site is professional and trustworthy but requires urgent security improvements to enable HTTPS and modern TLS protocols.

A

ARCOTEL Hotels

arcotelhotels.com

35

ARCOTEL Hotels is a medium-sized hospitality group operating multiple hotels across Austria and Germany, focusing on urban locations and sustainable hospitality practices. The website presents a professional and consistent brand image with comprehensive content about their services, sustainability certifications, and direct booking advantages. Technically, the site uses a mix of legacy and modern technologies, including PHP 5.6.40, Bootstrap 4, and various JavaScript libraries, hosted on Amazon CloudFront CDN. However, the absence of a valid SSL certificate and use of outdated PHP versions represent significant security risks. Privacy and cookie policies are well implemented with consent mechanisms, and analytics usage is moderate with Google services. Overall, the site is functional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

The Würth Group is a globally established enterprise specializing in the development, manufacturing, and distribution of assembly and fastening materials. With over 400 companies in 80 countries and more than 2,800 branches, it holds a world market leader position in its core business. The website reflects a mature digital presence with consistent branding and comprehensive corporate information primarily targeting industrial and business clients. Technically, the site employs modern web technologies including Bootstrap, jQuery, and the FirstSpirit CMS, ensuring good mobile optimization and user experience. However, a critical security deficiency is the absence of a valid SSL certificate and enabled TLS protocols, severely impacting the site's security posture. Privacy and cookie policies are present and GDPR compliant, indicating attention to data protection regulations. Overall, the site is professional and credible but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and maintain trust.

M

MTEL Austria

mtel.at

39

MTEL Austria is a telecommunications provider offering a range of services including mobile tariffs, internet, and TV entertainment packages primarily targeting private and business customers in Austria. The company is part of the Telekom Serbien Group, indicating a solid regional market presence. The website is professionally designed with good content quality, clear navigation, and mobile optimization. It leverages modern JavaScript libraries and integrates marketing and analytics tools such as Google Tag Manager, Hotjar, and Cookiebot for consent management. However, the site currently lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are properly configured, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with a consent mechanism in place. Contact information including email and phone numbers is clearly provided, enhancing business credibility. Overall, the website is functional and professional but requires urgent security improvements to protect user data and build trust.

Desmet is a well-established global engineering company specializing in custom plants and equipment for the food, feed, and biofuel industries. With a large workforce and multiple brands, it holds a strong market position supported by extensive experience and a professional digital presence. The website is content-rich, well-structured, and uses modern technologies, but critically lacks HTTPS/SSL, which severely impacts its security posture. While security headers are implemented, the absence of valid SSL/TLS and related configurations exposes the site to risks. Privacy compliance is partially addressed with visible privacy and cookie policies, but no explicit consent mechanism is detected. Business credibility is high due to clear branding, contact information, and WHOIS consistency. Strategic improvements in security infrastructure and incident response readiness are recommended.

M

Mediaplanet Group

mediaplanet.com

40

Mediaplanet Group is a mature, established content marketing company founded in 1993, delivering over 1,000 campaigns annually to a global client base exceeding 15,000. The company operates primarily in the media sector, providing content marketing services worldwide. The website is built on WordPress and leverages modern JavaScript libraries such as jQuery and amCharts, with Cloudflare providing CDN and security services. Despite a professional design and good SEO practices, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. No privacy or cookie policies are present, and no explicit contact information is found on the main page, which affects privacy compliance and business credibility scores. Advertising and tracking tools like Facebook Pixel and Google Tag Manager are integrated, indicating moderate user tracking.

M

Makino Inc.

makino.com

40

Makino Inc. is a global leader in manufacturing technology, specializing in CNC machine tools including horizontal and vertical machining centers, EDM, and graphite machining centers. The company targets industrial sectors such as aerospace, automotive, medical, semiconductor, and job shops, offering comprehensive solutions including automation, software, engineering services, and support. Their market position is strong, supported by extensive product information and a global presence with regional subsidiaries. Technically, the website employs a modern tech stack with ASP.NET backend and various JavaScript libraries for enhanced user experience. It is hosted behind Cloudflare, ensuring performance and availability. The site is mobile-optimized and includes accessibility features, although performance metrics are not provided. From a security perspective, the site has several important security headers configured, but critically lacks a valid SSL certificate, resulting in no HTTPS protection. This significantly lowers the security posture and exposes users to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms, aligning with GDPR requirements. Overall, the website is professional and trustworthy in content and business representation, but the lack of HTTPS is a critical issue that should be addressed immediately to protect user data and enhance trust.

Ö

Österreichische Gesundheitskasse

wgkk.at

40

The Österreichische Gesundheitskasse (ÖGK) operates as a major public healthcare insurance provider in Austria, offering a broad range of health-related services and information to insured individuals, employers, and contract partners. The website serves as a comprehensive portal for health facilities, health services, customer support, appointment scheduling, and career opportunities, targeting Austrian residents and stakeholders in the healthcare sector. The organization maintains a consistent and professional online presence with clear branding and trust signals, including official government domain usage and social media engagement. Technically, the website is built on a mature infrastructure utilizing Apache, Jakarta Faces (JSF), jQuery 3.6.0, and Gentics CMS. It integrates advanced features such as a content slider and Piwik PRO analytics for user behavior tracking. However, performance metrics appear incomplete, and the site shows moderate loading characteristics. Accessibility and SEO optimizations are well addressed, with good mobile responsiveness and clear navigation. From a security perspective, the site implements several best practices including a detailed Content-Security-Policy and HttpOnly, Secure cookie flags. Nevertheless, the absence of a valid SSL certificate and HTTPS support is a critical vulnerability, severely impacting the security posture. Other SSL/TLS features such as modern protocol support, OCSP stapling, and session resumption are missing. Privacy compliance is strong, with GDPR-aligned cookie consent mechanisms and clear privacy policies. Overall, the website is trustworthy and professionally managed but requires urgent security improvements to enable HTTPS and strengthen SSL/TLS configurations. Addressing these issues will enhance user trust, data protection, and compliance with modern security standards.

B

BE-terna

terna.com

40

BE-terna is a medium-sized technology solutions provider specializing in modern business software solutions including ERP, CRM, business intelligence, AI, and automation. The company partners with leading global technology providers such as Microsoft, Infor, Qlik, and UiPath, positioning itself as a trusted partner for digital transformation across multiple industries including manufacturing, retail, energy, and financial services. The website reflects a professional and comprehensive digital presence with strong branding and customer trust signals. Technically, the site uses modern JavaScript libraries and CMS technologies but suffers from an invalid SSL certificate which impacts its security posture. Security headers are well configured but the lack of a valid HTTPS setup and cookie consent mechanism are notable gaps. The site does not expose contact emails or phone numbers explicitly but provides contact forms and social media channels for engagement. Overall, the business appears legitimate and well-established with a consistent domain registration and partnership ecosystem.

Mindbreeze GmbH is a medium-sized technology company specializing in AI-based enterprise search and knowledge management solutions. Their flagship product, Mindbreeze InSpire, empowers organizations to transform data into actionable insights for critical business decisions. The company is recognized as a leader in the IDC MarketScape and serves a global clientele including major enterprises such as Lufthansa and Daimler AG. The website is professionally designed, mobile-optimized, and rich in relevant content targeting enterprise customers seeking AI-driven knowledge management solutions. Technically, the site runs on Drupal 10 with a modern tech stack but lacks a valid SSL certificate, which critically impacts its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with clear consent mechanisms and business email validation on forms. Social media presence is strong across major platforms. Overall, the domain registration and website content are consistent and trustworthy, though the absence of HTTPS is a significant security concern.

P

PV - Pensionsversicherung Österreich

pensionsversicherung.at

39

The website pensionsversicherung.at represents the official online presence of the Austrian Pensionsversicherung (PV), the largest pension insurance carrier in Austria, serving approximately 5.6 million insured persons. It provides comprehensive information and services related to pensions, care allowances, rehabilitation, and health prevention. The site is well-structured, professionally designed, and targets insured workers, pensioners, and caregivers in Austria. The business model is that of a government social insurance provider, with a strong market position as a key public institution in Austria's social security system. Technically, the website uses a mature technology stack including Apache server, jQuery 3.6, Jakarta Faces framework, and Piwik PRO for analytics. The content is rich and well-optimized for SEO and accessibility, with good mobile responsiveness. However, performance data is missing, and the site is currently served without a valid SSL certificate, resulting in no HTTPS availability, which is a critical security flaw. From a security perspective, the site implements several security headers including a detailed Content Security Policy and uses secure cookie flags. Despite this, the lack of a valid SSL certificate and absence of modern TLS protocols severely degrade the security posture. No DMARC record is found, and session resumption and OCSP stapling are not enabled. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the site is trustworthy and authoritative in its domain but must urgently address SSL/TLS issues to ensure secure communications and maintain user trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing email security with DMARC. The site demonstrates a high level of professionalism and business credibility but is currently limited by its security shortcomings.

V

VCC USA

vccusa.com

20

VCC USA is a well-established general contractor and construction management company operating nationally in the United States. With a mature domain and over 38 years of industry experience, VCC offers a broad range of construction services across multiple sectors including hospitality, healthcare, retail, multifamily, and institutional projects. The website reflects a professional and comprehensive business presence with strong branding and clear service offerings. Technically, the site is built on WordPress with common plugins and libraries, but suffers from a critical lack of HTTPS/SSL, which severely impacts its security posture. The absence of modern TLS protocols and security headers further weakens its defense against common web threats. Privacy compliance is addressed with a privacy policy and cookie consent mechanism, though terms of service and incident response policies are not evident. Social media integration and an ethics hotline demonstrate a commitment to transparency and ethical business practices. Overall, while the business credibility and content quality are high, the security deficiencies present a significant risk that should be remediated promptly.

S

SPACEKEYS GmbH

spacekeys.aero

62

SPACEKEYS GmbH is a specialized aviation technology company providing advanced GNSS RAIM prediction solutions worldwide. Their offerings include RAIM PRO and RAIM ANSP products, supporting multiple aviation standards and providing RESTful APIs for integration. The company is funded by the European Space Agency under the NAVISP programme, positioning it as a credible and innovative player in the aviation navigation sector. The website reflects a professional business with clear product descriptions and partner relationships, notably with Flightkeys and ESA. Technically, the site uses modern web technologies such as jQuery and slick carousel but lacks a valid SSL certificate, which is a critical security deficiency. Security headers are present, but the absence of HTTPS and modern TLS protocols significantly reduces the security posture. Privacy compliance is weak, with no privacy or cookie policies found. Contact information is clearly provided, including a physical address and company email. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to meet industry standards.

A

Ankerbrot Holding GmbH

linauer.at

33

Linauer.at is a transitional website for the Linauer bakery brand, which is being integrated into the Ankerbrot Holding GmbH group, a well-established bakery company in Austria. The site primarily serves as a redirect landing page to the main Ankerbrot website, indicating a brand consolidation. The business operates in the retail bakery sector targeting consumers in Austria. The website content is minimal, focusing on brand transition with a video and countdown redirect. Technical infrastructure includes JavaScript libraries such as jQuery and RequireJS, hosted on ip.co.at nameservers. However, the site lacks HTTPS, which is a critical security deficiency. No security headers or cookie consent mechanisms are implemented, and performance is slow with a large page size and long load time. The WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the site demonstrates basic digital maturity but requires significant security and privacy improvements.

DiaSorin S.p.A. operates a comprehensive corporate website focused on molecular diagnostics, immunodiagnostics, and licensed technology platforms. The company positions itself as a global leader in laboratory diagnostics, targeting healthcare providers, laboratories, and scientific communities. The website provides extensive product information, corporate governance details, investor relations, and career opportunities, reflecting a mature and professional business presence. Technically, the site is built on Drupal 10 with modern front-end technologies and integrates marketing and analytics tools such as Google Tag Manager and Cookiebot for privacy compliance. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, exposing users to potential risks. Security headers are partially implemented, but the lack of HTTPS significantly lowers the security posture. Privacy policies and cookie consent mechanisms are well implemented, indicating good compliance with GDPR. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

J

Jarltech Europe GmbH

jarltech.com

40

Jarltech Europe GmbH is a well-established specialist distributor in the technology sector, focusing on point-of-sale and automatic identification equipment across Europe. With a mature domain and a broad manufacturer partnership network, it serves a large customer base with premium distribution services. The website is professionally designed, content-rich, and provides comprehensive legal and privacy information, reflecting a strong commitment to GDPR compliance and user privacy. Technically, the site uses Drupal 10 with modern web technologies and integrates reputable analytics and marketing tools, although performance is moderate. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which is a critical risk that should be addressed promptly. Overall, the business demonstrates high credibility and transparency, but the security configuration requires urgent improvement to protect user data and maintain trust.

N

Nemak

nemak.com

35

Nemak is a large manufacturing company specializing in aluminum automotive components, with a strong focus on sustainability and decarbonization initiatives. The company targets automotive manufacturers, investors, suppliers, and job seekers, positioning itself as a global leader in its sector. The website reflects a professional corporate presence with good content quality and consistent branding. Technically, the site uses modern JavaScript libraries and frameworks hosted on Microsoft Azure, but lacks a valid SSL certificate, which is a critical security shortfall. The security posture is weak due to missing HTTPS, lack of security headers, and no published security policies. Privacy compliance is basic, with cookie consent implemented but no detailed GDPR compliance indicators. Contact information and social media presence are well established, supporting business credibility. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

S

Siblik Elektrik GmbH & Co. KG

siblik.com

39

Siblik Elektrik GmbH & Co. KG is a medium-sized Austrian company specializing in electrical and building technology solutions, including smart home products and professional training. The company maintains a professional and content-rich website powered by TYPO3 CMS, targeting electrical contractors and end customers in Austria. Their market position is supported by multiple physical locations and a consistent brand presence. Technically, the website uses modern web technologies and integrates analytics and marketing tools, but lacks HTTPS security, which is a critical vulnerability. The security posture is weak due to the absence of SSL/TLS and related security headers, exposing users to potential risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

E

ENI

eni.com

40

Eni is a large, established integrated energy company headquartered in Italy with a strong global presence and diversified energy portfolio including oil & gas, renewables, and bioenergy. The website reflects a mature digital presence with comprehensive content covering corporate governance, sustainability, investor relations, and career opportunities. Technically, the site uses modern frameworks like Bootstrap and jQuery, hosted on Akamai CDN, and employs Adobe Helix for content management. However, the security posture is weakened by the absence of a valid SSL certificate and HTTPS support, which is a critical vulnerability. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

E

ETM professional control GmbH

etm.at

40

ETM professional control GmbH is a medium-sized Austrian company specializing in the development of the SIMATIC WinCC Open Architecture SCADA system, serving critical industrial sectors such as energy, transportation, and building automation. As a wholly owned subsidiary of Siemens AG, ETM benefits from strong corporate backing and a global partner network, positioning it as a reputable player in industrial automation software. The website reflects a professional and consistent brand presence with detailed company history and management information. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and integrates marketing and analytics tools such as Adobe DTM and Google Analytics. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture, exposing users to risks and reducing trust. Security headers are present but insufficient without proper TLS implementation. Privacy and cookie policies are linked to Siemens global pages, indicating good compliance with GDPR and related regulations. Overall, the site is content-rich and credible but requires urgent security improvements to protect users and enhance trust.

W

Würth Österreich

wuerth.at

40

Würth Österreich operates a comprehensive B2B e-commerce platform targeting trade professionals and businesses in Austria. The website offers a wide range of industrial and professional products alongside specialized services such as consulting, digital tools, and engineering support. The company is positioned as a market leader with a strong brand presence and multiple customer engagement channels including social media and mobile apps. Technically, the site uses modern web technologies and a professional CMS, providing a good user experience and mobile optimization. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which poses risks to data confidentiality and user trust. Privacy compliance is generally good with accessible policies, but lacks a visible cookie consent mechanism. Overall, the site is professional and credible but requires urgent security improvements to protect users and maintain trust.

A

Amgen Inc.

amgen.com

40

Amgen Inc. is a leading global biotechnology company focused on developing innovative biologic medicines to treat serious illnesses. The website reflects a mature enterprise with comprehensive content covering its science, products, corporate responsibility, and investor relations. The target audience includes healthcare professionals, patients, investors, and partners. The business model centers on research, development, manufacturing, and delivery of biologic therapeutics, positioning Amgen as a pioneer in biotechnology with a strong market presence. Technically, the website employs modern JavaScript libraries such as jQuery and Slick Carousel, uses lazy loading for images, and integrates Google Tag Manager and Cookiebot for analytics and privacy compliance. Hosting is via Amazon CloudFront CDN, supporting global content delivery. The site is mobile optimized with good SEO and accessibility basics, though some accessibility features could be enhanced. From a security perspective, the site implements several security headers including Content Security Policy and X-Frame-Options. However, a critical issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. No TLS protocols are enabled, and HSTS is not properly configured. These gaps expose users to potential risks and undermine trust. Overall, the website is professionally designed and content-rich, but the lack of HTTPS and valid SSL certificate is a major security concern. Strategic improvements in SSL/TLS deployment and enhanced security configurations are essential to protect user data and maintain trust. Privacy compliance is well addressed with Cookiebot and clear privacy and cookie policies. Business credibility is high, supported by consistent branding and comprehensive corporate information.

Software Competence Center Hagenberg (SCCH) is a medium-sized research and development center based in Austria, specializing in software competence and computational intelligence for industrial applications. The organization maintains a strong market position with national and international partnerships, offering services in data science, software science, project collaboration, consulting, and training. The website content is professionally presented in German, targeting industry professionals, researchers, partners, and potential employees. The business model focuses on research and innovation in technology for industry advancement. Technically, the website is built on the Contao Open Source CMS platform, utilizing Apache server technology and modern JavaScript libraries such as jQuery and Slick Carousel. Hosting is managed via Azure DNS services. While the website demonstrates good mobile optimization and basic SEO practices, performance metrics indicate slow loading times. Accessibility features are basic but present. From a security perspective, the site implements several important HTTP security headers including Content Security Policy, X-Frame-Options, and X-XSS-Protection. However, a critical weakness is the invalid SSL certificate and lack of proper HTTPS support, which significantly undermines the security posture. No advanced incident response or security policy documentation is found on the site. Privacy compliance is strong, with a comprehensive privacy policy, cookie consent mechanism, and GDPR adherence. Overall, the website is trustworthy and professionally maintained but requires urgent remediation of SSL/TLS issues to ensure secure communications and improve the security score. Strategic recommendations include fixing the SSL certificate, enabling modern TLS protocols, and enhancing performance and accessibility to strengthen the digital presence and security posture.

M

Mundipharma International Limited

mundipharma.com

40

Mundipharma International Limited operates a global healthcare website focused on pharmaceutical and consumer health products with a strong patient-centric approach. The website targets healthcare professionals, patients, and partners, providing corporate information, career opportunities, and media resources. The digital infrastructure is built on Drupal CMS with integrations including Google Analytics, Hotjar, and various marketing and tracking tools, hosted behind Cloudflare CDN. While the website content is professionally presented with good navigation and mobile optimization, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which are critical issues that must be addressed to ensure secure communications and user trust. Privacy and cookie policies are comprehensive and GDPR compliant, but no explicit security policy or incident response information is publicly available. Overall, the website is credible and professionally maintained but requires urgent SSL/TLS remediation to improve security and trust.

B

Bergner Group

bergnerhome.com

36

Bergner Group is a well-established homeware solutions provider founded in 1999, offering a broad range of kitchenware and home products under multiple brands. The company targets consumers and retail partners globally, emphasizing innovation, quality, and comprehensive business support services. The website reflects a professional and consistent brand image with strong content relevance and user experience. Technically, the site uses modern JavaScript libraries and tracking tools but lacks a valid SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are present and GDPR compliant, but direct contact details like emails or phone numbers are not explicitly provided. The WHOIS data aligns well with the business claims, supporting domain legitimacy. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

H

Hotel Pfefferkorn

pfefferkorns.net

25

Hotel Pfefferkorn is a luxury hospitality provider located in Lech am Arlberg, Austria, offering premium accommodations, wellness, and dining experiences. The business is well positioned in the alpine tourism market with recognized culinary certifications such as Michelin, Falstaff, and Gault Millau. The website is professionally designed using WordPress with multilingual support and SEO optimization. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability that undermines user trust and data protection. Cookie consent mechanisms and a comprehensive privacy policy demonstrate good privacy compliance. Contact information is clearly presented, supporting business credibility. Overall, the site reflects a mature hospitality business with room for improvement in security infrastructure.

Advance International Media Limited operates as a media planning and advertising agency focused on placing brands across influential media titles internationally. The company offers services including digital planning and advertising, programmatic advertising, content marketing, and print advertising. Their market position is that of a small, specialized media agency with a presence primarily in the UK and partnerships across Europe. The website content is professionally presented with good navigation and relevant business information targeting brands and advertisers seeking international media exposure. Technically, the website is built on WordPress using common libraries such as jQuery and Slick Carousel, hosted on 1&1 IONOS DNS infrastructure. However, the site lacks HTTPS, which is a critical security shortfall. Security headers are minimal and no advanced security policies or incident response contacts are disclosed. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Overall, the website demonstrates moderate business credibility but requires significant improvements in security and privacy compliance to meet modern standards.

T

Tyromotion GmbH

tyromotion.com

29

Tyromotion GmbH is a medium-sized Austrian company specializing in the development and manufacture of advanced technology-driven rehabilitation and therapy devices, targeting healthcare professionals and patients globally. The company holds a strong market position as a leading innovator in robotic-assisted rehabilitation solutions and patient management software. Their website reflects a professional and comprehensive digital presence, showcasing detailed product information, customer references, and active engagement through social media and newsletters. Technically, the site is built on WordPress with modern SEO and multilingual support, but suffers from slow performance and lacks a valid SSL certificate, which critically impacts security and user trust. Security headers are partially implemented, but the absence of HTTPS and TLS protocols is a significant vulnerability. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and maintain trust.

E

easybank

easybank.at

39

easybank is a leading direct bank in Austria, offering a comprehensive range of financial services including personal and business accounts, loans, credit cards, savings, and investment products. The website reflects a mature digital presence with a focus on user experience, mobile optimization, and clear navigation. The business is well-positioned in the Austrian banking sector, supported by its parent company BAWAG Group and subsidiaries such as easyleasing.at. Technically, the site uses CoreMedia CMS and integrates modern marketing and analytics tools like Adobe and Google Tag Manager, alongside a consent management platform for privacy compliance. However, the website suffers from a critical security deficiency: it lacks a valid SSL certificate and does not support HTTPS, exposing users to significant risks. Security headers and modern TLS protocols are also absent, which undermines the overall security posture. Privacy policies and cookie consent mechanisms are well implemented, indicating good compliance with GDPR. Overall, while the business and content quality are excellent, the security shortcomings significantly impact the risk profile and trustworthiness of the site.

D

Das Österreichische Patentamt

patentamt.at

40

Das Österreichische Patentamt is the central government authority in Austria responsible for intellectual property rights including patents, trademarks, and designs. The website serves as an information and service hub offering online filing, advisory services, and educational programs such as the IP Academy. The organization holds ISO 9001 and ISO 27001 certifications, reinforcing its commitment to quality and information security. The site targets a broad audience including inventors, businesses, startups, legal professionals, and students. Technically, the website is built on TYPO3 CMS with modern frontend libraries and frameworks, providing a professional and accessible user experience. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Security headers are well implemented but cannot compensate for the lack of encryption. Privacy compliance is strong with comprehensive cookie consent mechanisms and GDPR-aligned policies. Overall, the site is authoritative and trustworthy but requires urgent improvements in SSL/TLS deployment to enhance security posture.

B

Benedict Industries

benedict.com.au

40

Benedict Industries is a leading supplier and recycler of quarry, recycled, and landscape products primarily serving the New South Wales region in Australia. The company operates multiple quarry and recycling locations, offering services such as waste recycling, resource recovery, supply and delivery of bulk materials, and free trailer hire. Their products are used in major infrastructure and civil projects, positioning them as a key player in the regional construction and waste management sectors. The website reflects a professional business with clear contact information, industry certifications, and a focus on sustainability and quality. Technically, the website is built on WordPress using the Divi theme and WooCommerce for product management. It integrates various modern web technologies and third-party services including Google Fonts, Google Maps API, and several social media platforms. However, performance data is lacking, and the site currently lacks a valid SSL certificate, which is a critical security shortfall. Mobile optimization and SEO appear to be well implemented, though accessibility is basic. From a security perspective, the site has several HTTP security headers configured, but the absence of HTTPS and TLS protocols severely undermines its security posture. No incident response or vulnerability disclosure information is present, and cookie consent mechanisms are missing, indicating gaps in privacy compliance. The domain registration is consistent with the business claims, registered through Melbourne IT without privacy protection, and the domain age aligns with the company's operational history. Overall, while the business and website demonstrate professionalism and market presence, urgent improvements in security infrastructure, particularly SSL/TLS deployment and privacy compliance, are recommended to enhance trust and protect user data.

S

Sysdig

sysdig.com

40

Sysdig is a leading enterprise cloud security company specializing in runtime insights and cloud-native application protection. Their platform offers comprehensive solutions including vulnerability management, cloud detection and response, and permissions management, targeting organizations operating in multi-cloud and containerized environments. The company is recognized as a leader in the CNAPP market with multiple industry awards and a strong customer base. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates various marketing and analytics tools. However, the SSL configuration is currently invalid or missing, which is a critical security concern. The site lacks some advanced security headers and DNS security features such as DNSSEC and DMARC. Privacy policies and cookie consent mechanisms are present and comprehensive, supporting GDPR compliance. Overall, Sysdig demonstrates strong business credibility and technical maturity but should urgently address SSL and DNS security to improve its security posture and trustworthiness.

I

IDEMIA

idemia.com

40

IDEMIA is a global leader in biometrics and cryptography, providing advanced technology solutions that enable secure payments, identity verification, connectivity, and public safety. The company serves governments, enterprises, and financial institutions worldwide, positioning itself as a trusted partner with a strong market presence and extensive customer references. The website reflects a mature digital infrastructure with modern JavaScript libraries, SEO best practices, and a professional design that supports a positive user experience. However, the current lack of a valid SSL certificate and HTTPS implementation significantly impacts the security posture, exposing the site to potential risks. Privacy policies and cookie consent mechanisms are well implemented, and a Data Protection Officer contact is provided, indicating good privacy compliance. Overall, the site demonstrates high business credibility but requires urgent improvements in SSL/TLS security to align with best practices and user trust expectations.

P

PXP Financial

kalixa.com

40

PXP Financial operates a sophisticated unified commerce platform that integrates payment processing, acquiring, cross-border payments, and growth tools for a diverse range of industries including retail, hospitality, gaming, and travel. The company leverages a cloud-native, microservices-based architecture enhanced by AI to deliver scalable, reliable, and innovative payment solutions globally. Their platform emphasizes intelligent payment routing, real-time business intelligence, and self-service capabilities, positioning them as a modern leader in the payments technology sector. The website reflects a mature, professional business with strong branding and comprehensive service offerings.

S

seso media group gmbh

seso.at

28

SESO media group gmbh is a well-established Austrian digital agency specializing in consulting, creative services, and digital development. The company targets businesses seeking to enhance their digital presence and user experience, positioning itself as a partner for digital transformation in the Economy of Experiences. Their client portfolio includes notable brands such as A1 Telekom Austria, Jägermeister, Red Bull, and AbbVie, indicating a strong market presence in Austria and Switzerland. The website content is professionally crafted, with clear messaging and consistent branding that supports their market positioning. Technically, the website is built on WordPress with a modern frontend stack including Bootstrap, jQuery, GSAP, and AOS for animations. The site is mobile-optimized and SEO-friendly, leveraging Yoast SEO plugin and structured data for enhanced search visibility. Hosting appears to be managed via GlobeDom DNS services, and email protection is handled through Microsoft Outlook's mail protection services. However, performance metrics are unavailable, and accessibility is basic but functional. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical vulnerability. Although several security headers are implemented, the absence of HTTPS severely undermines the overall security posture. No vulnerability disclosure or incident response policies are publicly available. Privacy and cookie policies are present and appear GDPR compliant, with a consent mechanism implemented. Contact information is comprehensive, including email, phone, physical address, and a detailed contact form. Overall, while SESO demonstrates strong business credibility and digital maturity, the lack of HTTPS is a significant risk that must be addressed immediately to protect user data and maintain trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, and enhancing security configurations. The website otherwise reflects a professional and trustworthy digital agency with a solid market position.

H

Hochschule Neubrandenburg

hs-nb.de

39

Hochschule Neubrandenburg is a German public university of applied sciences offering a range of academic programs, research initiatives, and continuing education services primarily focused on agriculture, health, social work, and landscape sciences. The website serves students, prospective students, researchers, and regional partners with comprehensive information and resources. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and includes privacy-conscious analytics via Matomo. However, the absence of HTTPS/SSL is a critical security gap that undermines user trust and data protection. Security headers are well configured but cannot compensate for the lack of encryption. The site lacks cookie consent mechanisms and explicit security or incident response policies. Overall, the website is professional and content-rich but requires urgent security improvements to meet modern standards.

M

Melecs EWS GmbH

melecs.com

39

Melecs EWS GmbH is a well-established electronics manufacturing services (EMS) provider headquartered in Austria with over 25 years of industry experience. The company offers comprehensive services ranging from electronics development, validation, industrialization, production, to logistics, serving multiple sectors including automotive, home appliances, intralogistics, and industrial electronics. Their global production footprint and strong customer focus position them as a reliable partner in the EMS market. The website is professionally designed, content-rich, and targets industrial clients seeking end-to-end EMS solutions. Technically, the site is built on WordPress with Elementor and uses Cloudflare for hosting and CDN services. However, the site currently lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Contact information is clearly presented, including email, phone, physical address, and a contact form. Overall, the business credibility and website professionalism are high, but the security posture requires urgent improvement to protect user data and enhance trust.

A

ACI Worldwide

aciworldwide.com

40

ACI Worldwide is a mature, enterprise-level financial technology company specializing in global payments software and solutions. The company offers a broad portfolio of services including payments orchestration, fraud management, bill pay, and real-time payments, targeting banks, merchants, and billers worldwide. The website reflects a strong market position with extensive customer testimonials, partner logos, and a global reach across 95 countries. Technically, the site is built on WordPress hosted on WP Engine with Cloudflare CDN, leveraging modern marketing and analytics tools such as Google Tag Manager, Hotjar, and HubSpot. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture score. Security headers and content security policies are well implemented, but the lack of HTTPS is a major vulnerability. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.