Security Directory

W

Wiener Messe und Congress GmbH

messe.at

27

Wiener Messe und Congress GmbH operates the VIECON – Vienna Congress & Convention Center, a leading event venue in Vienna offering flexible spaces for congresses, exhibitions, and corporate events. The website presents a professional image with comprehensive information about the venue, services, and sustainability initiatives. Technically, the site is built on WordPress with modern plugins and SEO optimizations, but lacks a valid SSL certificate, resulting in an insecure HTTP-only connection. Security headers are present but insufficient without HTTPS. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is credible and well-structured but requires urgent SSL implementation to improve security and trust.

B

Baschnegger Ammann Partner

bap.cc

25

Baschnegger Ammann Partner is a well-established creative agency based in Dornbirn, Austria, specializing in branding, design, communication, and digital marketing services. With over 40 years of experience, the agency targets small to large companies primarily in the Bodensee region and surrounding economic areas. Their market position is strong within western Austria, supported by a professional website showcasing client references and a consistent brand image. Technically, the website is built on WordPress with a modern tech stack including PHP 8.4.8 and various JavaScript libraries, optimized for mobile and SEO. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. The site implements GDPR-compliant cookie consent mechanisms and uses reputable analytics and marketing tools such as Google Analytics and HubSpot. Overall, the business demonstrates high professionalism and trustworthiness but must address its SSL deficiency to improve security posture and user trust.

Seven Refractories operates as a niche industrial supplier specializing in refractory materials for high temperature and aggressive industrial environments such as steel, iron, and cement production. The website currently serves as a placeholder indicating a forthcoming revised site, with minimal content and no direct contact or policy information. The technical infrastructure is based on WordPress with common plugins and hosted behind Cloudflare, but lacks a valid SSL certificate, which severely impacts security posture. Security headers and best practices are largely absent, exposing the site to potential risks. The absence of privacy and cookie policies, as well as contact details, further reduces trust and compliance standing. Overall, the site is in an early or transitional stage of digital maturity and requires significant improvements in security, content, and compliance to meet industry standards.

H

Huppenkothen GmbH

huppenkothen.at

35

Huppenkothen GmbH operates a professional website focused on the sale and rental of mini and compact construction machinery, serving primarily the Austrian construction sector. The company maintains a strong market position with 42 locations and a large inventory of machines and spare parts. The website is well-designed, content-rich, and optimized for SEO and accessibility, targeting construction professionals and businesses. Technically, the site is built on WordPress with modern plugins and frameworks, but lacks HTTPS, which is a critical security vulnerability. Privacy and cookie policies are present and GDPR compliant, reflecting good privacy practices. Overall, the site demonstrates a mature digital presence but requires urgent security improvements to protect user data and trust.

S

Speed U Up GmbH

speed-u-up.at

24

Speed U Up GmbH is a specialized digital marketing agency focused on Alpine tourism, offering a broad range of services including content marketing, social media campaigns, voice platform development, and digital transformation consulting. The company operates across Austria, Switzerland, and Germany with a medium-sized team and a strong regional presence. Technically, the website is built on WordPress with modern plugins and technologies, but suffers from critical security shortcomings such as the absence of a valid SSL certificate and HTTPS, which significantly impacts its security posture. The privacy policy and terms of service are comprehensive and GDPR compliant, reflecting a mature approach to data protection. Overall, the business is credible and professional, but the lack of HTTPS is a major risk that should be addressed immediately.

T

TicketLens GmbH

ulmon.com

37

TicketLens GmbH operates a travel-focused media and ticket comparison platform primarily targeting travelers seeking tickets, tours, and activities worldwide. The website provides travel app reviews and curated travel content to support its audience. The business model centers on affiliate marketing and price comparison, positioning TicketLens as a niche player in the travel media sector. Technically, the site is built on WordPress with common SEO and performance plugins, hosted on WP Engine, and uses privacy-conscious analytics via Plausible. However, the absence of a valid SSL certificate and HTTPS support represents a critical security gap, exposing users to potential risks. Privacy compliance is basic, with privacy and terms pages present but lacking explicit GDPR compliance indicators or cookie consent mechanisms. Contact information is limited to email and social media, with no phone or physical address provided. Overall, the website is functional and content-rich but requires urgent security improvements to protect user data and enhance trust.

V

VCC USA

vccusa.com

20

VCC USA is a well-established general contractor and construction management company operating nationally in the United States. With a mature domain and over 38 years of industry experience, VCC offers a broad range of construction services across multiple sectors including hospitality, healthcare, retail, multifamily, and institutional projects. The website reflects a professional and comprehensive business presence with strong branding and clear service offerings. Technically, the site is built on WordPress with common plugins and libraries, but suffers from a critical lack of HTTPS/SSL, which severely impacts its security posture. The absence of modern TLS protocols and security headers further weakens its defense against common web threats. Privacy compliance is addressed with a privacy policy and cookie consent mechanism, though terms of service and incident response policies are not evident. Social media integration and an ethics hotline demonstrate a commitment to transparency and ethical business practices. Overall, while the business credibility and content quality are high, the security deficiencies present a significant risk that should be remediated promptly.

M

MCI Group

mci-group.com

40

MCI Group is a well-established global marketing communications collective with over 35 years of experience, operating across 62 offices worldwide. The company offers a broad range of services including engagement and events, strategic communications, social media content, creative technology, data research, and community management. Their target audience includes brands and organizations seeking to enhance influence and impact through strategic marketing and communications. Technically, the website is built on WordPress with modern plugins like Yoast SEO and video.js, hosted on Microsoft Azure. However, performance data is missing, and the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. Privacy and cookie policies are present and indicate GDPR compliance, but no direct contact emails or phone numbers are published, relying instead on a contact form. Security posture is weak due to missing HTTPS and security headers, though no known vulnerabilities or malware are detected. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

S

Schiebel

schiebel.net

27

Schiebel is a mature, internationally recognized company specializing in the development and production of unmanned air systems and mine detection equipment, founded in 1951 and headquartered in Austria. Their product portfolio includes the CAMCOPTER® S-100 UAS and advanced mine detection systems, supported by a composite technology division. The company maintains multiple global offices and emphasizes quality certifications such as ISO 9001 and AS/EN 9100. Technically, the website is built on WordPress with common plugins and scripts, offering good content quality and SEO optimization. However, the absence of HTTPS and SSL/TLS encryption is a critical security vulnerability, severely impacting the site's security posture. While security headers are implemented, the lack of encryption exposes users and data to risks. Privacy compliance is well addressed with cookie consent and GDPR-aligned policies. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the business. Strategic improvements in security infrastructure are urgently recommended to protect the company's digital presence and customer trust.

F

Film Independent

filmindependent.org

39

Film Independent is a well-established non-profit arts organization dedicated to championing independent filmmakers. The website serves as a comprehensive platform offering information on events, awards, educational programs, and resources tailored to filmmakers and the arts community. The organization has a mature online presence with a domain age of 20 years, reflecting its longstanding role in the independent film sector. The site targets independent filmmakers and film enthusiasts, providing memberships, donations, and community engagement opportunities.

W

Wien Energie GmbH

wienenergie.at

39

Wien Energie GmbH is the largest regional energy supplier in Austria, serving approximately two million people and 230,000 commercial and industrial customers in and around Vienna. The company offers a broad range of energy-related services including electricity, natural gas, district heating, e-mobility, telecommunications, and energy consulting. It operates under the Wiener Stadtwerke Group, reflecting a strong market position and extensive service portfolio. The website is professionally designed with comprehensive content targeting both private and business customers, supported by active social media engagement and clear navigation.

D

DaoPay GmbH

daopay.com

40

DaoPay GmbH is a licensed Austrian payment service provider offering a broad range of secure and simple payment solutions for online merchants globally. The company supports over 80 payment methods including major credit cards, PayPal, SEPA, and direct carrier billing, positioning itself as a comprehensive payment gateway and merchant account provider. Their target audience includes online businesses seeking to expand payment options and increase customer convenience. The website is professionally designed with clear navigation and relevant content, supporting a medium-sized enterprise profile in the finance and technology sectors. Technically, the website is built on WordPress with modern plugins and frameworks such as Bootstrap and Visual Composer, indicating a mature digital infrastructure. However, performance is slow and accessibility is basic. The site is mobile optimized and SEO is well implemented. Security posture is weak due to the absence of a valid SSL certificate and outdated TLS protocols, which poses significant risks for a payment service provider. Privacy and cookie policies are comprehensive and GDPR compliant, with explicit consent mechanisms in place. The WHOIS data confirms the legitimacy and consistency of the domain registration with the business claims. Social media presence and contact information are comprehensive, enhancing business credibility. Strategic recommendations include immediate remediation of SSL/TLS issues, enabling modern security protocols, and enhancing DNS security configurations to improve trust and compliance.

RHI Magnesita is a global leader in the refractory industry, providing high-grade refractory products, systems, and services primarily for steel, cement, glass, and non-ferrous metals industries. The company emphasizes sustainability and innovation, targeting industrial clients worldwide. The website reflects a mature digital presence with comprehensive content, structured data, and multi-language support. Technically, the site is built on WordPress with modern plugins and libraries, but suffers from critical security shortcomings due to an invalid SSL certificate and lack of HTTPS enforcement. Security headers are present but insufficient without proper TLS. Privacy compliance is well addressed with Cookiebot consent management and a detailed privacy policy. Overall, the site is professional and trustworthy but requires urgent SSL remediation to improve security posture and user trust.

voestalpine BÖHLER Edelstahl GmbH & Co KG is a leading manufacturer of special high-performance steels serving advanced industrial sectors including aerospace, automotive, and oil & gas. The company operates a state-of-the-art steel plant with a focus on innovation, quality, and environmental standards. The website reflects a mature digital presence with multilingual support, detailed product and application information, and strong branding aligned with its parent company voestalpine AG. Technically, the site is built on WordPress with modern plugins for SEO, multilingual content, and user interaction. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

A

Agentur XY GmbH

xy.de

21

Agentur XY GmbH is a creative agency and production house based in Berlin, Germany, founded in 2018. The company specializes in delivering bold advertising campaigns and production services for global brands, including notable clients such as Netflix, Stepstone, and Playmobil. The website reflects a professional and consistent brand image with rich multimedia content and active social media presence. Technically, the site is built on WordPress with modern libraries and SEO optimizations, but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are partially implemented, but the absence of TLS protocols and domain security features like DNSSEC and DMARC reduce the overall security posture. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or detailed GDPR compliance indicators. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

E

Ethical Workforce

ethicalworkforce.co.uk

33

Ethical Workforce is a specialist hospitality recruitment agency based in London, offering permanent and temporary staffing solutions with an international reach. The company targets both employers seeking hospitality staff and jobseekers looking for roles in the hospitality sector. Their website presents a professional image with clear service offerings and client testimonials from notable hospitality figures, positioning them as a trusted niche player in the recruitment market. Technically, the website is built on WordPress using PHP 7.4 and Apache, with common plugins such as Yoast SEO and WPBakery Page Builder. Google Tag Manager is used for analytics and marketing tracking. The site is mobile optimized and SEO friendly, but lacks performance metrics data. The hosting provider is not explicitly identified but uses hdodns.com nameservers. From a security perspective, the site has critical weaknesses: it does not have an SSL/TLS certificate installed, serving content over HTTP only, which severely impacts user trust and data security. No modern TLS protocols or security headers are present. Cookie consent is implemented, but no privacy policy or terms of service pages were found, indicating compliance gaps. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and professional but requires urgent security improvements, especially implementing HTTPS and enhancing privacy compliance. Strategic recommendations include obtaining a valid SSL certificate, adding comprehensive privacy and terms pages, and improving security headers to protect users and build trust.

H

Hypo Tirol Bank AG

hypotirol.com

40

Hypo Tirol Bank AG operates as a digital regional bank in Austria, primarily serving private and corporate clients in Tirol and Vienna. The website presents a comprehensive portfolio of banking products including accounts, cards, savings, investments, loans, and insurance services. The bank emphasizes personal service combined with digital convenience, targeting a broad customer base from individuals to public institutions. The site is professionally designed with clear navigation and localized German content, reflecting a mature digital presence. Technically, the site is built on WordPress with modern plugins and integrates marketing and tracking tools such as Google Tag Manager and Adrom.net. However, the website currently lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical security vulnerability. Other security best practices such as security headers and HSTS are also missing. Privacy compliance is well addressed with a comprehensive privacy and cookie policy and an active consent mechanism. Overall, while the business and content aspects are strong, the security posture requires urgent improvement to protect user data and maintain trust.

O

Oper Graz

oper-graz.com

37

Oper Graz is a well-established cultural institution based in Austria, specializing in opera, ballet, concerts, and related performing arts. The website serves as a portal for event information, ticket sales, and community engagement, targeting a broad audience including families, youth, and cultural enthusiasts. The business model revolves around live event performances and ticketing services, supported by partnerships with regional theater organizations. Technically, the site is built on WordPress with a multilingual setup and uses common plugins for SEO, forms, and interactive content. However, the absence of a valid SSL certificate and HTTPS severely impacts the site's security posture. While the site demonstrates good content quality, accessibility, and SEO practices, the lack of modern security protocols and headers exposes it to risks. Privacy compliance is addressed with clear policies and cookie consent mechanisms. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

T

TheAngryTeddy Communications

theangryteddy.com

22

TheAngryTeddy Communications is a specialized marketing and podcast production company based in Linz, Austria, serving self-employed professionals and SMEs. The company offers strategic content marketing, podcast production, social selling systems, and coaching services, positioning itself as a trusted partner with over a decade of experience. The website is professionally designed, content-rich, and well-structured, targeting German-speaking audiences with a focus on authentic and mindful marketing approaches. Technically, the site runs on WordPress with the Divi theme and employs multiple marketing and analytics tools, including Google Analytics, Facebook Pixel, and LinkedIn Insight. However, the absence of a valid SSL certificate and HTTPS significantly impacts the security posture, exposing users to risks and reducing trust. Privacy compliance is well addressed with comprehensive policies and consent mechanisms via iubenda. Overall, the business demonstrates strong credibility and market positioning but must urgently address security gaps to protect users and improve trust.

Selbst-Bestimmt.net is a small German-based organization specializing in personal development seminars and workshops, including Heldenreise®, Family Circles, and Gestalt therapy. The website presents a clear business model focused on organizing and delivering these seminars, targeting individuals interested in self-development. Technically, the site runs on WordPress with common plugins such as Yoast SEO and Contact Form 7, hosted on a provider associated with kasserver.com. However, the site lacks HTTPS support, which is a critical security deficiency. Security posture is weak due to the absence of SSL/TLS encryption and missing security headers. Privacy compliance is also lacking, with no visible privacy or cookie policies. Overall, the website is functional and content-rich but requires urgent improvements in security and compliance to protect users and build trust.

S

seso media group gmbh

seso.at

28

SESO media group gmbh is a well-established Austrian digital agency specializing in consulting, creative services, and digital development. The company targets businesses seeking to enhance their digital presence and user experience, positioning itself as a partner for digital transformation in the Economy of Experiences. Their client portfolio includes notable brands such as A1 Telekom Austria, Jägermeister, Red Bull, and AbbVie, indicating a strong market presence in Austria and Switzerland. The website content is professionally crafted, with clear messaging and consistent branding that supports their market positioning. Technically, the website is built on WordPress with a modern frontend stack including Bootstrap, jQuery, GSAP, and AOS for animations. The site is mobile-optimized and SEO-friendly, leveraging Yoast SEO plugin and structured data for enhanced search visibility. Hosting appears to be managed via GlobeDom DNS services, and email protection is handled through Microsoft Outlook's mail protection services. However, performance metrics are unavailable, and accessibility is basic but functional. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical vulnerability. Although several security headers are implemented, the absence of HTTPS severely undermines the overall security posture. No vulnerability disclosure or incident response policies are publicly available. Privacy and cookie policies are present and appear GDPR compliant, with a consent mechanism implemented. Contact information is comprehensive, including email, phone, physical address, and a detailed contact form. Overall, while SESO demonstrates strong business credibility and digital maturity, the lack of HTTPS is a significant risk that must be addressed immediately to protect user data and maintain trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, and enhancing security configurations. The website otherwise reflects a professional and trustworthy digital agency with a solid market position.

U

Universität Klagenfurt

aau.at

37

Universität Klagenfurt is a large, well-established public university in Austria, serving as the largest academic institution in Carinthia. The website provides comprehensive information about academic programs, research initiatives, student services, and international collaborations. It targets a broad audience including prospective students, current students, researchers, staff, and alumni. The digital infrastructure is based on WordPress with a modern theme and multiple plugins supporting SEO, events, and accessibility. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical security vulnerability. Privacy and cookie policies are well implemented with user consent mechanisms, and the university demonstrates strong business credibility through multiple certifications and accreditations. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and ensure trust.

A

Atempo

atempo.com

40

Atempo is a mature technology company founded in 1997 specializing in data management solutions for mid-sized and corporate organizations globally. Their offerings include data protection, migration, archiving, and endpoint/server protection, targeting industries such as banking, life sciences, research, and media. The website is built on WordPress with modern plugins and technologies, hosted on OVHcloud, but lacks HTTPS which is a critical security gap. Privacy and cookie policies are comprehensive and GDPR compliant with active consent management. The security posture is weak due to missing SSL/TLS and security headers, exposing users to risks. Business credibility is supported by customer testimonials, case studies, and active social media presence. Overall, the site is professional and content-rich but requires urgent security improvements.

A

Applied Chemicals International AG

acat.com

30

Applied Chemicals International AG operates as a medium-sized international chemical supplier specializing in innovative chemical products and technologies for wastewater treatment, paper production, and specialty industrial chemicals. The company maintains multiple offices across Europe and Africa, serving industrial clients with a B2B business model. Their website is professionally designed, multilingual, and optimized for SEO, reflecting a mature digital presence. However, the absence of a valid SSL certificate and HTTPS support significantly undermines their security posture. While security headers and content security policies are implemented, they are weakened by permissive settings and lack of modern TLS protocols. Privacy compliance is addressed with clear privacy and cookie policies, and contact information is readily available. Overall, the company presents a credible business front but must urgently address critical security gaps to protect user data and maintain trust.

C

Choctaw Casinos & Resort

choctawcasinos.com

37

Choctaw Casinos & Resort operates a network of casino and resort properties primarily in Oklahoma, offering gaming, hospitality, live entertainment, dining, and rewards programs. The business is positioned as a regional leader with a strong brand presence and a focus on customer experience. Technically, the website is built on WordPress, hosted on WP Engine, and uses modern web technologies and third-party integrations such as Google Tag Manager and Vimeo. However, the absence of a valid SSL certificate and HTTPS support is a critical security vulnerability that undermines user trust and data protection. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance practices. Overall, the website is professionally designed and content-rich but requires urgent security improvements to meet modern standards.

I

Interlingua Language Services ILS GmbH

interlingua.at

31

Interlingua Language Services ILS GmbH is a professional translation service provider based in Vienna, Austria, offering certified language services in over 90 languages. The company holds ISO certifications (EN ISO 17100 and EN ISO 9001:2015), positioning itself as a reliable and quality-focused player in the language services market. Their website is content-rich, professionally designed, and targets both business and private customers seeking translation, localization, and related services. Technically, the website is built on WordPress with modern plugins and multilingual support, but suffers from a critical lack of a valid SSL certificate, which undermines its security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. Overall, the business demonstrates strong credibility through certifications, testimonials, and clear contact information.

Ö

ÖAR GmbH

oear.at

24

ÖAR GmbH is a consulting company specializing in regional development, organizational cooperation, and evaluation services primarily targeting organizations, communities, and regions. The company positions itself as a professional and experienced niche player with international reach, supported by a well-structured and content-rich website. Technically, the site is built on WordPress with common plugins and libraries, but suffers from a lack of HTTPS and valid SSL certificate, which significantly impacts its security posture. Privacy and legal compliance are well addressed with clear policies and contact information. Overall, the website is professional and trustworthy but requires urgent improvements in security to protect user data and enhance trust.

T

TTX

ttx.com

40

TTX is a well-established transportation company specializing in railcar pooling and maintenance services across North America. Founded in 1955, it operates a large fleet and extensive maintenance network, serving the rail industry with innovative logistics solutions. The website reflects a mature business with comprehensive service offerings and a clear market position. Technically, the site is built on WordPress with modern libraries and integrates Google Maps and analytics, but suffers from an invalid SSL certificate and lack of HTTPS enforcement, which impacts security posture. Security headers are present, but critical SSL/TLS configurations are missing, exposing the site to potential risks. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professional and trustworthy but requires urgent SSL and security improvements to meet modern standards.

S

Software Daten Service Gesellschaft m.b.H.

sds.at

40

Software Daten Service Gesellschaft m.b.H. (SDS) is a medium-sized Austrian company specializing in software and services for the international financial industry, with additional focus on telecommunications and digital entertainment sectors. The company offers a comprehensive portfolio including securities processing, regulatory reporting, compliance, consulting, managed services, and professional testing. SDS benefits from a strong market position supported by its 50 years of history and affiliation with the Deutsche Telekom Group. The website reflects a professional and consistent brand image targeting financial institutions and related industries globally. Technically, the site is built on WordPress with modern plugins and SEO optimizations, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and lack of HTTPS support. Security headers are present but insufficient to compensate for the missing encryption. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Contact information is clearly provided, enhancing business credibility. Overall, the site is content-rich and professionally maintained but urgently requires SSL/TLS remediation to improve security posture and trust.

R

Regionalmedien Austria AG

regionalmedien.at

32

Regionalmedien Austria AG is a leading Austrian regional media company with a broad portfolio of digital and print products, including well-known brands such as MeinBezirk.at and BezirksBlätter. The company focuses on local and regional news coverage, serving communities across all Austrian states. Their business model centers on media publishing and advertising services, positioning themselves as innovation drivers in the regional media market. The website reflects a mature digital presence with professional design, structured data, and comprehensive content tailored to their target audience of regional readers and businesses. Technically, the site is built on WordPress with modern plugins like Yoast SEO and Cookiebot, but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Security posture is basic with no advanced headers or incident response information. Privacy compliance is good, with clear privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and professional but requires urgent security improvements to meet modern standards.

S

SHT Haustechnik GmbH

sht-gruppe.at

35

SHT Haustechnik GmbH is a leading Austrian wholesaler specializing in sanitary, heating, installation, and electrical products, serving primarily professional installers and industry partners. The company operates a comprehensive digital presence including a WordPress-based website, an online shop (sht.at), and regional offices across Austria, positioning itself as the market leader in the haustechnik sector. The website content is well-structured, professionally designed, and includes customer testimonials and partner logos, reinforcing trust and credibility. Technically, the site uses a modern WordPress stack with PHP 8.1 and React components, but lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. Privacy compliance is addressed with a cookie consent mechanism and clear privacy and terms of service pages. However, the absence of HTTPS and security headers significantly undermines the security posture. Strategic recommendations include immediate SSL deployment, enabling modern TLS protocols, and enhancing security headers and policies to protect user data and improve trust.

D

delfortgroup AG

delfortgroup.com

40

delfortgroup AG is a mature, enterprise-level global manufacturer specializing in specialty and functional papers, serving industries such as packaging, tobacco, battery separators, and more. The company emphasizes sustainability and innovation, supported by a comprehensive digital presence including detailed product catalogs, sustainability reports, and career opportunities. Technically, the website is built on a modern WordPress CMS with Elementor and Yoast SEO, leveraging various JavaScript libraries and Google Tag Manager for analytics. However, the absence of a valid SSL certificate and lack of HTTPS enforcement represent critical security weaknesses. Security headers are present but insufficient without proper TLS configuration. The domain is well-established with consistent WHOIS data, supporting business legitimacy. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

MOTIONDATA VECTOR Gruppe is a well-established Austrian software and IT solutions provider specializing in Dealer Management Systems and related automotive industry services. With over 40 years of experience and a strong presence in the D-A-CH region and other European markets, the company offers a comprehensive portfolio including cloud-based DMS, sales management tools, web portfolios, mobile apps, and IT infrastructure services. The website reflects a mature digital presence with professional design, multilingual support, and clear navigation. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which undermines user trust and data security. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Social media integration and brand certifications further enhance credibility.

I

Interview Network Solutions GmbH

interviewns.de

21

Interview Network Solutions GmbH operates a professional website offering advanced IT monitoring solutions, primarily through their SharkMon platform and related services. The company targets IT professionals and enterprises seeking comprehensive network traffic analysis, protocol support, and incident management tools. The website is built on WordPress with the Divi theme and includes multiple plugins for SEO, analytics, and cookie consent. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. Cookie consent mechanisms are implemented, but no explicit privacy policy or terms of service pages are found. Contact information is clearly provided, enhancing business credibility. Overall, the site demonstrates good content quality and business professionalism but requires urgent security improvements.

B

BORN

born.lv

40

BORN is a Latvian-based small technology company specializing in full-service website and e-commerce development, UI/UX design, and programming. Established in 2013, it serves a diverse client base including educational institutions, healthcare providers, and municipal organizations. The company presents a professional online presence with a portfolio of completed projects and active social media channels. Technically, the website is built on WordPress with modern JavaScript libraries and optimized for mobile devices, though performance is moderate with a page load time near 5 seconds. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, which is a critical vulnerability. Privacy compliance is basic with a cookie consent banner and privacy policy present, but no terms of service or security policies are found. Overall, the website is functional and credible but requires urgent security improvements to protect user data and enhance trust.

N

Nelio Software

nelioabtesting.com

40

Nelio Software operates a mature and professionally maintained website offering a native A/B testing and conversion optimization service specifically designed for WordPress users. The company holds a reputable position in the WordPress ecosystem, evidenced by its WordPress VIP Technology Partner status and comprehensive service offerings including heatmaps, popups, and analytics. The website demonstrates excellent content quality, clear navigation, and strong branding consistency, targeting marketers, eCommerce businesses, publishers, and agencies seeking to optimize their WordPress sites. Technically, the site is built on WordPress with modern plugins and integrations such as Yoast SEO, Nelio A/B Testing, and Nelio Popups. Hosting is provided by SiteGround, and the site employs standard web technologies including jQuery and Google Tag Manager. While performance and mobile optimization are good, the SSL certificate is expired, and security best practices like HSTS and DNSSEC are not implemented, which lowers the overall security posture. Security-wise, the site uses HTTPS with TLS 1.3 and 1.2 protocols and shows no signs of known SSL vulnerabilities or exposed sensitive data. However, the expired SSL certificate and lack of domain protection mechanisms present risks that should be addressed promptly. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place, aligning with GDPR requirements. Overall, the website is trustworthy and professional but requires immediate attention to SSL certificate renewal and enhanced domain security measures to maintain its credibility and protect user data. Strategic improvements in security headers and domain protection will further strengthen its security posture and business reputation.

E

efficy

tribecrm.no

59

Tribe CRM, operated by efficy, is a modern, no-code CRM platform designed to help businesses grow by providing customizable tools for sales, marketing, and customer service. The platform integrates AI features and workflow automation to enhance productivity and customer engagement. Positioned as a flexible and scalable solution, Tribe CRM serves over 10,000 customers and offers tiered subscription plans with a free trial option. Technically, the website is built on WordPress with a suite of modern plugins and analytics tools, including Piwik PRO and Cookiebot for privacy compliance. However, a critical security gap exists as the site lacks a valid SSL certificate and does not serve content over HTTPS, exposing users to potential risks. The site is well-designed, mobile-optimized, and provides comprehensive privacy and cookie policies, reflecting a strong commitment to GDPR compliance. Overall, while the business and technical maturity are solid, urgent improvements in security infrastructure are necessary to protect user data and enhance trust.

E

efficy

tribecrm.nl

59

Tribe CRM is a Dutch-based SaaS company offering a customizable CRM platform integrated with AI features, targeting businesses seeking to grow customer loyalty and optimize sales and marketing processes. The company operates under the parent company efficy and has a mature domain with consistent registration data. Technically, the website is built on WordPress with modern marketing and analytics tools such as Piwik PRO, Cookiebot, and VWO, supporting multiple languages and SEO best practices. However, a critical security weakness is the absence of a valid SSL certificate, resulting in no HTTPS support and lack of security headers, which significantly impacts the security posture. Privacy compliance is well addressed with comprehensive cookie and privacy policies and consent mechanisms. Overall, the website presents a professional and trustworthy business front but requires urgent security improvements to protect user data and enhance trust.

S

Sekoia

sekoia.dk

33

Sekoia is a Danish healthcare software company providing a specialized app for care centers and social service providers to improve planning, documentation, and communication. The company is well-established with a mature domain and a clear market position supported by integrations with KMD Nexus and usage by multiple municipalities. The website is built on WordPress with modern marketing and analytics tools integrated, including consent management for GDPR compliance. However, the site currently lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability that undermines user trust and data protection. Privacy policies and cookie consent mechanisms are well implemented, and contact information is clearly presented. Overall, the business demonstrates good digital maturity but requires urgent security improvements to meet modern standards.

C

CIENS

ciens.no

47

CIENS is a prominent Norwegian research community specializing in environment, climate, and societal studies, composed of several reputable research institutes. The website serves as an information hub for their collaborative projects, events, and partner institutions. Technically, the site is built on WordPress with SEO optimizations via Yoast and uses Google Analytics for visitor tracking. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. The absence of security headers and cookie consent mechanisms further weakens its security and privacy posture. Business information is clear but limited to physical address and partner mentions, with no direct contact emails or phone numbers provided. Overall, the site is functional but requires significant security and privacy improvements to meet modern standards.

H

Horatio Alger Association

horatioalger.org

62

The Horatio Alger Association is a well-established 501(c)(3) non-profit organization dedicated to promoting the American Dream through scholarships and support services for students facing adversity. With a mature domain dating back to 1997 and a strong market position as one of North America's largest need-based scholarship providers, the organization demonstrates a clear commitment to education and philanthropy. The website reflects a professional and consistent brand image, targeting students, donors, and supporters with rich content and multimedia elements. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and Google Site Kit, leveraging Cloudflare for hosting and CDN services. While the site is mobile-optimized and SEO-friendly, performance metrics are not fully available. Security posture is currently weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical issue that must be addressed to protect user data and maintain trust. Privacy compliance is partially met with the presence of privacy and legal policies, but lacks a cookie consent mechanism and explicit GDPR compliance indicators. Contact information is comprehensive and clearly presented, enhancing business credibility. Overall, the site is trustworthy and professional but requires urgent security improvements to align with best practices. Strategic recommendations include immediate SSL/TLS implementation, enabling modern security headers and protocols, and introducing cookie consent mechanisms to improve privacy compliance and user trust.

C

Catholic Foundation of Southwest Iowa

catholicfoundationiowa.org

50

The Catholic Foundation of Southwest Iowa is a mature, regionally focused non-profit organization dedicated to faith-based investing and planned giving within the Diocese of Des Moines. The foundation supports individuals, parishes, schools, and Catholic organizations by managing endowment funds, distributing grants, and providing philanthropic resources. The website reflects a well-structured and content-rich platform with clear navigation and active social media engagement. However, the technical infrastructure shows gaps in security, notably the absence of a valid SSL certificate and HTTPS enforcement, which poses significant risks to user trust and data protection. The foundation uses a WordPress CMS with multiple plugins and integrates Google Analytics and Stripe for payments, indicating a moderate level of digital maturity. Despite the lack of explicit privacy and security policies, the organization demonstrates transparency through annual reports and board information. Overall, the site is functional and professional but requires urgent security improvements to align with best practices and regulatory expectations.

P

Programme AL-INVEST Verde

alinvest-verde.de

32

The AL-INVEST Verde website represents a European Union funded program aimed at fostering sustainable growth and job creation in Latin America through support for green innovation, public sector assistance, and intellectual property rights. The program operates across 12 countries and collaborates with multiple partner organizations, positioning itself as a key player in sustainable development initiatives in the region. Technically, the website is built on a modern WordPress stack with Elementor and several plugins supporting events, multilingual content, and user engagement. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which undermines user trust and data security. Privacy compliance is well addressed with comprehensive policies and consent mechanisms, reflecting adherence to GDPR standards. Overall, while the content and business positioning are strong, the security posture requires urgent improvement to safeguard users and enhance credibility.

Lulufantasias.com.br operates as a virtual companionship service targeting Portuguese-speaking users, primarily in Brazil. The service offers intimate conversational experiences via WhatsApp, leveraging subscription plans with message limits and conversation memory. The business is operated by Stripeless Zebra LLC and DA Industries OU, indicating a small but focused operation. Technically, the website is built on WordPress with common plugins and hosted behind Cloudflare DNS services. However, the lack of a valid SSL certificate and absence of HTTPS significantly undermines the security posture. Privacy policies and terms of service are present but basic, with no cookie consent mechanisms detected. Overall, the site presents a professional and consistent brand experience but requires urgent security improvements to protect user data and build trust.

A

Akciju sabiedrība “Olpha”

olainfarm.com

67

Olpha is a well-established Latvian pharmaceutical company with over 50 years of experience and a strong regional presence across more than 60 markets. The company specializes in manufacturing a wide range of pharmaceutical products including active ingredients, finished dosage forms, and nutritional supplements. Their business model includes contract manufacturing and licensing, supported by a large team of specialists. The website reflects a mature digital presence with multilingual support, comprehensive accessibility features, and professional branding. Technically, the site is built on WordPress with modern plugins and integrates marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Security posture is solid with HTTPS and no critical vulnerabilities detected, though improvements in email security and SSL configurations are recommended. Overall, Olpha demonstrates a credible and professional online presence aligned with its business stature.

A

Akciju sabiedrība “Olpha”

olpha.lv

40

Olpha is a leading pharmaceutical manufacturer based in Latvia, serving over 60 markets with a broad portfolio of pharmaceutical products, active ingredients, and nutritional supplements. The company operates through multiple subsidiaries across Eastern Europe and Central Asia, emphasizing contract manufacturing and pharmaceutical co-development. Their website reflects a mature digital presence with multilingual support, professional design, and a strong focus on accessibility, ensuring compliance with WCAG 2.1 AA standards. Technically, the site is built on WordPress with modern plugins and tracking tools, although performance could be improved due to high resource count and page size. Security posture is adequate with HTTPS and modern TLS protocols, but lacks some advanced configurations such as HSTS, DNSSEC, and DMARC, which are recommended for enhanced protection. Privacy compliance is strong with clear policies and consent mechanisms. Overall, Olpha presents a trustworthy and professional online presence aligned with its business stature.

M

Mail Baby

mailbaby.net

60

Mail Baby operates as a specialized email smart host service focusing on outbound email security and delivery. The company provides SMTP services with integrated spam and virus filtering, IP reputation management, and a simple pay-per-use pricing model. Their target audience includes organizations seeking to secure their outbound email traffic and ensure reliable delivery. The website content is professional and clearly communicates the business offerings, pricing, and FAQ information, supporting a small but focused business model. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and Visual Composer, hosted behind Cloudflare CDN for performance and security benefits. The SSL certificate is valid, and the site uses LiteSpeed caching for improved load times. However, performance metrics are moderate, and accessibility features are basic. SEO optimization is good with proper meta tags and structured data. From a security perspective, the site benefits from HTTPS and Cloudflare protection but lacks advanced security headers like HSTS and Content-Security-Policy. No vulnerabilities or exposed sensitive data were detected. The absence of a privacy policy, cookie consent mechanism, and security policy reduces privacy compliance scores. Contact information is limited to a contact form, with no direct emails or phone numbers provided. Overall, the website presents a moderate risk profile with good business credibility but room for improvement in privacy compliance and security best practices. Strategic recommendations include implementing comprehensive privacy and cookie policies, enhancing security headers, publishing incident response contacts, and improving transparency with direct contact details.

T

TIM San Marino S.p.A.

telecomitalia.sm

56

TIM San Marino S.p.A. is a telecommunications company operating in the Republic of San Marino, providing fiber internet, mobile, and fixed telephony services primarily targeting residential and business customers. The website presents a professional and well-structured digital presence, leveraging WordPress CMS and common web technologies to deliver content and service information effectively. The company maintains clear contact channels and legal compliance with privacy and cookie policies, reflecting a mature approach to customer engagement and regulatory adherence. However, the website's security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which undermines secure communications and user trust. Despite this, the presence of security headers and a vulnerability disclosure page indicates some level of security awareness. Overall, the site is functional and credible but requires urgent improvements in SSL/TLS configuration to enhance security and user confidence.

B

Banca Agricola Commerciale

baclife.sm

39

Banca Agricola Commerciale (BAC) is a well-established financial institution based in San Marino, providing a broad range of banking, investment, and insurance services to both private individuals and businesses. The website reflects a mature and professional presence with comprehensive business information, news updates, and customer resources. The company operates subsidiaries such as BAC Life S.p.A. and BAC Investments, indicating a diversified financial services group. The target audience is primarily local customers in San Marino, with services tailored to their needs including online and mobile banking solutions. Technically, the website is built on WordPress with modern plugins like Yoast SEO and Cookiebot for compliance and marketing. It integrates Google Tag Manager and Google Maps API, showing a moderate level of digital maturity. However, performance metrics are missing, and some technical debt is evident, especially in the SSL/TLS configuration. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability exposing users to potential data interception. While some security headers are present, the absence of HTTPS and DNSSEC reduces the overall security posture significantly. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is credible and professional but requires urgent improvements in SSL/TLS security to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing DNS and domain protections.