Security Directory

H

HARTL HAUS

hartlhaus.at

40

HARTL HAUS is a well-established Austrian manufacturer specializing in prefabricated wooden houses, with over 125 years of market presence. The company offers a range of modern bungalow and two-story homes, including individually planned dream houses, all produced in Austria with an integrated carpentry workshop. Their market position is strong, being a quality leader with high customer satisfaction. Technically, the website runs on TYPO3 CMS hosted on an Apache Ubuntu server, with modern marketing and consent tools integrated. However, the lack of a valid SSL certificate and HTTPS support is a significant security gap. The site includes comprehensive privacy and cookie policies with consent mechanisms, but lacks explicit terms of service and incident response information. Overall, the business is credible and trustworthy, but the security posture requires urgent improvement to protect user data and enhance trust.

SONNENTOR Kräuterhandels GMBH operates a professional e-commerce and retail platform specializing in organic teas and spices with a strong commitment to sustainability, direct trade, and eco-friendly packaging. The company has a well-established market presence since 1988, targeting consumers interested in organic and sustainable products. The website is well-designed, mobile-optimized, and provides comprehensive content and navigation. Technically, the site uses modern technologies including Pimcore CMS, Bootstrap framework, and integrates multiple marketing and analytics tools such as Google Tag Manager, Matomo, Emarsys, and Kameleoon. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue that must be addressed promptly to protect user data and maintain trust. Privacy compliance is strong with clear cookie consent mechanisms and GDPR-aligned privacy policies. Overall, the business credibility is high, supported by clear contact information, certifications, and consistent WHOIS data.

M

MBIT Solutions GmbH

mbit.at

33

MBIT Solutions GmbH is an established Austrian IT service provider specializing in tailored web and software solutions for medium to large enterprises and public organizations. Their offerings include enterprise-grade websites, web development, industry-specific solutions, and B2B e-commerce platforms. The company has a strong market position supported by over two decades of experience and a portfolio of reputable clients. Technically, the website is built on TYPO3 CMS, hosted on Apache servers, and integrates modern marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which undermines HTTPS security despite the presence of security headers and content security policies. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Overall, the website demonstrates high professionalism and trustworthiness but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

L

LEITNER

leitner-ropeways.com

40

LEITNER is a well-established company specializing in the manufacturing and supply of ropeway systems and components, serving sectors such as winter sports, urban transportation, tourism, and material transport. Founded in 1888 and part of the HTI Group, LEITNER holds a strong market position with a global footprint and a comprehensive portfolio of products and services including after-sales support and training. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and integrates marketing and analytics tools such as Google Analytics and Microsoft Clarity. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is comprehensive and includes multiple phone numbers, emails, and forms. Overall, LEITNER's website is professional and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

L

Ludwig Boltzmann Gesellschaft

rare-diseases.at

35

The Ludwig Boltzmann Institute for Rare and Undiagnosed Diseases (LBI-RUD) is a specialized Austrian research institute focused on investigating rare diseases, particularly those affecting the immune system, blood formation, and nervous system. The institute operated for seven years until March 2023, contributing valuable scientific insights and supporting patients through its research. The website serves as an informational platform targeting researchers, medical professionals, and affected patients, providing news, research areas, and organizational information. The business model is non-profit, funded by grants and public sources, and it operates under the Ludwig Boltzmann Gesellschaft umbrella. Technically, the website is built on WordPress and hosted on servers associated with domaindiscount24.net. While the site has a professional design with good navigation and mobile optimization, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. This exposes visitors to potential risks and undermines trust. The site uses Matomo analytics for user tracking and includes a cookie consent banner, indicating some level of privacy compliance, though GDPR compliance is not fully evident. Security posture is weak due to missing HTTPS, lack of security headers, and outdated SSL/TLS configurations. No incident response or security policies are publicly disclosed. Contact information is clearly provided, including phone, address, and an obfuscated email address. Social media presence is active across major platforms, enhancing outreach and trust. Overall, the website is functional and informative but requires urgent security improvements to protect users and enhance credibility. Strategic recommendations include implementing HTTPS, improving security headers, and enhancing privacy compliance documentation.

The domain ipnetcom.at currently hosts a minimal website that immediately redirects visitors to innonet.at. There is no substantive content, metadata, or business information present on the site itself. The domain is registered and DNS records point to a hosting provider associated with innonet.at, indicating a likely relationship or ownership. However, the lack of SSL/TLS encryption and absence of security headers represent significant security weaknesses. No privacy or cookie policies are published, and no contact or business details are provided on the site. Overall, the digital presence is minimal and does not support a standalone business website.

O

Octapharma AG

octapharma.com

39

Octapharma AG is a leading global manufacturer of human protein therapies derived from plasma and human cell lines, serving patients in over 120 countries. The company operates a large network of plasma donation centers and production facilities, emphasizing patient engagement and innovation in immunotherapy, haematology, and critical care. The website is professionally designed with comprehensive content, including employee stories, press releases, and detailed product information. Technically, the site uses modern frameworks like Next.js and is hosted on AWS infrastructure, but suffers from critical SSL/TLS configuration issues, lacking a valid certificate and modern protocol support. Security headers are partially implemented, but the absence of HTTPS severely impacts the security posture. Privacy compliance is well addressed with clear policies and a cookie consent mechanism. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and trust.

J

JUDO.eu

judo.eu

26

JUDO.eu is a well-established German company specializing in water treatment solutions, with a history dating back to 1936. The company offers a broad range of products including protective filters, softening systems, lime protection, dosing pumps, leakage protection, wellness, heating protection, and smart home water solutions. Their market position is strong with a focus on innovation and sustainability, targeting both professional and consumer markets internationally. Technically, the website is built on WordPress with a modern tech stack including jQuery, Bootstrap, and various plugins for SEO, cookie management, and user interaction. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security weakness. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

objectflor Art und Design Belags GmbH is a medium-sized German company specializing in high-quality, innovative, and elastic flooring solutions, primarily vinyl and rubber floors. As a subsidiary of James Halstead plc, it serves 16 countries in Central Europe and holds a leading market position in the flooring industry. The company offers a broad product portfolio, including design floors, technical vinyl, and rubber flooring, complemented by services such as design studios, training seminars, and a partner network. The website is professionally designed, content-rich, and targets both B2B and B2C customers seeking sustainable and functional flooring solutions. Technically, the site runs on TYPO3 CMS with integrations for consent management and analytics, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and modern TLS protocols. This significantly impacts the security posture and overall trustworthiness of the site. Privacy compliance is well addressed with GDPR-consistent policies and consent mechanisms. Business credibility is strong, supported by certifications and transparent contact options. Strategic improvements in SSL deployment and security headers are essential to enhance user trust and protect data integrity.

Ö

ÖAR GmbH

oear.at

24

ÖAR GmbH is a consulting company specializing in regional development, organizational cooperation, and evaluation services primarily targeting organizations, communities, and regions. The company positions itself as a professional and experienced niche player with international reach, supported by a well-structured and content-rich website. Technically, the site is built on WordPress with common plugins and libraries, but suffers from a lack of HTTPS and valid SSL certificate, which significantly impacts its security posture. Privacy and legal compliance are well addressed with clear policies and contact information. Overall, the website is professional and trustworthy but requires urgent improvements in security to protect user data and enhance trust.

I

ING

ing.at

40

The website ing.at serves as an informational landing page announcing the transfer of ING Austria's private banking business to bank99 AG as of November 30, 2021. It provides contact information for former customers and legal representatives handling specific cases. The site is primarily targeted at former ING Austria private banking customers and does not offer active banking services. Technically, the site uses modern web technologies including Lit for UI components, service workers for offline capabilities, and integrates third-party services such as Usercentrics for cookie consent and Webtrekk for analytics. However, the SSL configuration is critically flawed with no valid certificate and no TLS protocols enabled, severely impacting security posture. Security headers are well implemented but undermined by the lack of proper SSL. The domain registration and DNS records are consistent with a legitimate banking entity, and the site includes standard privacy and cookie policies compliant with GDPR. Overall, the site is professional and trustworthy in content but requires urgent remediation of SSL issues to ensure secure user access.

The website cddiputados.gob.mx serves as a minimal redirect page to https://congresoedomex.gob.mx, indicating it is an official government domain related to the legislative body of the State of Mexico. The site lacks substantive content, policies, or contact information, reflecting a very basic web presence. Technically, the site is served by Apache over HTTP without SSL/TLS encryption, which is a significant security shortfall for any modern website, including government domains. The absence of security headers, DNSSEC, and other best practices further weakens its security posture. From a business perspective, the domain is consistent with government registration norms and appears legitimate, but the digital maturity is low. Overall, the site presents a low-risk profile due to its minimal functionality but requires urgent improvements in security and compliance to meet modern standards.

D

Design Storz GmbH

designstorz.com

35

Design Storz GmbH is a small, established Austrian design studio with over 38 years of experience specializing in automotive, product, graphic design, branding, and design strategy. The company serves international clients including major automotive brands and consumer product companies. The website is built on WordPress using popular plugins and page builders, presenting professional content and clear navigation primarily in German. However, the technical infrastructure lacks a valid SSL certificate and modern TLS protocols, exposing the site to security risks. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security or incident response policies are found. Overall, the business credibility is moderate, supported by consistent WHOIS data and a clear contact presence. The security posture is weak due to missing HTTPS and security headers, which should be addressed urgently to protect user data and improve trust.

Ing. Michael Josef EDER operates a small, specialized Baumeister (master builder) business based in Hallein, Austria, offering comprehensive construction planning, execution, management, and consultancy services primarily for private residential, commercial, and industrial clients. The company has an established local presence since 1995 and demonstrates professionalism through certifications and clear contact information. Technically, the website is built on WordPress with Elementor and Yoast SEO, showing good SEO and mobile optimization but suffers from critical security shortcomings due to the absence of a valid SSL certificate and modern TLS protocols. The security posture is weak, lacking essential HTTPS encryption and advanced security headers, which poses risks to user data and trust. Privacy compliance is adequate with a cookie consent mechanism and a privacy policy page, but no incident response or security policy information is provided. Overall, the website is functional and professional but requires urgent security improvements to protect visitors and enhance trust.

S

Sony DADC Europe GmbH

sonydadc.com

40

Sony DADC Europe GmbH operates a professional and comprehensive website presenting itself as a leading end-to-end supply chain and manufacturing service provider primarily serving the entertainment industry. The company offers a broad range of services including micro optics, manufacturing, assembly and packaging, logistics, and global business services. The website is well-structured, professionally designed, and targets B2B clients requiring specialized supply chain solutions. Technically, the site is built on WordPress with common libraries such as jQuery and Swiper.js, and includes SEO optimizations and accessibility features. However, a critical security weakness is the lack of a valid SSL certificate and proper HTTPS configuration, which severely impacts the security posture and user trust. Privacy and cookie policies are comprehensive and GDPR compliant, but no incident response or vulnerability disclosure information is provided. Overall, the site is credible and trustworthy but requires urgent security improvements to protect user data and ensure secure communications.

S

Stieglbrauerei zu Salzburg GmbH

stiegl.at

40

Stiegl Privatbrauerei is Austria's leading private brewery with a rich heritage dating back to 1492. The company offers a broad portfolio of beer specialties, operates an online shop, and provides B2B distribution and technical services. The website reflects a mature digital presence with professional design, comprehensive content, and active marketing integrations. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. The site implements GDPR-compliant privacy and cookie policies with consent mechanisms, indicating good privacy awareness. Overall, the business is well-established and credible, but urgent improvements in security infrastructure are recommended.

A

Addiko Bank AG

addiko.com

40

Addiko Bank AG operates as a regional digital bank serving multiple European countries with a focus on online banking products such as savings accounts and loans. The website reflects a professional and consistent brand presence with clear navigation and relevant content targeting retail and corporate banking customers. Technically, the site is built on WordPress with modern plugins and integrates multiple analytics and marketing tools. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which is critical for a financial institution. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, while the business and technical aspects are solid, the security deficiencies pose a significant risk that must be remediated promptly.

H

Handwerkskammer Aachen

hwk-aachen.de

39

Handwerkskammer Aachen is a regional chamber of crafts in Germany representing approximately 17,400 member businesses. The organization provides a broad range of services including vocational training, further education, consulting, business start-up support, and expert services. The website reflects a well-established institution with a strong market position in the education and government sectors, targeting apprentices, craftsmen, business founders, and companies within the Aachen region. The content is rich, professionally presented, and highly relevant to its audience. Technically, the site is built on the ODAV CMS platform, utilizing modern JavaScript libraries and frameworks, but suffers from poor SSL/TLS implementation, lacking a valid certificate and modern encryption protocols. This significantly impacts the security posture of the website. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Contact information is complete and transparent, enhancing business credibility. Overall, the website is trustworthy and professional but requires urgent security improvements to protect user data and maintain trust.

B

Base-IT GmbH

baseit.at

22

Base-IT GmbH is an Austrian IT service provider specializing in consulting, planning, installation, and maintenance of IT systems, with a strong focus on cybersecurity and managed services for small and medium enterprises (KMU). The company holds recognized ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications, underscoring its commitment to information security and data privacy. Their market position is supported by a portfolio of diverse IT services and a visible client base, including references and social media presence. Technically, the website is built on a SilverStripe CMS platform with modern JavaScript libraries such as jQuery, MDBootstrap, Owl Carousel, and Swiper. The hosting appears to be provided by Hetzner. While the site is mobile-optimized and well-structured with good SEO practices, performance data is lacking, and accessibility is basic. The site uses a cookie consent mechanism compliant with GDPR and integrates Google Analytics for performance and user tracking. From a security perspective, the absence of HTTPS and a valid SSL/TLS certificate is a critical vulnerability, severely impacting the overall security posture. Other security best practices such as HSTS, OCSP stapling, and security headers are missing. The company demonstrates good security governance through certifications but lacks visible incident response or vulnerability disclosure policies on the website. Overall, the website is professional and content-rich but requires urgent security improvements to enable HTTPS and enhance security headers. Strategic recommendations include implementing SSL/TLS, publishing incident response policies, and enhancing security controls to improve trust and compliance.

KPMG Austria GmbH operates a comprehensive and professionally designed website representing its global network of audit, tax, advisory, and legal services. The website targets clients and potential clients primarily in Austria and German-speaking regions, offering detailed insights into their services, industries, and career opportunities. The technical infrastructure leverages Adobe Experience Manager CMS, modern JavaScript frameworks like Vue.js and React, and integrates marketing and analytics tools such as Adobe Analytics, Demandbase, Gigya, and OneTrust for privacy compliance. Despite a strong content and business presence, the website suffers from critical security shortcomings, notably an invalid SSL certificate and lack of TLS protocol support, which significantly impacts its security posture. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

A

AT&S Austria Technologie & Systemtechnik AG

ats.net

33

AT&S Austria Technologie & Systemtechnik AG is a globally recognized leader in high-end printed circuit boards and IC substrates, serving key industries such as aerospace, automotive, communication, and medical technology. The company demonstrates a strong market position with a comprehensive digital presence, including investor relations, career opportunities, and sustainability initiatives. Technically, the website is built on WordPress with modern tools and plugins, offering good SEO and accessibility, though performance is moderate. Security posture is weakened by the absence of a valid SSL/TLS certificate and disabled TLS protocols, which poses significant risks. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business is credible and trustworthy, but urgent improvements in SSL/TLS configuration are recommended to enhance security and user trust.

S

Software Daten Service Gesellschaft m.b.H.

sds.at

40

Software Daten Service Gesellschaft m.b.H. (SDS) is a medium-sized Austrian company specializing in software and services for the international financial industry, with additional focus on telecommunications and digital entertainment sectors. The company offers a comprehensive portfolio including securities processing, regulatory reporting, compliance, consulting, managed services, and professional testing. SDS benefits from a strong market position supported by its 50 years of history and affiliation with the Deutsche Telekom Group. The website reflects a professional and consistent brand image targeting financial institutions and related industries globally. Technically, the site is built on WordPress with modern plugins and SEO optimizations, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and lack of HTTPS support. Security headers are present but insufficient to compensate for the missing encryption. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Contact information is clearly provided, enhancing business credibility. Overall, the site is content-rich and professionally maintained but urgently requires SSL/TLS remediation to improve security posture and trust.

F

feibra GmbH

feibra.at

40

feibra GmbH is a well-established Austrian company specializing in direct marketing and mailing services, including unaddressed and addressed mailings, campaign planning, and geomarketing. The company benefits from over 60 years of experience and is a subsidiary of the Österreichische Post Aktiengesellschaft, positioning it strongly in the Austrian media and marketing sector. The website targets businesses and marketing professionals seeking effective direct marketing solutions across Austria. Technically, the website is built on WordPress with a modern plugin ecosystem and SEO optimization, but lacks a valid SSL certificate, which is a critical security gap. The security posture is basic with some security headers present but no active TLS protocols or certificate transparency compliance. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms in place. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

The domain hexa.at currently serves as a simple redirect to an external corporate website (nagarro.com). There is no substantive content on the landing page, no privacy or cookie policies, and no contact information provided. The technical infrastructure is minimal, running on an Apache server without HTTPS enabled, which presents significant security risks. DNS and mail configurations indicate use of Microsoft Outlook protection services, and the domain is registered via a reputable Austrian registrar. However, the lack of SSL/TLS and security headers severely impacts the security posture. Overall, the site functions only as a redirect with no direct business presence or user engagement on this domain.

B

Broken Rules

brokenrul.es

35

Broken Rules is an independent game development studio established in 2009, specializing in designing, developing, and publishing original digital games. The website showcases multiple award-winning titles, targeting gamers and digital entertainment audiences. The business model focuses on creative game production and distribution across multiple platforms including Apple Arcade, Nintendo Switch, Steam, and itch.io. The company maintains a consistent and professional brand presence with high-quality content and clear navigation. Technically, the website is hosted on an Apache server with basic HTML5 and CSS3 technologies. However, it lacks modern security implementations such as HTTPS, HSTS, and security headers, which significantly impacts its security posture. Performance data is unavailable, but the site appears to have basic mobile optimization and accessibility features. SEO is reasonably well implemented with proper meta tags and Open Graph data. From a security perspective, the absence of SSL/TLS encryption is a critical vulnerability, exposing users to potential data interception risks. No security policies, incident response contacts, or vulnerability disclosure mechanisms are publicly available, indicating a low maturity in security governance. The DNS configuration lacks DNSSEC and CAA records, further reducing domain security assurance. Overall, the website is functional and professional in content and design but requires urgent security improvements to protect users and enhance trust. Strategic recommendations include enabling HTTPS, implementing security headers, and establishing clear privacy and incident response policies.

Austrian Airlines AG operates a comprehensive and professional airline website targeting global travelers seeking flights and related travel services. The site offers extensive booking options, flight management, and loyalty program integration, reflecting a mature digital presence consistent with a major European airline and Lufthansa Group member. The technical infrastructure leverages modern web technologies including Apache server, Adobe Helix, and Maui Design System, with content delivery optimized via Akamai CDN. However, performance metrics indicate slow loading times, suggesting room for optimization. Security posture reveals critical gaps, notably the absence of a valid SSL certificate and disabled TLS protocols, which significantly undermine user trust and data protection. While security headers and content policies are well implemented, the lack of HTTPS is a major concern. Privacy compliance is strong with a comprehensive privacy policy and GDPR adherence, though cookie consent mechanisms are not clearly detected. Overall, the website is highly professional and credible but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and compliance with modern security standards.

Waagner Biro is a large, established company specializing in bridge systems, stage systems, steel and glass constructions, and bridge services, primarily targeting industrial and infrastructure sectors. The website acts mainly as a portal linking to specialized subsidiaries, reflecting a segmented business model focused on engineering and manufacturing. Technically, the site is basic with minimal content and limited modern web features. It uses Apache server technology but lacks HTTPS, which is a critical security deficiency. The absence of privacy and cookie policies on the main domain, as well as no contact information, reduces user trust and compliance posture. Security posture is weak due to missing SSL/TLS, lack of security headers, and incomplete DNS/email security configurations. Overall, the site is functional but requires significant improvements in security and privacy compliance to meet modern standards.

F

FH Technikum Wien

technikum-wien.at

40

FH Technikum Wien is Austria's only purely technical university of applied sciences, offering a broad and practice-oriented range of study programs. The institution holds a leading market position in Austria's technical education sector, evidenced by its top ranking in the Industriemagazin and multiple certifications including sustainability and quality management awards. The website reflects a mature digital presence built on modern technologies such as Next.js and React, with good SEO, accessibility, and user experience. However, the absence of a valid SSL certificate is a critical security gap that undermines trust and secure communications. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the institution demonstrates strong business credibility and digital maturity but must urgently address its SSL/TLS configuration to improve security posture.

D

Deisl-Beton Ges.m.b.H.

deisl-beton.at

23

Deisl-Beton Ges.m.b.H. is an Austrian company specializing in the manufacturing and distribution of concrete and related construction materials, including transport concrete, aggregates, dry spray concrete, recycling products, and natural stones. The company also provides logistics services such as fleet management and concrete pumps. The website serves as an informational portal for customers and partners, primarily targeting construction professionals and businesses within Austria. The market position appears regional with a focus on quality and service. Technically, the website is built on WordPress 6.1.7, hosted by Futureweb GmbH, and served via Apache. The site uses standard web technologies including jQuery but lacks modern performance optimizations and mobile responsiveness is basic. The absence of HTTPS and a valid SSL certificate is a significant technical and security deficiency, exposing users to risks. No advanced SEO or accessibility features are evident, and performance metrics are missing. From a security perspective, the site lacks HTTPS, HSTS, OCSP stapling, and security headers, which are critical for protecting user data and ensuring trust. No privacy, cookie, or terms of service policies are present, indicating poor compliance with GDPR and related regulations. Contact information is clearly provided, but no incident response or security policy details are available. The domain registration is consistent and legitimate, registered with a reputable Austrian registrar. Overall, the website presents moderate business credibility but suffers from critical security and privacy shortcomings. Strategic improvements in SSL implementation, security headers, and privacy compliance are urgently recommended to enhance trust and protect users. Technical modernization and performance optimization would also benefit user experience and SEO.

HOT Engineering GmbH operates a professional website serving the energy sector, specializing in consultancy, laboratory services, software, and training focused on underground energy storage and oil & gas field development. The company positions itself as a leading provider with a mature domain and a consistent business presence. The technical infrastructure is based on WordPress with common plugins and hosted by Hetzner, but lacks HTTPS, which is a critical security gap. The site includes cookie consent mechanisms and privacy policies compliant with GDPR, reflecting good privacy practices. However, the absence of SSL/TLS encryption significantly impacts the security posture and overall trustworthiness. Strategic improvements in security configuration are essential to protect user data and enhance credibility.

U

USound

usound.com

37

USound is a technology company specializing in MEMS speaker technology designed for integration into advanced audio devices such as TWS earbuds, headphones, AR/VR glasses, audio glasses, and hearing aids. The company positions itself as an innovator in the audio technology market, offering products with superior form factors, low power consumption, and high audio fidelity. Their website provides comprehensive product catalogs, technical documentation, and application insights targeting manufacturers and developers in the wearable and hearable device sectors. Technically, the website is built on WordPress with a modern tech stack including React, jQuery, and various plugins for enhanced user experience. However, the site lacks HTTPS, which is a critical security vulnerability. The security posture is basic with no advanced headers or SSL configuration, but no known vulnerabilities or exposed sensitive data were detected. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent security improvements to enable HTTPS and enhance security headers.

S

SKS365

sks365.com

28

SKS365 is a medium-sized, Italy-based omnichannel sports betting and gaming operator, positioned as a leading player in the Italian market. The company offers a broad range of betting and gaming services including sports betting, virtual sports, and online casino games. The website reflects a professional corporate presence with consistent branding and a focus on compliance and responsible gaming. Technically, the site is built on WordPress and hosted on Microsoft Azure, utilizing common web technologies such as jQuery and Google Tag Manager. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. Privacy compliance is partially addressed with a comprehensive privacy policy, but cookie consent mechanisms are missing. No direct contact information such as emails or phone numbers are visible, which may affect user engagement and trust. Overall, the site is functional but requires significant security improvements to meet modern standards.

G

Gerot Lannach

gl-pharma.at

35

GL Pharma, operating under the legal name Gerot Lannach, is a medium-sized healthcare company based in Austria specializing in the development, production, and marketing of branded pharmaceuticals and generics. The company targets healthcare professionals including doctors, pharmacists, and wholesalers, positioning itself as a reputable provider in both Austrian and international markets. The website reflects a professional digital presence with multilingual support and structured data enhancing SEO and user experience. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security gap that undermines user trust and data protection. The site employs common WordPress technologies and integrates cookie consent mechanisms compliant with GDPR, indicating a reasonable level of privacy awareness. Overall, the business demonstrates solid market positioning but requires urgent improvements in security infrastructure to align with best practices.

M

MCI | Die Unternehmerische Hochschule®

mci.edu

40

The Management Center Innsbruck (MCI) is a well-established entrepreneurial university located in Austria, offering a broad range of academic programs including Bachelor, Master, and Executive Education degrees. The institution emphasizes internationality, academic quality, and practical relevance, serving students, professionals, and corporate partners. The website reflects a strong brand presence with comprehensive content, testimonials from notable figures, and active social media engagement. Technically, the site is built on Joomla CMS with modern frontend technologies but suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which undermines user trust and data security. Security headers are partially implemented, and DNS configurations show some misconfigurations such as malformed CAA records. Privacy compliance is moderate with a clear privacy policy but lacking cookie consent mechanisms. Overall, the site is professional and content-rich but requires urgent security improvements to meet modern standards.

N

Newrest

newrest.eu

38

Newrest is a global leader in multi-sector catering and out-of-home food service solutions, operating in 53 countries with a workforce exceeding 60,000 employees. The company offers a broad range of services including inflight catering, rail catering, remote site management, concessions, and retail services, targeting corporate clients in transportation, energy, and retail sectors. The website is professionally designed, multilingual, and provides comprehensive business and CSR information, reflecting a mature global enterprise. Technically, the site is built on WordPress with modern plugins for SEO, multilingual support, and privacy compliance, but suffers from a critical lack of HTTPS and valid SSL certificates, severely impacting security posture. Privacy compliance is well addressed with clear policies and a consent manager. The security headers are partially implemented, but the absence of TLS protocols and HSTS reduces the site's security effectiveness. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain business credibility.

T

TEST-FUCHS GmbH

test-fuchs.com

40

TEST-FUCHS GmbH is a well-established manufacturing company specializing in test systems and aerospace systems, with a history dating back to 1946. The company has grown into a medium-sized enterprise with a global presence and over 600 employees. Their website reflects a professional corporate identity with clear navigation and relevant business content targeting industrial B2B clients. Technically, the website is built on Drupal CMS with modern JavaScript libraries, but lacks HTTPS security, which is a significant risk. The absence of a valid SSL certificate and modern TLS protocols exposes visitors to potential data interception and undermines trust. Privacy compliance is addressed with a cookie consent mechanism and a basic GDPR-compliant privacy policy. However, no explicit security policies or incident response contacts are published, and no vulnerability disclosure mechanisms are present. Overall, the website is functional and professional but requires urgent security improvements to protect users and enhance credibility.

The domain conversations.at is registered and hosted with a reputable Austrian registrar and DNS provider. However, the website itself is effectively empty, serving only a minimal placeholder with no visible content, metadata, or interactive elements. There is no SSL certificate installed, resulting in no HTTPS support despite the presence of a Strict-Transport-Security header, which is misconfigured. No privacy, cookie, or terms of service policies are present, and no contact or business information is available on the site. The technical infrastructure is minimal, relying on Apache server software but lacking modern web technologies or performance optimizations. Security posture is weak due to the absence of HTTPS and other security headers, though no active vulnerabilities or malware indicators were detected. Overall, the site presents a low trust profile and limited business credibility.

O

Ottakringer Getränke AG

ottakringerkonzern.com

40

Ottakringer Getränke AG is a well-established Austrian family-owned beverage group comprising key subsidiaries such as Ottakringer Brauerei, Vöslauer Mineralwasser, and Del Fabro Kolarik. The company focuses on manufacturing and distributing beer, mineral water, and beverage wholesale products, targeting both B2B and B2C markets primarily in Austria and neighboring countries. The website content is professionally presented in German, emphasizing sustainability and quality. Technically, the site is built on Joomla CMS with common web technologies like jQuery and Bootstrap, and it integrates Google Analytics for user tracking. However, the website suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no functional HTTPS, which significantly impacts its security posture. Security headers are partially implemented, and cookie consent mechanisms are in place, indicating reasonable privacy compliance. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in SSL configuration and security practices to enhance trust and protect user data.

S

sklera KG

sklera.tv

38

Sklera KG operates a technology-focused website likely offering software solutions or digital services, as indicated by the use of Next.js and references to demos and newsletters. The company is based in Austria and has maintained the domain for over 9 years, reflecting a mature business presence. However, the website content is minimal and primarily serves as a contact and demo request portal without detailed business descriptions or extensive content. The technical infrastructure leverages modern frameworks but lacks critical security implementations such as HTTPS, valid SSL certificates, and security headers, which significantly undermine the site's security posture. Additionally, the absence of privacy and cookie policies indicates poor compliance with data protection regulations. Overall, the website presents a basic digital footprint with moderate business credibility but requires urgent security and compliance improvements to enhance trust and protect user data.

B

Bene GmbH

bene.com

26

Bene GmbH is a well-established Austrian manufacturer and international supplier of high-quality office furniture and workspace solutions, with a history dating back to 1790. The company positions itself as a leader in modern office design, combining Austrian quality with innovative and functional products. The website is built on TYPO3 CMS and uses modern web technologies, but lacks a valid SSL certificate, which is a critical security shortfall. The site includes comprehensive content, a contact form with CAPTCHA, and social media integration, but does not implement cookie consent mechanisms or advanced security headers. Overall, the business is credible and well-presented, but the lack of HTTPS significantly impacts the security posture.

F

Frances Belser

francesbelser.com

23

Frances Belser's website serves as a personal artistic portfolio showcasing multimedia content such as videos, music, and exhibitions. The site targets art and culture enthusiasts and functions primarily as a platform to present creative works rather than a commercial business. The technical infrastructure is basic, relying on Apache server and jQuery with Google Fonts integration, hosted by Hostpoint. However, the site lacks HTTPS encryption, which is a significant security concern. No privacy or cookie policies are present, and no contact information is provided, limiting user trust and compliance with data protection regulations. The security posture is weak due to the absence of SSL/TLS and security headers, exposing visitors to potential risks. Overall, the website is functional for content display but requires substantial improvements in security and privacy compliance to enhance trustworthiness and protect users.

RA Manuel Metz operates a small legal practice based in Germany, providing professional legal services with a focus on client engagement, reliability, and expertise. The website presents clear contact information and a straightforward description of services aimed at individuals seeking legal counsel. The business is positioned as a local/regional legal service provider with a simple, content-focused web presence. Technically, the website is built on a basic Apache server with static HTML and CSS, lacking modern CMS or frameworks. Performance data is minimal, indicating slow loading or unmeasured performance. The site is not optimized for mobile or accessibility beyond basic levels and lacks advanced SEO features. From a security perspective, the website does not implement HTTPS, exposing visitors to risks. There are no advanced security headers or mechanisms such as HSTS or CSP. Privacy compliance is minimal, with a basic privacy policy present but no cookie consent or GDPR compliance indicators. No incident response or security policy information is available, indicating a low security maturity level. Overall, the website is functional but has critical security shortcomings that reduce trustworthiness and user safety. Strategic improvements in SSL implementation, security headers, and privacy compliance are recommended to enhance the site's professionalism and protect users.

P

Pinzgau Webdesign

pinzgauwebdesign.at

25

Pinzgau Webdesign is a small, locally focused WordPress web design agency based in Zell am See, Austria, operated by Martin Pletzenauer since 2013. The company offers custom WordPress website development and related services primarily targeting small to medium businesses in the Pinzgau region. The website presents a professional design with clear contact information and client references, supporting its local market position. Technically, the site is built on WordPress using the Salient theme and WPBakery Page Builder, with common plugins such as Contact Form 7. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security gap. Security headers are present but cannot compensate for the missing HTTPS, exposing visitors to potential risks. Privacy compliance is addressed with a GDPR-compliant privacy policy and cookie consent mechanism. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

J

Johannes Kepler Universität Linz

jku.at

36

Johannes Kepler Universität Linz operates as a large public university in Austria, offering a wide range of academic programs including Bachelor, Master, Diplom, and doctoral studies. The institution serves students, researchers, and alumni with comprehensive educational and research services, supported by a well-structured and professionally designed website. The university maintains a strong market position as the largest university in Upper Austria with extensive campus services and international programs. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates analytics and marketing tools such as Google Tag Manager and Matomo. However, the absence of a valid SSL/TLS certificate is a critical security gap, exposing users to risks and lowering the overall security posture. Privacy and cookie policies are well implemented with explicit consent mechanisms, reflecting good GDPR compliance. Overall, the website is trustworthy and professional but requires urgent security improvements to enable HTTPS and strengthen its security framework.

A

A&N GesbR

an-gesbr.com

34

A&N GesbR is a small partnership business based in Linz, Austria, represented by Philipp Asanger and Manuel Nobis. The website serves primarily as an informational portal with links to partner sites and basic company details including a physical address and VAT number. The business appears to operate in a retail or tools-related sector, though no explicit service descriptions are provided. Technically, the website is built on WordPress using Elementor and common web technologies such as jQuery and Bootstrap. However, the site lacks HTTPS, which is a critical security deficiency. No privacy or cookie policies are present, and no contact emails or phone numbers are provided, limiting user engagement and compliance with data protection regulations. The overall security posture is weak, with no advanced security headers or protections implemented. Performance data is missing, but the site likely suffers from slow loading due to lack of optimization. The domain registration data aligns well with the website content and business location, indicating legitimacy. Strategic improvements in security, privacy compliance, and contact transparency are recommended to enhance trust and professionalism.

E

Erste Asset Management

erste-am.com

40

Erste Asset Management operates as an international asset management company serving both institutional and private investors, primarily based in Austria. The website presents a professional and well-structured digital presence targeting these investor groups with clear navigation and relevant content. Technically, the site leverages a modular GEM framework hosted on AWS CloudFront CDN, ensuring scalability and modern web practices. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, despite the presence of several security headers and a strict DMARC policy. Privacy compliance is well addressed with clear privacy and cookie policies, and GDPR adherence is evident. Overall, while the business credibility and content quality are strong, the critical lack of HTTPS is a major risk that needs immediate remediation.

Ö

Österreichische Gesundheitskasse

sgkk.at

40

The Österreichische Gesundheitskasse (ÖGK) operates as a major public healthcare insurance provider in Austria, offering a broad range of health-related services to insured individuals, employers, and partners. The website serves as an information and service portal, providing access to appointment scheduling, customer service, health information, and career opportunities. The target audience primarily includes Austrian residents and healthcare stakeholders. The organization holds a strong market position as a government-affiliated entity with consistent branding and trust indicators such as official social media presence and comprehensive privacy policies. Technically, the website is built on a custom CMS likely based on Gentics Content Server, utilizing Jakarta Faces (JSF) framework and jQuery 3.6.0. It integrates Piwik PRO for analytics and employs a detailed Content Security Policy. However, the site currently lacks a valid SSL certificate and does not support HTTPS, which significantly impacts its security posture. Performance data is limited but suggests slower load times. Accessibility and SEO optimizations are well implemented. From a security perspective, the absence of HTTPS and modern TLS protocols is a critical vulnerability. While security headers like CSP and HSTS are present, the lack of a valid certificate and secure transport reduces overall security. No explicit incident response or vulnerability disclosure mechanisms are found. Privacy compliance is strong, with clear cookie consent and privacy policies aligned with GDPR. Overall, the website is professional and trustworthy in content and business credibility but requires urgent improvements in SSL/TLS implementation to enhance security and user trust. Strategic recommendations include immediate SSL certificate deployment, enabling modern TLS protocols, and enhancing security header configurations to protect user data and comply with best practices.

U

United Nations Office on Drugs and Crime

unodc.org

40

The United Nations Office on Drugs and Crime (UNODC) operates as a key intergovernmental agency focused on combating illicit drugs, crime, corruption, and terrorism globally. It provides extensive research, policy guidance, and technical assistance to member states and partners, positioning itself as a leading authority in its domain. The website reflects a mature, well-branded digital presence with comprehensive content and multi-language support targeting governments, NGOs, researchers, and the public. Technically, the site uses a modern tech stack including Apache, AngularJS, Bootstrap, and Google Tag Manager, hosted on UN Vienna infrastructure. While the site is moderately performant and mobile-optimized, it lacks a valid SSL certificate and modern TLS support, which critically undermines its security posture. Security headers are well implemented, but the absence of HTTPS and session security features are significant vulnerabilities. From a security perspective, the site demonstrates good header policies but fails to provide encrypted transport, OCSP stapling, or session resumption. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite tracking scripts. Business credibility is high given the official UN affiliation and consistent WHOIS data. Overall, the site is authoritative and professional but requires urgent security improvements, especially SSL deployment, to ensure trust and compliance. Strategic recommendations include obtaining valid HTTPS certificates, enabling modern TLS protocols, implementing cookie consent, and enhancing incident response visibility.

Haimer GmbH is a well-established German manufacturing company specializing in precision tool holding products and related services for the machining industry. With over 23 years of domain presence and a global workforce exceeding 800 employees, Haimer offers comprehensive solutions including tool management, calibration, and training. The website reflects a mature digital presence with extensive product catalogs, service offerings, and customer engagement channels. Technically, the site uses modern technologies such as Pimcore CMS, Google Analytics, and Cookiebot for consent management, ensuring a good user experience and compliance with privacy regulations. However, the absence of a valid SSL/TLS certificate significantly impacts the security posture, exposing users to risks and limiting trust. Security headers are properly configured, but the lack of HTTPS is a critical issue. Overall, the business credibility and privacy compliance are strong, but immediate remediation of SSL issues is recommended to enhance security and user trust.

C

Continental AG

continental-corporation.com

40

Continental AG is a well-established multinational technology and manufacturing company specializing in sustainable and connected mobility solutions. Founded in 1871 and headquartered in Germany, the company offers a broad portfolio including automotive technologies, tires, and ContiTech products. The website reflects a mature digital presence with comprehensive corporate, investor, and sustainability information targeting investors, job seekers, and business partners. Technically, the site is built on TYPO3 CMS and hosted likely on AWS infrastructure, with modern JavaScript and CSS usage. However, a critical security weakness is the lack of a valid SSL certificate and disabled TLS protocols, which severely impacts the security posture. Security headers are mostly present but some, like X-XSS-Protection, are disabled. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but urgently needs to address HTTPS and SSL issues to ensure secure user interactions.