Security Directory

Roland Berger is a well-established global management consultancy with a significant presence in Brazil through its São Paulo office, founded in 1976. The company offers a broad range of consulting services across multiple industries, focusing on corporate performance, digital transformation, and sustainability. The website reflects a professional and consistent brand image targeting business clients seeking expert advisory services. Technically, the site uses modern web technologies including AngularJS, Usercentrics for consent management, Google Tag Manager, and Matomo analytics, hosted behind Cloudflare. However, the security posture is weakened by the lack of a valid SSL certificate and absence of HTTPS enforcement, which is a critical issue for trust and compliance. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is comprehensive and clearly presented, enhancing business credibility. Overall, the site is content-rich and professionally maintained but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

D

Der Grazer

grazer.at

37

Der Grazer is a regional online news media outlet focused on providing current news, event information, and photo galleries related to Graz, Austria. The website targets local residents and visitors interested in city news, politics, culture, and lifestyle. It operates primarily as an advertising-supported online news portal with additional services such as an e-paper and club membership. The site uses TYPO3 CMS and common web technologies like Bootstrap and jQuery, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and lack of HTTPS significantly weaken its security posture. While cookie consent and privacy policies are present, indicating GDPR awareness, no explicit security or incident response policies are found. Overall, the website is functional and professionally designed but requires urgent improvements in security to protect user data and enhance trust.

Landeskrankenhaus Bregenz is a key healthcare institution in the Vorarlberg region of Austria, operating under the Vorarlberger Krankenhaus-Betriebsgesellschaft.m.b.H. umbrella. The hospital provides a wide range of medical services, including specialized departments, emergency care, and patient support, serving both local and regional populations. The website reflects a mature and professional healthcare provider with a strong emphasis on quality assurance, ethics, and patient engagement. Technically, the site uses modern JavaScript libraries and analytics tools, including CookieHub for consent management and both Google Analytics and Matomo for visitor tracking. However, the website suffers from a critical security shortfall due to an invalid or missing SSL certificate and lack of proper HTTPS enforcement, which undermines user trust and data security. The absence of DNSSEC and CAA records further indicates room for improvement in DNS security. Overall, while the content and business credibility are strong, the technical and security posture requires urgent attention to meet modern standards and regulatory compliance.

The website finanzamt-geilenkirchen.de serves as the official online presence of the Finanzamt Geilenkirchen, a regional tax office under the Oberfinanzdirektion Nordrhein-Westfalen in Germany. It provides comprehensive tax-related information, contact details, online services such as appointment booking and electronic tax declaration (ELSTER), and current news updates. The site targets residents and businesses in the Nordrhein-Westfalen region, offering clear navigation and well-structured content tailored to public service needs. Technically, the website is built on the Drupal CMS platform, utilizing modern web technologies including Apache server, Matomo analytics for user tracking, and a robust Content Security Policy. The site demonstrates good mobile optimization and accessibility features, ensuring usability across devices and for users with disabilities. However, the SSL/TLS configuration is critically flawed, with no valid certificate and no TLS protocols enabled, which undermines secure HTTPS access. From a security perspective, the site implements several best practices such as strict security headers (X-Frame-Options, X-Content-Type-Options, CSP), HSTS with preload directive, and referrer policies. Despite these, the lack of a valid SSL certificate and HTTPS support is a major vulnerability that must be addressed urgently to protect user data and maintain trust. Overall, the website is professional, trustworthy, and compliant with GDPR, featuring clear privacy and cookie policies with consent mechanisms. The business credibility is high given its government affiliation, but the security posture is currently weak due to SSL issues. Strategic recommendations include immediate remediation of SSL/TLS configuration, enhancement of session security features, and continuous monitoring of security compliance.

Alupress AG is a medium-sized manufacturing company specializing in automotive aluminum die casting components and full-service system solutions. Founded in 1965 and headquartered in Brixen, Italy, the company offers a comprehensive range of services from in-house development to aftermarket support. The website reflects a professional B2B focus with detailed service descriptions and multilingual support. Technically, the site is built on TYPO3 CMS and uses Matomo and Facebook Pixel for analytics and marketing. However, the absence of a valid SSL certificate and HTTPS is a critical security shortfall that undermines user trust and data protection. The cookie consent mechanism and privacy policy indicate good GDPR compliance. Overall, the site is well-structured and content-rich but requires urgent security improvements.

F

Fluidtime Data Services GmbH

fluidtime.com

40

Fluidtime Data Services GmbH is a medium-sized Austrian company specializing in Mobility-as-a-Service (MaaS) solutions and sustainable mobility management tools. Positioned as a pioneer in the transportation technology sector, Fluidtime offers tailored software platforms that enable businesses and organizations to implement green mobility projects efficiently. Their website is professionally designed, content-rich, and targets organizations aiming to achieve sustainability goals through innovative mobility services. The company maintains a strong partnership network and active social media presence, enhancing its market credibility. Technically, the website is built on WordPress with the Enfold theme and supports multilingual content via WPML. It employs modern JavaScript libraries such as jQuery and integrates Matomo Analytics for privacy-conscious user tracking. SEO is enhanced through Yoast SEO plugin, and the site is mobile-optimized with good accessibility features. However, performance metrics are not explicitly available. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, representing a critical vulnerability. No modern TLS protocols or security headers like HSTS are enabled, which exposes users to potential risks. Cookie consent mechanisms and GDPR-compliant privacy policies are well implemented, reflecting good privacy compliance. Contact information is clearly provided, but no explicit security or incident response policies are found. Overall, while Fluidtime demonstrates strong business credibility and technical maturity in content and privacy compliance, the absence of HTTPS significantly undermines its security posture. Addressing this critical issue should be a top priority to protect user data and maintain trust.

The Stadtgemeinde Mödling website serves as the official digital portal for the city of Mödling, Austria, providing residents and visitors with comprehensive municipal information, news, events, and public services. The site targets local citizens and stakeholders, offering easy access to administrative contacts, service forms, and cultural activities. The business model is that of a government entity focused on transparency and community engagement. Technically, the website employs a custom RIS CMS platform with common web technologies such as jQuery, Bootstrap, and FontAwesome, and integrates Matomo for analytics. However, the absence of HTTPS is a critical security flaw that undermines user trust and data protection. Security headers are partially implemented, but the lack of SSL/TLS and modern protocols significantly lowers the security posture. Privacy compliance is moderate, with a clear privacy policy but no cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security upgrades.

lautstark gmbh is a specialized below-the-line communications agency founded in 2003, focusing on live communication and brand experiences for premium clients including world brands and market leaders. The company positions itself as a creative activist agency delivering personalized, reliable, and impactful brand activations. The website reflects a professional and consistent brand image with comprehensive content and clear navigation targeting German-speaking audiences. Technically, the site is built on WordPress with Yootheme framework, hosted on Hetzner, and uses modern tools like Google reCAPTCHA and Matomo analytics. However, the absence of a valid SSL certificate and HTTPS is a critical security flaw that undermines user trust and data protection. Privacy compliance is well addressed with detailed policies and consent mechanisms. Overall, the business demonstrates strong market positioning but must urgently address security shortcomings to maintain credibility and protect user data.

F

Friendly Fire Communications GmbH

friendlyfire.at

36

Friendly Fire Communications GmbH is a Vienna-based technology company specializing in advanced 3D visualizations, virtual production, and interactive digital experiences. With approximately 20 years of experience and a client portfolio of over 100 brands, they offer a broad range of services including product visualization, real-time 3D configurators, digital brand storytelling, and virtual production solutions. Their business model focuses on delivering customized digital transformation packages tailored to client needs, targeting businesses seeking innovative digital marketing and product engagement tools. Technically, the website is built on WordPress with modern plugins such as Elementor Pro, Yoast SEO, and WPML for multilingual support. The site integrates multiple analytics platforms including Google Analytics and Matomo, and employs performance optimizations via WP Rocket. Hosting is provided by World4You. The site is well-structured, mobile-optimized, and rich in multimedia content, reflecting a mature digital presence. From a security perspective, the site lacks HTTPS, which is a critical vulnerability exposing users to data interception risks. Other security best practices such as HSTS, DNSSEC, and security headers are not implemented. The site does have a comprehensive privacy policy and cookie consent mechanism, indicating good privacy compliance. Contact information is clearly provided, enhancing business credibility. Overall, while the business and website demonstrate professionalism and strong market positioning, the absence of HTTPS significantly undermines security posture and user trust. Immediate implementation of SSL/TLS is strongly recommended to mitigate this critical risk.

P

pewag International GmbH

pewag.com

26

pewag International GmbH is a historic Austrian manufacturer specializing in chains and lifting solutions with a global market presence. The company offers a broad portfolio including snow chains, forestry technique, conveyor systems, and DIY products, supported by digital configurators and advisory tools. The website reflects a mature digital infrastructure built on WordPress with multilingual support and integrated analytics and consent management tools. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability, undermining user trust and data protection. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, pewag demonstrates strong business credibility and content quality but must urgently address its security posture to align with industry best practices.

A

AFI Solutions GmbH

afi-solutions.com

33

AFI Solutions GmbH is a medium-sized German technology company specializing in SAP-integrated software solutions for automated document processing. As part of the SER Group, it holds a strong market position with over 800 customers worldwide and offers certified SAP Add-Ons that enhance Purchase-to-Pay and Order-to-Cash processes using advanced technologies like AI and RPA. The company provides full-service offerings including consulting, implementation, training, and support. Technically, the website is built on TYPO3 CMS and employs modern analytics and consent management tools, but lacks HTTPS, which is a critical security shortfall. The absence of SSL/TLS encryption exposes users to risks and undermines trust. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the website is professionally designed with clear navigation and strong branding, but the lack of HTTPS significantly impacts its security posture and overall trustworthiness.

I

Institut Teknologi Sepuluh Nopember

its.ac.id

40

Institut Teknologi Sepuluh Nopember (ITS) is a prominent Indonesian university specializing in science, technology, and arts education. The website serves a broad audience including prospective and current students, faculty, staff, parents, and alumni. It offers comprehensive information on academic programs, research, innovation, and public services. The institution holds a strong market position with recognized rankings in Asia Pacific and globally. Technically, the website is built on WordPress with a modern tech stack including Visual Composer, Yoast SEO, and various JavaScript libraries, providing a rich user experience with good mobile optimization and accessibility. However, the website lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Security headers are present but insufficient without proper SSL. Privacy and cookie policies are not found, indicating compliance gaps. DNS records are missing or incomplete, raising concerns about domain configuration. Overall, the site is professional and trustworthy in content but requires urgent improvements in security and privacy compliance.

A

Alexander Hughes

alexanderhughes.com

30

Alexander Hughes is a well-established global executive search and leadership advisory firm with over 60 years of experience and a presence in more than 50 offices across 51 countries. The company specializes in attracting top leadership talent and providing governance, human capital assessment, succession planning, and interim executive services to global firms. Their website reflects a professional and comprehensive business model targeting corporate clients worldwide. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as jQuery and Lightslider, with analytics powered by Matomo. Hosting is provided by Cloudways, and the site employs a strong Content Security Policy and other security headers. However, the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which significantly impacts the security posture. Security-wise, while some best practices like CSP and HSTS are implemented, the lack of valid HTTPS and TLS support is a critical vulnerability. No explicit security or incident response policies are found, and no contact emails or phone numbers are directly listed on the site, which may affect user trust. Privacy and cookie policies are present and appear GDPR compliant. Overall, the site is professionally designed with excellent content quality and user experience but requires urgent remediation of SSL/TLS issues to improve security and trustworthiness.

K

Kammer für Arbeiter und Angestellte für Wien

akwien.at

40

The website akwien.at represents the Kammer für Arbeiter und Angestellte für Wien, a government-related non-profit organization advocating for workers' rights and social services in Vienna, Austria. The site offers comprehensive information and services including legal advice, consumer protection, educational resources, and digitalization funding. It targets employees and workers in Vienna, providing a rich content experience with clear navigation and strong branding. Technically, the site is built on a Gentics Portal CMS with a modern tech stack including jQuery, Bootstrap, Matomo Analytics, and Usercentrics for consent management. Hosting is provided by Anexia. While the site is mobile optimized and accessible, performance metrics indicate slow loading, and the SSL/TLS configuration is currently invalid, which is a critical security concern. Security posture is moderate with several security headers implemented, but the lack of a valid SSL certificate and disabled TLS protocols significantly reduce the security score. Privacy compliance is good, with a clear privacy policy and cookie consent mechanism in place. Business credibility is high due to consistent branding, official contact information, and alignment with WHOIS data. Overall, the site is a professional and trustworthy resource for workers in Vienna but requires urgent improvements in SSL/TLS configuration and performance optimization to enhance security and user experience.

din – Dietmar Nocker Sicherheitstechnik GmbH & Co KG is a medium-sized Austrian company specializing in emergency lighting solutions with over 40 years of industry experience. The company offers a comprehensive portfolio including product development, systems, and service support, targeting businesses requiring compliant emergency lighting. Their market position is strong in Austria and neighboring countries, supported by multiple locations and a professional online presence. Technically, the website is built on WordPress with multilingual support and privacy-conscious analytics via Matomo. However, the lack of a valid SSL certificate and HTTPS implementation is a critical security shortfall, exposing users to risks and undermining trust. The company demonstrates good privacy compliance with detailed cookie consent mechanisms and GDPR-aligned policies. Overall, the business is credible and professional but must urgently address its security posture to protect users and maintain trust.

W

WOMEN AGAINST VIOLENCE EUROPE

wave-network.org

40

WOMEN AGAINST VIOLENCE EUROPE (WAVE) is a well-established non-profit network comprising over 180 European women’s NGOs dedicated to preventing and protecting women and children from violence. The organization focuses on capacity building, advocacy, research, and awareness raising, positioning itself as a leading entity in the European women's rights sector. Their website reflects a professional and content-rich platform targeting NGOs, professionals, policymakers, and the general public interested in gender equality and violence prevention. Technically, the website is built on WordPress with a modern plugin ecosystem including Gravity Forms, Event Tickets, and MemberPress. While the design and content quality are excellent, technical performance is moderate, and mobile optimization is good. The site uses Matomo for analytics and Borlabs Cookie for privacy compliance, indicating a mature approach to user data and consent. Security-wise, the site suffers from a critical issue: an invalid or missing SSL certificate, resulting in no active TLS protocols and weak encryption posture. Although some security headers are present, the lack of proper HTTPS implementation significantly lowers the security score. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact information and consent mechanisms. Overall, the site is trustworthy and professionally managed but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and maintain credibility. Strategic improvements in security infrastructure will enhance user trust and compliance with modern web standards.

E

Euronet Worldwide, Inc.

euronetworldwide.com

39

Euronet Worldwide, Inc. operates as a global leader in payments processing and cross-border transactions, providing a broad range of financial technology solutions including electronic funds transfer, prepaid products, and money transfer services. The company serves financial institutions, fintechs, retailers, and consumers worldwide, leveraging platforms such as Ren and Dandelion to enable real-time, compliant cross-border payments. The website reflects a mature enterprise with a strong market position and comprehensive business information, including investor relations and corporate governance details. Technically, the site is built on WordPress with Elementor and hosted on WP Engine, integrating modern analytics and cookie consent tools. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. Security headers are partially implemented, but improvements are needed in TLS protocol support, HSTS, and session management. Privacy compliance is well addressed with GDPR-aligned policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent security enhancements to protect user data and maintain credibility.

Indorama Ventures Schoeller Wool Austria GmbH is a well-established global supplier specializing in worsted yarns with a history dating back to 1849. The company focuses on providing a wide range of yarn products including flat knit, performance, technical, hosiery, and weaving yarns, emphasizing sustainability and certified processing. Their target audience primarily includes textile manufacturers and technical yarn users. The website reflects a professional B2B manufacturing business model with consistent branding and trust indicators such as sustainability certifications and social media presence. Technically, the website is built on the Contao CMS platform using PHP 8.2 and nginx, with frontend technologies including jQuery and Bootstrap 4. Analytics are handled via Matomo, indicating a moderate level of digital maturity. However, the site lacks HTTPS support due to an invalid or missing SSL certificate, which significantly impacts security posture. Performance data is unavailable, but mobile optimization and navigation are assessed as good. Security-wise, the site implements several HTTP security headers but fails to provide a valid SSL certificate or enable modern TLS protocols, resulting in a low security score. No explicit security or incident response policies are found, and no vulnerability disclosure or security.txt files are present. Privacy compliance is supported by a cookie consent mechanism and a privacy policy page, aligning with GDPR requirements. Overall, while the business and website content are credible and professional, the lack of HTTPS is a critical security gap that must be addressed urgently. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, and enhancing security configurations to improve trust and compliance.

D

DCCS GmbH

dccs.at

40

DCCS GmbH is a large Austrian IT company specializing in business IT solutions, digital transformation, and AI applications primarily serving industrial and energy sectors. The company operates multiple offices across Austria, Germany, and Bosnia and Herzegovina, employing over 330 professionals. Their website reflects a mature digital presence with comprehensive service offerings and strong branding. Technically, the site uses modern frameworks such as Liferay and React, with integrated analytics and captcha services. However, a critical security gap exists due to the lack of a valid SSL certificate and proper HTTPS configuration, which undermines user trust and data security. Privacy and cookie compliance are well implemented, with clear policies and consent mechanisms. Overall, the website is professional and content-rich but requires urgent remediation of its SSL/TLS configuration to meet security best practices.

The website feldkirch.at serves as the official municipal portal for the city of Feldkirch, Austria, providing comprehensive information about city services, news, events, and administrative functions. It targets residents, visitors, and local businesses, offering a broad range of public services including housing, registry office, social services, education, culture, and urban development. The site also promotes local subsidiaries and partner organizations, enhancing community engagement and service delivery. Technically, the website is built on the TYPO3 CMS platform and served via an Apache web server. It employs JavaScript for interactive elements and uses Matomo for analytics, respecting user cookie consent. The site is well-structured, mobile-optimized, and accessible, with clear navigation and professional design. However, performance metrics are unavailable, limiting full technical assessment. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability impacting user trust and data security. Security headers are partially implemented but modern TLS protocols and HSTS are missing. No explicit security policies or incident response contacts are provided. Privacy compliance is strong, with a clear cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is a professionally managed government portal with excellent content quality and business credibility but requires urgent improvements in SSL/TLS security to protect users and enhance trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, and enhancing security headers and protocols.

experts, a brand under the I.K. Hofmann GmbH group, is a leading HR service provider in Germany specializing in the placement of skilled and managerial personnel. The company operates an extensive network of locations and offers a broad range of services including personnel leasing, recruitment, freelancer services, RPO, interim management, and career coaching. The website is professionally designed and targets both job seekers and companies looking for qualified staff. Technically, the site is built on TYPO3 CMS and uses modern JavaScript libraries and analytics tools, but suffers from critical SSL/TLS configuration issues that undermine security. The absence of a valid SSL certificate and disabled HTTPS protocols represent significant vulnerabilities. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business is credible and well-positioned in the HR sector, but the security posture requires urgent improvement to protect user data and trust.

B

BYTEPOETS

bytepoets.com

26

BYTEPOETS is a well-established software development company based in Graz, Austria, specializing in app development, web development, UI/UX design, and consulting services. With a domain age of 24 years and a recent integration into the MXP group, BYTEPOETS positions itself as a reliable partner for digital transformation projects, targeting businesses seeking tailored software solutions. The website content is professional, comprehensive, and clearly structured, reflecting a mature business with a strong client portfolio and detailed team information. Technically, the website employs modern technologies including Angular, Flutter, .NET Core, and various analytics tools such as Matomo and Google Tag Manager. However, the site lacks HTTPS, which is a critical security shortfall. The absence of a valid SSL certificate and related security headers significantly impacts the security posture, despite the presence of cookie consent mechanisms and privacy policies that indicate good privacy compliance. Security-wise, the site shows no evidence of incident response or vulnerability disclosure policies, and the SSL configuration is incomplete, lacking HSTS and OCSP stapling. The domain registration is consistent and mature, supporting the legitimacy of the business. Overall, BYTEPOETS demonstrates strong business credibility and digital maturity but must urgently address HTTPS implementation to improve security and trust. Strategically, BYTEPOETS should prioritize securing their website with a valid SSL certificate and enhancing security headers. Maintaining comprehensive privacy compliance and transparent contact information supports user trust and regulatory adherence. The integration with MXP suggests growth and potential for expanded market reach.

ORF Beitrags Service GmbH operates the official website for managing ORF broadcasting fees in Austria, providing services such as SEPA direct debit, data changes, exemptions, and customer support. The website targets Austrian residents and businesses subject to ORF fees, positioning itself as a key public service provider in the media sector. The content is well-structured, professionally designed, and localized in German with multiple language options. The business model revolves around public service fee collection and administration. Technically, the website is built on the TYPO3 CMS platform, leveraging modern JavaScript libraries like Alpine.js and integrating analytics tools such as Matomo and Google Analytics. The site uses a comprehensive Content Security Policy and other security headers to protect against common web attacks. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Security posture is moderate with good header implementations but severely impacted by the lack of HTTPS, no TLS protocols enabled, and missing HSTS. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms in place. Business credibility is supported by clear contact information, legal pages, and consistent branding. Overall, the website is functional and professional but requires urgent security improvements to enable HTTPS and strengthen encryption protocols. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS versions, and enhancing session security. These steps will improve trust, compliance, and user safety significantly.

U

UNIVERSAL Eisen und Stahl GmbH

universal-stahl.com

39

UNIVERSAL Eisen und Stahl GmbH is a German medium-sized full-service steel trading company specializing in heavy plates and advanced processing services. It operates as part of the Salzgitter AG group, leveraging a large inventory and extensive logistics capabilities to serve industrial clients across Europe. The company emphasizes sustainability and quality, certified under ISO 9001, and promotes innovative green steel production initiatives such as SALCOS®. Technically, the website is built on TYPO3 CMS and uses Matomo for analytics, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and HTTPS support. Security headers are partially implemented, but modern TLS protocols and HSTS are missing, exposing the site to risks. Privacy compliance is well addressed with cookie consent and GDPR-aligned policies. Overall, the business is credible and professionally presented, but the lack of HTTPS significantly undermines security posture.

G

Grünenthal

grunenthal.com

40

Grünenthal is a globally recognized pharmaceutical company specializing in pain management and related diseases. The company operates with a strong focus on innovation, patient support, and corporate responsibility, positioning itself as a leader in its sector. The website reflects a mature digital presence with comprehensive content targeting healthcare professionals, patients, partners, and investors. Technically, the site uses modern tools such as Matomo analytics and consent management but suffers from a critical lack of valid SSL/TLS configuration, which undermines its security posture. Despite this, privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent security improvements to protect user data and maintain credibility.

B

baningo GmbH

baningo.com

40

baningo GmbH is a technology company specializing in digital networking solutions, primarily through their digital business card platform and NFC business cards. Founded in 2015 and based in Austria, the company serves a broad professional audience seeking modern, sustainable ways to share contact information. Their market position is supported by over 10,000 customers and partnerships with notable companies. Technically, the website leverages Cloudflare for hosting and security, uses Matomo and Google Tag Manager for analytics, and integrates Facebook Pixel for marketing. However, the absence of a valid SSL certificate and HTTPS severely undermines the security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanisms. Overall, the website is professionally designed and trustworthy but requires urgent security improvements.

A

Apitech

apitech.fr

39

Apitech is a French technology company specializing in open source productivity solutions and custom software development. With over 30 years of experience, it positions itself as a trusted partner for organizations seeking sovereign and secure digital tools. The company leverages open source expertise and partnerships with major technology providers like Microsoft and Dell to deliver tailored solutions. The website reflects a professional and consistent brand image targeting business clients in France. Technically, the site is built on WordPress with the Divi theme and uses modern plugins and analytics tools. However, a critical security issue is the lack of a valid SSL certificate, resulting in no HTTPS, which significantly impacts the security posture. While some security headers are present, the absence of HTTPS and modern TLS protocols is a major vulnerability. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and trust.

'

's Heeren Loo

sheerenloo.nl

40

's Heeren Loo is a large, established healthcare organization in the Netherlands specializing in providing tailored care and support for people with intellectual and other disabilities. Their services span diagnostics, treatment, home support, education, work and day activities, and residential care. The organization targets clients with disabilities, their families, and care professionals, emphasizing a mission to help clients live as well as possible with appropriate care levels. Technically, the website employs modern JavaScript frameworks like Vue.js and Vuex, integrates Matomo analytics for user tracking, and uses Google Tag Manager for marketing. Accessibility and SEO are well addressed, with good mobile optimization and structured data markup. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. Overall, the website is professional, content-rich, and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

J

Joint Vienna Institute

jvi.org

28

The Joint Vienna Institute (JVI) is a well-established regional training center founded in 1992, providing policy-oriented training primarily to public officials and selected private sector executives from Central, Eastern, and Southeastern Europe, the Caucasus, and Central Asia. Supported by international organizations such as the IMF, Austrian Finance Ministry, EBRD, and others, JVI offers a broad range of courses, webinars, and special events focused on economics, financial sector management, trade policy, and governance. The website reflects a professional and consistent brand with good content quality and clear navigation, targeting a specialized audience in the education and government sectors. Technically, the site is built on TYPO3 CMS with PHP 7.4, uses Bootstrap and jQuery for frontend, and integrates Matomo and Google Analytics for user tracking. The site is hosted likely by Telekom Austria based on DNS records. While the site is mobile-optimized and SEO-friendly, it lacks HTTPS support, which is a critical security shortfall. The absence of SSL/TLS encryption exposes users to potential data interception risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Security posture is weak due to missing HTTPS, lack of HSTS, and minimal security headers. No incident response or vulnerability disclosure information is provided. Business credibility is strong, supported by clear contact information, partner logos, and active social media presence. Overall, the site is trustworthy but requires urgent security improvements to protect user data and enhance trust. Recommendations include immediate implementation of HTTPS with a valid SSL certificate, enabling security headers, publishing a security policy and vulnerability disclosure, and upgrading PHP to a supported version to improve security and compliance.

P

Post AG

post.at

40

Post AG operates as Austria's leading postal and logistics service provider, offering a comprehensive range of services including letter mail transport, parcel shipping, business mailing solutions, and online postal services. The company targets both general consumers and business clients within Austria, maintaining a strong market position supported by a professional and content-rich website. The digital infrastructure leverages modern technologies such as React and Sitecore CMS, with integrated analytics and marketing tools like Matomo and Jentis Tag Manager, reflecting a mature digital presence. However, the website's security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which poses significant risks to data confidentiality and user trust. Despite this, the site maintains good privacy compliance with clear policies and consent mechanisms, and offers comprehensive contact options and official social media channels. Strategic improvements in SSL/TLS implementation and security header enforcement are critical to enhance overall security and trustworthiness.

S

SCHMIDT Groupe

cuisines-schmidt.com

29

SCHMIDT Groupe operates a comprehensive and professionally designed website focused on custom interior design solutions including kitchens, furniture, and bathrooms. The company is a leading French manufacturer with a strong market position and a large-scale retail business model. The website demonstrates a mature digital infrastructure with modern JavaScript frameworks, extensive use of analytics and marketing tools, and a clear focus on user experience and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented, indicating good compliance with GDPR requirements. Overall, the site is content-rich and trustworthy but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

W

Wolfram Bergbau und Hütten AG

wolfram.at

39

Wolfram Bergbau und Hütten AG is a medium-sized Austrian company specializing in the mining, refining, and recycling of tungsten-based products. It holds a strong market position as a leading global supplier of high-quality tungsten powders. The company operates multiple sites including mining in Mittersill, refining in St. Martin, and recycling centers in Austria and India. The website is professionally designed using WordPress with the Divi theme and includes comprehensive content in German and English, targeting industrial clients and potential employees. Technically, the site uses modern SEO and analytics tools but suffers from a critical lack of valid SSL/TLS configuration, impacting security posture. Privacy compliance is well implemented with GDPR-aligned cookie consent mechanisms and a detailed privacy policy. Business credibility is supported by ISO certifications and transparent contact information. Overall, the website is trustworthy and professional but requires urgent security improvements to enable HTTPS and modern TLS protocols.

A

AGFA HealthCare

agfahealthcare.com

40

AGFA HealthCare is a prominent enterprise in the healthcare sector specializing in secure and sustainable imaging data management solutions. The company holds a strong market position, evidenced by multiple KLAS awards and a comprehensive portfolio of services including Enterprise Imaging Platform, Augmented Intelligence, and Cloud solutions. Their target audience includes healthcare professionals, IT professionals, and government healthcare entities. Technically, the website is built on WordPress with a modern tech stack including popular plugins and frameworks, delivering a good user experience with mobile optimization and accessibility. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue that needs immediate remediation. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent security improvements to enhance its risk profile.

K

Kraus & Naimer

krausnaimer.com

38

Kraus & Naimer is a globally recognized leader in the manufacturing of cam switches and industrial switchgear, offering a broad portfolio of products including main switches, control switches, and customized solutions. The company emphasizes mass customization and international certifications, serving a diverse industrial clientele worldwide. Their website reflects a professional and consistent brand presence with clear navigation and relevant content tailored to industrial customers. Technically, the website is built on TYPO3 CMS and served via Apache, incorporating modern JavaScript libraries and privacy-focused analytics (Matomo). However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and user trust. Privacy compliance is well addressed with visible cookie consent mechanisms and comprehensive privacy policies. Security-wise, while some security headers are implemented, the lack of HTTPS and modern TLS protocols is a significant vulnerability. No explicit security or incident response policies are published, which could be improved to enhance trust and compliance. Overall, the site is functional and professional but requires urgent security upgrades to meet modern standards and protect user data. Strategically, Kraus & Naimer should prioritize SSL certificate installation and TLS configuration, enhance security policy transparency, and continue leveraging privacy-compliant analytics to maintain regulatory compliance and customer trust.

P

POWERSERV Austria GmbH

powerserv.at

38

POWERSERV Austria GmbH operates as a medium-sized personnel service provider in Austria, specializing in tailored job placement, HR services, and workforce solutions. The company maintains a strong market position supported by certifications such as ISO 9001 and memberships in industry organizations. Their website targets job seekers and companies, offering services like temporary staffing, payroll outsourcing, and HR consulting. Technically, the website is built on WordPress with Elementor and Astra theme, incorporating modern SEO practices and cookie consent management via Usercentrics. However, the absence of a valid SSL certificate and HTTPS significantly weakens the security posture, exposing users to potential risks. While no critical vulnerabilities are detected, the lack of advanced security headers and incident response information indicates room for improvement. Overall, the site presents professional content and good business credibility but requires urgent security enhancements to protect user data and improve trust.

K

Kemira Oyj

kemira.com

40

Kemira Oyj is a global leader specializing in sustainable chemical solutions primarily for water-intensive industries such as pulp & paper, water treatment, and energy sectors. The company offers a comprehensive portfolio including water treatment chemicals, fiber production solutions, industrial chemicals, and digital services aimed at process optimization. Their website reflects a mature digital presence with strong emphasis on sustainability, investor relations, and corporate governance, targeting industry professionals, investors, suppliers, and potential employees. The company is headquartered in Helsinki, Finland, and maintains a large operational scale with over 4,700 employees.

Hawle Beteiligungsgesellschaft m.b.H. is a well-established Austrian manufacturer specializing in water supply valves and related products, serving a global market with a strong European manufacturing base. The company emphasizes sustainability, quality, and innovation, with a broad product portfolio including gate valves, butterfly valves, and digital water management solutions. The website reflects a mature digital presence with multi-language support and professional branding. Technically, the site uses modern JavaScript frameworks (Vue.js), Pimcore CMS, and integrates analytics and consent management tools, indicating a good level of digital maturity. However, a critical security weakness is the lack of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the security posture and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business appears credible and trustworthy, but urgent improvements in SSL/TLS deployment are recommended to secure user interactions and data.

L

lbase

lbase.software

66

lbase is a specialized business unit of Axians, providing advanced logistics software solutions such as transport management systems (TMS) and warehouse management systems (WMS). Leveraging AI, algorithms, and eco-partnerships, lbase aims to optimize supply chain processes for efficiency and flexibility. The company is well-positioned in the European logistics market with a mature domain and strong parent company backing from VINCI Energies. The website reflects a professional and comprehensive digital presence with clear business information and compliance with GDPR and cookie regulations. Technically, the site uses WordPress with modern plugins and analytics tools, though performance could be improved. Security posture is strong with HTTPS, HSTS, SPF, and DMARC properly configured, but could benefit from enabling DNSSEC and OCSP stapling. Overall, lbase demonstrates a mature, trustworthy, and compliant online presence suitable for its B2B logistics software market.

E

ertex solar

ertex-solar.at

40

Ertex solar is a specialized company focused on building-integrated photovoltaics (BIPV), offering innovative solar energy solutions integrated into architectural elements such as façades, balconies, and roofs. With a strong emphasis on aesthetics and energy transition, the company serves architects, developers, and environmentally conscious clients globally. The website reflects a mature digital presence with professional design, multilingual support, and comprehensive product information. Technically, the site runs on a modern WordPress stack with SEO and performance optimizations, hosted on OVHcloud. Security posture is solid with HTTPS and multiple security headers, though SSL/TLS protocol support requires enhancement. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the domain and WHOIS data corroborate the legitimacy and consistency of the business claims.

F

Forster

forster.at

21

Forster is an established Austrian company founded in 1956, specializing in manufacturing and providing solutions in transportation technology, shelving systems, noise protection, advertising technology, signage, and industrial printing. The company operates internationally with multiple related domains and maintains a strong market presence with high-quality standards. The website is built on TYPO3 CMS with Bootstrap framework and uses Matomo for analytics, indicating a modern but somewhat traditional technical infrastructure. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing the site to risks and reducing trustworthiness. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Overall, the site presents a professional image but requires urgent security improvements to protect user data and enhance trust.

P

Plasser & Theurer

plassertheurer.com

19

Plasser & Theurer is a well-established Austrian company specializing in the development, construction, and export of railway track maintenance machinery with over 60 years of industry presence. The company serves railway infrastructure operators and maintenance professionals globally, supported by a broad network of subsidiaries and partners. Their website reflects a professional and comprehensive digital presence, showcasing their products, services, and international reach. Technically, the website is built on TYPO3 CMS and uses modern JavaScript libraries such as Swiper.js for UI components and Matomo for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and user trust. Performance is slow, and no advanced security headers or domain protection mechanisms are in place. Security-wise, the lack of HTTPS and security headers exposes visitors to risks, and the absence of cookie consent mechanisms raises compliance concerns under GDPR. The WHOIS data confirms a mature and consistent domain registration aligned with the company's identity, enhancing legitimacy. Overall, while the business and content quality are strong, the security and privacy compliance gaps present significant risks. Strategic recommendations include immediate implementation of HTTPS, security headers, and cookie consent mechanisms, alongside enhancing domain security configurations. These steps will improve trust, compliance, and overall security posture, supporting the company's reputable market position.

ArcelorMittal Construction is a large, established manufacturing company specializing in steel-based building solutions for architectural projects, with a strong presence in Austria and multiple European markets. The website reflects a professional and comprehensive business offering, targeting construction professionals and project developers with a broad portfolio of products and services emphasizing sustainability and innovation. Technically, the website uses modern JavaScript libraries and analytics tools, hosted behind Cloudflare, but suffers from a critical lack of valid SSL/TLS configuration, exposing users to security risks. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. The security posture is weak due to missing HTTPS, but other security headers and practices are present. Overall, the website is trustworthy and professional but requires urgent security improvements to protect users and maintain credibility.

W

Wilhelm Schwarzmüller GmbH

schwarzmueller.com

38

Wilhelm Schwarzmüller GmbH operates as one of Europe's largest providers of towed commercial vehicles, specializing in manufacturing and servicing premium transport solutions tailored to various industries such as construction, logistics, and tank transport. The company maintains a strong market position with a broad portfolio of over 150 vehicle types and a commitment to quality, evidenced by ISO certifications and industry awards. Their digital presence is robust, featuring multilingual support, active social media channels, and comprehensive customer service offerings including telematics and rental services. Technically, the website is built on WordPress with modern frameworks and SEO optimizations, although it lacks HTTPS encryption, which is a significant security concern. The security posture is weak due to the absence of SSL/TLS, HSTS, and other critical security headers, exposing users to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding, detailed contact information, and trust signals. Strategic improvements in security infrastructure are essential to enhance trust and protect user data.

C

CRIF Österreich

crif.at

40

CRIF Österreich operates as a leading provider of credit and risk management solutions, serving both businesses and private individuals primarily in Austria but also internationally. The company offers a broad portfolio including creditworthiness assessments, compliance, ESG risk management, identity management, and marketing services. The website reflects a mature enterprise with consistent branding and comprehensive content tailored to its target audience. Technically, the site uses modern JavaScript libraries and frameworks such as jQuery, Bootstrap, and Swiper.js, alongside Matomo analytics and Usercentrics for consent management. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are well implemented, indicating good GDPR compliance. Overall, the site is professional and trustworthy but requires urgent security improvements.

7

7LYTIX GMBH

7lytix.com

40

7LYTIX GMBH is a mature Austrian AI software company specializing in Action Intelligence solutions that optimize business processes such as predictive maintenance, supply chain management, and intelligent personalization. Recently acquired by the KEBA Group, 7LYTIX targets medium to large enterprises in manufacturing, retail, logistics, finance, and media sectors. The website reflects a professional and consistent brand presence with clear business information and customer trust indicators. Technically, the site uses modern JavaScript libraries and frameworks like Bootstrap and jQuery, with analytics implemented via Google Analytics and Matomo. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Privacy and cookie policies are present but basic, and no explicit security or incident response policies are found on the site. Overall, the business credibility is strong, but the security configuration requires urgent improvement to protect user data and maintain trust.

Chiesi Farmaceutici S.p.A is a well-established global pharmaceutical company headquartered in Italy, recognized among the top 50 pharmaceutical companies worldwide. The company specializes in respiratory, neonatology, and rare diseases with over 80 years of experience. Their business model focuses on pharmaceutical research, development, manufacturing, and global partnerships, supported by a broad network of subsidiaries across multiple countries. The website reflects a professional corporate presence with comprehensive content targeting healthcare professionals, patients, and partners. Technically, the site uses a PHP backend with various JavaScript libraries and analytics tools, hosted on Azure DNS infrastructure. However, the absence of a valid SSL certificate and lack of HTTPS significantly undermine the security posture. Security headers are implemented but cannot compensate for the missing encryption. Privacy and cookie policies are present with consent mechanisms, indicating good compliance practices. The WHOIS data confirms domain legitimacy and consistency with the company's profile. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration to ensure secure communications.

I

ILF Consulting Engineers

ilf.com

23

ILF Consulting Engineers is a large, privately owned international engineering and consulting firm specializing in infrastructure, energy, water, and environmental projects. With over 3,000 employees and a global presence spanning 45+ offices across six continents, ILF positions itself as a leader in sustainable engineering solutions. The website reflects a professional and comprehensive digital presence, offering detailed information about their services, business areas, and corporate values. Technically, the site is built on WordPress with modern JavaScript libraries and frameworks, providing a good user experience and mobile optimization. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to potential risks. Security headers are present, but the lack of TLS protocols and HSTS reduces overall security. Privacy compliance is addressed with a comprehensive privacy and cookie policy, though no explicit consent mechanism is detected. Business credibility is strong with clear company information and trust indicators such as ISO 27001 certification and Great Place to Work recognition. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

M

MMX e.U.

silberdraht.agency

37

Silberdraht Agency is a small Austrian online marketing firm specializing in services tailored for the BestAger demographic (age 50+). Founded in 2019 and operated by MMX e.U., the agency offers website analysis, creation, optimization, search engine marketing, social media marketing, and newsletter distribution. Their market position is niche-focused with a dedicated team and partnerships that enhance their service offerings. Technically, the website runs on WordPress with popular plugins and themes, but lacks HTTPS, which is a critical security shortfall. The site is mobile-optimized and SEO-friendly but suffers from slow or unmeasured performance. Security posture is weak due to missing SSL and security headers, and privacy compliance is minimal with no cookie consent mechanism. Overall, the business appears legitimate and consistent with its domain registration data, but security improvements are urgently needed.

K

Kienbaum Consultants Austria GmbH

kienbaum.at

22

Kienbaum Consultants Austria GmbH is a well-established HR and management consulting firm with a strong presence in Austria since 1958 and origins dating back to 1945. The company offers a comprehensive range of services including assessment, executive search, compensation management, and organizational transformation. Their Vienna office serves as an international hub for compensation data and global studies. Technically, the website is built on WordPress using the Divi theme, with modern tools like Matomo analytics and Cookiebot for privacy compliance. However, the absence of a valid SSL certificate and HTTPS significantly weakens the security posture, exposing the site to risks and reducing trust. Despite this, the site demonstrates good privacy compliance and business credibility with clear contact information and certifications. Strategic improvements in SSL/TLS implementation and security headers are recommended to enhance overall security and user trust.

R

Rail Cargo Group

railcargo.com

40

Rail Cargo Group is a well-established rail logistics provider operating primarily in Europe and Asia, offering a broad range of freight and logistics services including wagon loads, intermodal and multimodal logistics, and railway operations. The company targets businesses requiring efficient rail freight solutions and maintains a strong market position supported by its parent company ÖBB. Technically, the website employs modern JavaScript libraries and custom corporate scripts, with a focus on accessibility and SEO, though performance data is unavailable. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, despite good security header implementation. Privacy compliance is supported by a comprehensive privacy policy and GDPR adherence, with Matomo analytics used for privacy-conscious tracking. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.