Security Directory

E

ENPULSION GmbH

enpulsion.com

16

Enpulsion GmbH is a technology company specializing in advanced electric propulsion systems for small satellites such as CubeSats and SmallSats. The company is positioned as an innovative leader in the satellite propulsion market, offering modular and scalable thrusters designed to enhance satellite mobility and maneuverability. Their product portfolio includes high-performance propulsion units and a smart mobility interface, supported by proven flight heritage and industrial scale manufacturing capabilities. The website reflects a professional and modern digital presence, leveraging WordPress with advanced forms and interactive elements to engage their target audience of satellite manufacturers and space mission planners. Security posture is strong with HTTPS and no visible vulnerabilities, though some security headers could be improved. Privacy compliance is adequate with a clear privacy policy but lacks a cookie consent mechanism. Overall, the site demonstrates high business credibility and technical maturity, supporting Enpulsion's market position as a trusted provider in the space technology sector.

Nissan Motor Corporation operates a comprehensive global website that serves as a central hub for corporate information, sustainability initiatives, investor relations, innovation, and career opportunities. The company is a major player in the transportation industry with a strong global brand and a focus on sustainable mobility and advanced automotive technologies. The website targets a broad audience including consumers, investors, partners, and potential employees. Technically, the site employs a modern technology stack including jQuery, Swiper.js, Google Tag Manager, and OneTrust for cookie consent, indicating a mature digital infrastructure. The site is mobile optimized and well-structured for user experience and SEO. Security posture is strong with HTTPS enforced and use of standard security best practices, although explicit security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site reflects a high level of professionalism and trustworthiness consistent with a large multinational corporation.

A

Ableneo

ableneo.com

37

Ableneo is a medium-sized technology and transformation partner specializing in bridging business consulting with software engineering to support startups, scaleups, and corporates in driving innovation and growth. The company offers key services including AI & Data enabling, Business Optimization & Efficiency, Product Design & Development, and Software Engineering. With over 80 team members, multiple offices worldwide, and a client base exceeding 50, Ableneo positions itself as a trusted partner in the technology consulting space. Technically, the website is built on WordPress with modern plugins such as Yoast SEO, Contact Form 7, and Complianz GDPR for compliance. The hosting infrastructure appears to be on AWS, and the site uses various frontend technologies including Bootstrap, Swiper.js, and Lottie animations. SEO and mobile optimization are well implemented, though performance metrics indicate slow loading times. From a security perspective, the site lacks a valid SSL certificate and does not support any TLS protocols, which is a critical vulnerability. No advanced security headers or incident response policies are present. However, email authentication via SPF is configured, and no known SSL vulnerabilities like Heartbleed or POODLE are detected. Privacy compliance is strong with GDPR-aligned cookie consent and privacy policies. Overall, the website is professional and content-rich, but the absence of HTTPS significantly impacts its security posture and trustworthiness. Strategic improvements in SSL/TLS deployment and security headers are essential to enhance protection and user confidence.

.

.kloos digital GmbH

kloos.at

18

The website kloos.at represents .kloos digital GmbH, a small-sized digital marketing and SEO agency based in Vienna, Austria. The company offers a comprehensive suite of services including SEO, Google Ads, analytics, content marketing, social media marketing, web design, WordPress development, and training workshops. The site is professionally designed with excellent content quality and clear navigation, targeting businesses seeking digital marketing expertise primarily in the Austrian and German-speaking markets. Technically, the site is built on WordPress with modern libraries such as jQuery and uses plugins like Yoast SEO and Borlabs Cookie for SEO and privacy compliance. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical security shortfall. The cookie consent mechanism is well implemented, supporting GDPR compliance. Business contact information is clearly presented, including email, phone, and physical address, along with social media presence on LinkedIn, Facebook, and YouTube. Overall, the site demonstrates a strong market position with trust indicators such as client testimonials and structured data ratings.

L

Leifheit

leifheit.com

38

Leifheit is a well-established German retail company specializing in household and kitchen products, with a strong brand presence and a history of over 65 years. The website serves as an e-commerce platform built on Shopware 6, offering a wide range of products including cleaning tools, laundry drying solutions, and kitchen utensils. The site is professionally designed with good navigation, mobile optimization, and rich multimedia content, targeting household consumers seeking quality products. Technically, the site uses modern JavaScript libraries and integrates marketing and analytics tools such as Bazaarvoice, Klaviyo, and Google Tag Manager. However, a critical security gap exists as the website currently lacks a valid SSL/TLS certificate and does not enforce HTTPS, exposing users to potential risks. Security headers are partially implemented, but the absence of HTTPS severely impacts the overall security posture. Privacy and cookie policies are present and include consent mechanisms, indicating compliance with GDPR requirements. Contact information is available via a contact page, though no explicit emails or phone numbers are embedded in the HTML content. The domain registration and DNS records are consistent with the company's German origin and business claims, supporting legitimacy. Strategic recommendations include immediate implementation of HTTPS, enhancement of security policies, and improved incident response readiness to strengthen trust and compliance.

Pelipal is a well-established German manufacturer and retailer specializing in high-quality bathroom furniture with a history spanning over 110 years. The company targets consumers and retail partners primarily in Germany, Austria, and Switzerland, offering a broad product range including mounted and customizable bathroom furniture, mirrors, and accessories. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site uses a traditional Apache server with jQuery and other JavaScript libraries, managed via the dialogperfect® CMS platform. However, the website lacks HTTPS support, which is a critical security shortfall. Security headers are minimal, and no advanced security policies or incident response information is provided. The cookie consent mechanism is implemented, indicating some privacy compliance efforts. WHOIS data confirms the domain's legitimacy and consistency with the business claims. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

RMK Regionalmedien Kärnten GmbH operates the website Mein Sonntag, a regional media platform providing tourism and culinary content focused on the Alpen-Adria region. The site offers a mix of digital and print media, including articles, recipes, event information, and an online shop. The company is positioned as a trusted regional media provider with a consistent brand and a medium-sized operation based in Austria. Technically, the website is built on WordPress with WooCommerce and uses modern plugins and themes, ensuring good user experience and mobile optimization. Security posture is solid with HTTPS enabled and valid SSL certificates, though improvements like HSTS and OCSP stapling could enhance security further. Privacy compliance is well addressed with comprehensive privacy and cookie policies and active consent management. Overall, the website demonstrates a professional and trustworthy digital presence suitable for its audience and business goals.

L

LexisNexis Verlag ARD Orac GmbH & Co KG

lexisnexis.at

37

LexisNexis Österreich is a leading provider of intelligent legal, tax, and business information solutions in Austria, offering a broad portfolio of products including Lexis 360®, Lexis+ AI, compliance tools, and educational seminars. The company operates under the parent company RELX plc and targets professionals such as lawyers, tax advisors, companies, and public sector entities. The website demonstrates a high level of professionalism, rich content, and strong branding consistency, positioning LexisNexis as a market leader in its sector. Technically, the website is built on WordPress with modern front-end technologies and SEO best practices, including structured data and accessibility features. However, performance is rated slow, and hosting details are not fully clear. The site integrates marketing and analytics tools such as Google Tag Manager and OneTrust for cookie consent management. From a security perspective, the website lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data protection. While some security headers like HSTS are present, the overall SSL/TLS configuration is poor. Privacy and cookie policies are comprehensive and GDPR compliant, but no explicit security or incident response policies are found. Overall, the website is credible and professional but requires urgent security improvements to enable HTTPS and strengthen its security posture. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, and publishing security policies to enhance trust and compliance.

I

ISZ Markt

isz-markt.at

38

ISZ Markt is a leading Austrian wholesale distributor specializing in installer supplies, heating, electrical, and home technology products. With 70 locations across Austria and a strong parent company, Frauenthal Handel Gruppe AG, ISZ Markt serves professional installers and contractors with a broad product range and fast delivery services. The website is professionally designed using WordPress and Elementor, featuring comprehensive content, structured data, and good SEO practices. However, the website suffers from a critical security issue due to an invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts its security posture. Privacy compliance is well addressed with a cookie consent mechanism and detailed privacy policy. Contact is primarily via a contact form, with no direct emails or phone numbers publicly listed. Overall, the site is credible and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

Royal TenCate is a large multinational manufacturing group specializing in technical textiles and composite materials. The company operates through five independent subsidiaries, each focusing on niche markets such as protective fabrics, sports surfaces, outdoor textiles, survivability solutions, and advanced composites. The website serves as a portal directing visitors to these subsidiaries' individual sites. Technically, the website is built on the HubSpot CMS platform and hosted behind Cloudflare, but it lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. The site has basic SEO and accessibility features but lacks privacy and cookie policies, contact information, and security best practices such as vulnerability disclosure mechanisms. Overall, the security posture is weak due to missing HTTPS and modern TLS protocols, which significantly impacts trust and compliance. Strategic improvements in SSL deployment, privacy compliance, and security policies are recommended to enhance the website's credibility and user trust.

I

Interenergo d.o.o.

interenergo.si

35

Interenergo d.o.o. is a medium-sized energy company based in Slovenia, operating as part of the Austrian Kelag group since 2009. The company focuses on renewable energy investments, energy efficiency solutions, power purchase agreements, and energy trading across Southeast Europe. Their website is professionally designed with clear navigation and bilingual support, targeting businesses and investors interested in green energy solutions. Technically, the site uses modern JavaScript libraries and cookie consent mechanisms but lacks a valid SSL certificate, which is a critical security gap. Security headers are partially implemented, but the absence of HTTPS significantly lowers the security posture. Contact information and privacy policies are clearly provided, supporting GDPR compliance. Overall, the website is functional and trustworthy but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

P

Peschke

peschkedesign.at

31

Peschke Design GmbH is a well-established design agency based in Vienna, Austria, specializing in product design, UX/UI, app development, 3D visualization, and industrial design. With over 50 years of experience and a strong portfolio of reputable clients such as Carl Zeiss AG, ENGEL AUSTRIA GmbH, and Austrian Airlines, the company positions itself as a trusted partner for digital transformation and innovative design solutions. Their business model focuses on delivering comprehensive design and development services tailored to client needs, supported by a professional and content-rich website that targets businesses seeking high-quality design expertise. Technically, the website is built on WordPress, hosted on WP Engine, and uses Cloudflare as a CDN and proxy. It employs modern web technologies including React, jQuery, and Swiper.js, and supports multilingual content via WPML. SEO and accessibility are well addressed with Yoast SEO and adherence to WCAG guidelines. However, performance metrics are not available, though mobile optimization and navigation clarity are good. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. No TLS protocols are enabled, and security headers are minimal. While cookies are set with secure and HttpOnly flags, the absence of HTTPS exposes users to potential interception risks. Privacy compliance is strong with GDPR-aligned policies and a cookie consent mechanism. No explicit security or incident response policies are published. Overall, the website demonstrates high professionalism and business credibility but suffers from a critical security misconfiguration regarding SSL/TLS. Addressing this would significantly improve the security posture and trustworthiness of the site.

L

Ligabue

ligabue.it

26

Ligabue S.p.a. is a well-established company specializing in global food service and logistics for the maritime and energy sectors. The company operates in 16 countries with a network of 200 partners and suppliers across 417 ports, providing ship supply, cargo services, industrial services, and maritime hospitality. Their website reflects a professional and comprehensive digital presence, leveraging WordPress CMS and modern frontend technologies. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines user trust and data protection. Privacy policies are well addressed through a reputable third-party provider, indicating good compliance with GDPR standards. Overall, the company demonstrates strong business credibility and market positioning but must urgently address its security posture to align with best practices and regulatory requirements.

B

BDI Bioenergy

bdi-bioenergy.com

25

BDI-BioEnergy International GmbH is a medium-sized Austrian company specializing in technology development and industrial plant engineering focused on chemical recycling, bioenergy, and sustainable industrial solutions. The company positions itself as an innovative leader with a strong emphasis on research, development, and turnkey plant solutions for the circular economy. Their key services include biodiesel retrofit, advanced pretreatment, smart operations, biogas, and green technology solutions. The website is built on WordPress with a modern tech stack including Yoast SEO, WPML for multilingual support, and various plugins for user interaction and spam protection. However, the site lacks HTTPS, which is a critical security shortfall. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. The company holds ISO 9001:2015 certification, enhancing its credibility. Overall, the website is professional and well-structured but requires urgent security improvements to protect user data and enhance trust.

S

Steuerexperten Wien | Österreich

steuerexperten.at

40

Steuerexperten.at is a well-established Austrian tax consultancy and business advisory firm based in Vienna, offering a broad range of services including tax consulting, accounting, business immigration, and corporate services. The company targets both Austrian and international clients, leveraging a digital platform (steuerexperten.PRO) to enhance client engagement and document management. The website is professionally designed, multilingual, and rich in relevant content, reflecting a mature digital presence. Technically, the site is built on WordPress with modern plugins and frameworks, but suffers from a critical lack of valid SSL/TLS certification, exposing users to security risks. Privacy compliance is strong, with GDPR-aligned policies and cookie consent mechanisms in place. Contact information and trust signals such as certifications and testimonials are clearly presented, supporting business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect client data and enhance trust.

A

AEROCOMPACT Europe GmbH

aerocompact.com

23

AEROCOMPACT Europe GmbH operates as a global provider of photovoltaic mounting solutions, specializing in intelligent solar racking systems for roofs and open spaces. The company positions itself as a dynamic pioneer in the energy transition sector, offering both physical products and digital planning tools such as the Aerotool platform. Their market presence is supported by multiple global offices and a comprehensive service portfolio targeting solar engineers, project developers, and wholesalers. Technically, the website is built on TYPO3 CMS and employs modern web technologies including Google Tag Manager, Swiper.js, and Globe.gl for interactive features. While the site is content-rich and well-structured with good SEO practices, performance metrics indicate slow loading times, and accessibility features are basic. Mobile optimization is good, ensuring usability across devices. From a security perspective, the site lacks a valid SSL certificate and does not properly support HTTPS, which is a critical vulnerability. Security headers are minimal, and modern TLS protocols are not enabled. Despite these issues, the site uses secure cookies and has implemented privacy and cookie policies compliant with GDPR. Analytics and marketing tools are in use, with moderate user tracking. Overall, the website demonstrates strong business credibility and content quality but suffers from significant security shortcomings that must be addressed to protect user data and maintain trust. Strategic improvements in SSL/TLS configuration and security headers are recommended to elevate the security posture and compliance level.

Q

QimiQ Handels GmbH

qimiq.com

39

QimiQ Handels GmbH operates a well-established retail website focused on food products and cooking ingredients, targeting both consumers and professional chefs. The company offers a range of products such as QimiQ Classic, Sahne-Basis, Whip, Vegan, and Tiramisu, complemented by recipe content, professional workshops, and a newsletter. The website is multilingual and professionally designed, reflecting a consistent brand presence and active engagement through social media and marketing tools. Technically, the site is built on WordPress with modern plugins and frameworks, leveraging Cloudflare for CDN and caching. However, a critical security gap exists due to the absence of HTTPS/SSL, exposing users to potential risks. Privacy compliance is strong, with comprehensive policies and consent mechanisms in place. Overall, the site demonstrates good business credibility and user experience but requires urgent security improvements.

ARIAN is a medium-sized company specializing in premium full-service point-of-sale (POS) management and visual marketing solutions for retail and brands. The company offers comprehensive services including concept development, implementation, and innovation in marketing communication, targeting retailers and brand owners globally. The website is professionally designed using WordPress with strong SEO practices and structured data, supported by Cloudflare CDN for performance and security. However, the site lacks a valid SSL certificate, which is a critical security vulnerability, and does not provide visible contact information or cookie consent mechanisms on the homepage. These issues reduce the overall security posture and privacy compliance of the website. The domain registration data is consistent with the business claims, indicating legitimacy and trustworthiness.

P

Pan American Energy S.L., sucursal Argentina

pan-energy.com

35

Pan American Energy (PAE) is a leading integrated private energy company operating primarily in Argentina and the Latin American region. The company focuses on upstream oil and gas operations, downstream refining and distribution, and renewable energy projects. It positions itself as a major producer, employer, and investor in the energy sector of Argentina, with presence in neighboring countries. The website reflects a corporate and professional image with clear navigation and multilingual support, targeting investors, suppliers, and job seekers. Technically, the site is built on Microsoft SharePoint and ASP.NET technologies, leveraging modern JavaScript libraries and frameworks for UI and analytics integration. However, the absence of HTTPS and SSL certificates is a critical security flaw, exposing users to potential risks. Security headers are partially implemented, but key protections like HSTS and TLS protocols are missing. Privacy compliance is weak, with no visible cookie consent or GDPR indicators. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

G

GVO Personal GmbH

gvo-personal.de

22

GVO Personal GmbH operates as a personnel service provider specializing in staffing and job placement within the hospitality sector, including gastronomy, hotellerie, aviation, and event services. The company maintains a strong regional presence with approximately 50 locations across Germany and Austria, targeting both job seekers and corporate clients. Their business model focuses on flexible employment solutions such as temporary staffing and personnel leasing, supported by a professional and content-rich website that effectively communicates their offerings and brand identity. Technically, the website is built on Drupal 8 and incorporates modern front-end libraries such as Swiper.js and Font Awesome, alongside Google Tag Manager and Klaro for consent management. However, the site lacks a valid SSL certificate and does not support any TLS protocols, which is a critical security deficiency. Performance metrics are not available, but the site demonstrates good mobile optimization and SEO practices. From a security perspective, the absence of HTTPS and TLS protocols significantly undermines the site's security posture, exposing users to potential risks. While some security headers like Content-Security-Policy and X-Content-Type-Options are present, the lack of HSTS, OCSP stapling, and session resumption further weakens defenses. Privacy compliance is well addressed with comprehensive policies and a consent mechanism, reflecting GDPR adherence. Overall, the site presents a professional business front with good content and privacy practices but suffers from critical security shortcomings that must be addressed urgently to protect user data and maintain trust. Strategic improvements in SSL/TLS implementation and enhanced security configurations are recommended to elevate the site's security maturity and compliance standing.

S

SK STURM SALES & COMMUNICATION GMBH

sksturm.at

35

SK Sturm Graz is a well-established Austrian football club with a strong digital presence through its official website. The site offers comprehensive information about the club, including news, match schedules, team rosters, membership options, and an online shop. The business model revolves around sports entertainment, fan engagement, and commercial activities such as merchandise sales and sponsorships. The website demonstrates a high level of content quality and professional design, targeting football fans and stakeholders. Technically, the site uses modern frameworks like Vue.js and is built on Craft CMS, but lacks HTTPS, which is a critical security flaw. The absence of SSL/TLS significantly impacts the security posture, despite the presence of privacy and cookie policies that comply with GDPR. Overall, the site is functional and credible but requires urgent security improvements to protect user data and enhance trust.

D

Dr. Pendl & Dr. Piswanger GmbH

pendlpiswanger.at

20

Dr. Pendl & Dr. Piswanger GmbH is a well-established human resources consulting firm founded in 1980, operating primarily in Austria and Central and Eastern Europe with 14 offices. The company specializes in executive and expert search, personnel development, training, coaching, and consulting services. As a partner of the global InterSearch network, it holds a strong market position among top HR consultants in the region. The website reflects a professional and consistent brand image, targeting companies and candidates seeking HR solutions. Technically, the website uses Apache server technology with JavaScript and CSS frameworks, but lacks modern security features such as HTTPS, which is a critical vulnerability. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. However, the absence of SSL/TLS and security headers significantly impacts the security posture.

Vision Estate India is a medium-sized real estate company based in India, specializing in residential and commercial properties primarily in Gurgaon. Established in 1996 and ISO 9001:2008 certified, the company offers services including buying, selling, and renting properties. The website is built on WordPress with WooCommerce and Elementor, showcasing property listings, testimonials, and partner logos. However, the site lacks HTTPS, which significantly impacts its security posture. No privacy or cookie policies are present, indicating compliance gaps. The technical infrastructure is moderate but could benefit from performance and security improvements.

G

GATX Corporation

gatx.com

37

GATX Corporation is a well-established global leader in transportation asset leasing, with a diverse portfolio including railcars, locomotives, tank containers, and aircraft spare engines. The company holds a strong market position across North America, Europe, and India, supported by a comprehensive service offering and a commitment to sustainability and customer support. The website reflects a mature digital presence with professional design, clear navigation, and extensive business information tailored to customers, investors, and job seekers. Technically, the site leverages modern frameworks such as Vue.js and integrates advanced search and consent management tools, although performance is moderate and SSL/TLS configuration is currently lacking. Security headers are properly set, but the absence of a valid SSL certificate significantly impacts the security posture. Overall, the site is trustworthy and professional but requires urgent remediation of HTTPS to ensure secure communications and maintain user trust.

N

Nils Jürgens

nilsjuergens.com

35

Nils Jürgens operates a professional UX/UI design service website targeting businesses seeking digital product design expertise. The site presents a strong portfolio, client testimonials, and clear contact information, positioning the business as a trusted small-scale design consultancy in Austria. Technically, the website is built on WordPress using the Enfold theme, enhanced with Yoast SEO and WP Rocket for SEO and performance optimization. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall, exposing users to potential risks and undermining trust. The site lacks advanced security headers and cookie consent mechanisms, indicating partial privacy compliance. Overall, while the business and content quality are excellent, the security posture requires urgent improvement to meet modern standards and GDPR requirements.

Murexin GmbH is a medium-sized Austrian company specializing in manufacturing and distributing building materials and construction products. The company targets professional builders and tradespeople such as floor layers, tilers, painters, and masons, offering a broad product portfolio across six main categories. The website is well-structured, professionally designed, and optimized for SEO with multilingual support and social media integration. Technically, the site runs on WordPress with modern plugins and caching but critically lacks HTTPS, exposing users to security risks. The security posture is weak due to missing SSL/TLS and limited security headers, although privacy compliance is addressed with cookie consent mechanisms and a comprehensive privacy policy. Contact information is detailed with multiple physical locations and verified company emails and phone numbers. Overall, the site is credible and business-focused but requires urgent security improvements.

E

ErgoServices Ltd.

ergogroup.ie

40

ErgoServices Ltd. is a leading Irish IT solutions provider with over 30 years of experience, specializing in managed services, cloud infrastructure, digital transformation, security, and license management. The company holds prestigious certifications such as Microsoft Country Partner of the Year 2024 and Azure Expert MSP, positioning it strongly in the Irish technology market. Their target audience includes organizations in financial services, public sector, and life sciences sectors. The website reflects a professional and consistent brand with rich content and clear navigation, supporting their market position. Technically, the website is built on WordPress hosted on WP Engine with Cloudflare CDN, utilizing modern JavaScript libraries and SEO tools like Yoast. The site is mobile-optimized and includes multilingual support via WPML. However, performance metrics are unavailable, and accessibility is basic. Security headers are well implemented, but the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which is a significant security concern. The security posture shows strengths in header implementation and cookie security but is critically weakened by the lack of valid SSL/TLS encryption. No explicit security or incident response policies are found, and no vulnerability disclosure mechanism is present. Privacy compliance is strong with comprehensive privacy and cookie policies and consent mechanisms. Business credibility is high with clear company information, awards, and trust indicators. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure communications and improve its security score. Strategic recommendations include fixing SSL configuration, enabling modern TLS protocols, implementing vulnerability disclosure, and enhancing accessibility and performance monitoring.

C

CAE Expert Group GmbH

caeexpert.group

27

CAE Expert Group GmbH is a specialized provider of ECAD engineering services and software solutions, operating primarily in Austria and Germany. The company offers a broad range of services including system automation, consulting, software development, training, and project support, positioning itself as a trusted expert with TÜV SÜD certification. The website is professionally designed, content-rich, and targets businesses and professionals seeking ECAD system expertise. Technically, the website is built on WordPress with Elementor and employs modern SEO and cookie consent tools, but suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support. This significantly impacts the security posture and overall trustworthiness from a cybersecurity perspective. Privacy compliance is well addressed with GDPR-aligned policies and consent mechanisms. Contact information is comprehensive and transparent, supporting business credibility. Strategic improvements in SSL/TLS implementation and security headers are essential to elevate the security maturity and user trust.

J

Joint Vienna Institute

jvi.org

28

The Joint Vienna Institute (JVI) is a well-established regional training center founded in 1992, providing policy-oriented training primarily to public officials and selected private sector executives from Central, Eastern, and Southeastern Europe, the Caucasus, and Central Asia. Supported by international organizations such as the IMF, Austrian Finance Ministry, EBRD, and others, JVI offers a broad range of courses, webinars, and special events focused on economics, financial sector management, trade policy, and governance. The website reflects a professional and consistent brand with good content quality and clear navigation, targeting a specialized audience in the education and government sectors. Technically, the site is built on TYPO3 CMS with PHP 7.4, uses Bootstrap and jQuery for frontend, and integrates Matomo and Google Analytics for user tracking. The site is hosted likely by Telekom Austria based on DNS records. While the site is mobile-optimized and SEO-friendly, it lacks HTTPS support, which is a critical security shortfall. The absence of SSL/TLS encryption exposes users to potential data interception risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Security posture is weak due to missing HTTPS, lack of HSTS, and minimal security headers. No incident response or vulnerability disclosure information is provided. Business credibility is strong, supported by clear contact information, partner logos, and active social media presence. Overall, the site is trustworthy but requires urgent security improvements to protect user data and enhance trust. Recommendations include immediate implementation of HTTPS with a valid SSL certificate, enabling security headers, publishing a security policy and vulnerability disclosure, and upgrading PHP to a supported version to improve security and compliance.

Arjo is a well-established global healthcare company specializing in medical devices and solutions aimed at improving mobility and care for patients with reduced mobility and age-related health challenges. The company operates in over 100 countries with a large workforce and offers a broad portfolio including patient handling equipment, medical beds, hygiene solutions, disinfection products, and prevention systems for pressure injuries and venous thromboembolism. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design tailored to healthcare providers and institutions. Technically, the website leverages modern web technologies including Episerver CMS, Azure hosting, and multiple analytics and marketing tools such as Google Analytics, Siteimprove, Hotjar, and Microsoft Application Insights. The site is hosted on Microsoft Azure with Cloudflare CDN, ensuring global availability and performance. However, performance metrics were not available, and accessibility is rated as basic, suggesting room for improvement. From a security perspective, the site implements several important HTTP security headers and a detailed Content Security Policy. Nevertheless, the SSL certificate is currently invalid or missing, which is a critical vulnerability that undermines user trust and data security. HSTS is configured but not fully enabled, and session resumption mechanisms are absent. No known vulnerabilities or malware were detected, and no WAF or blocking mechanisms interfere with site access. Overall, the website demonstrates strong business credibility and privacy compliance with clear policies and consent mechanisms. The main risk lies in the SSL certificate issue, which should be addressed promptly to maintain security posture and user confidence. Strategic recommendations include renewing the SSL certificate, enabling full HSTS, and enhancing accessibility and performance monitoring.

H

Habich GmbH

habich.com

37

Habich GmbH is a well-established Austrian manufacturer specializing in inorganic specialty pigments for various industrial applications including coatings, construction chemicals, ceramics, printing inks, and plastics. The company has a long tradition dating back to 1846 and serves a global B2B market with a broad product portfolio including corrosion protection pigments, organic colorants, pigment preparations, and aqueous binder dispersions. Their website reflects a consistent and professional brand image with detailed product information and clear contact details. Technically, the site uses modern front-end libraries and the SilverStripe CMS, but lacks a valid SSL certificate, which is a critical security gap. The cookie consent mechanism is implemented and GDPR compliant, supporting privacy best practices. However, no explicit security policies or incident response information is provided. Overall, the website is functional and professional but requires urgent security improvements to enable HTTPS and enhance trust.

A

Amway Global

amwayglobal.com

40

AmwayGlobal.com serves as the official digital presence of Amway Corporation, a globally recognized leader in direct selling and wellness products. The website effectively communicates the company's extensive product portfolio, business opportunities, and corporate social responsibility initiatives, targeting health-conscious consumers and entrepreneurs worldwide. The site demonstrates a mature digital infrastructure leveraging WordPress CMS, modern JavaScript libraries, and performance optimization tools, ensuring a good user experience across devices. However, the absence of a valid SSL certificate and disabled TLS protocols represent significant security gaps that undermine the site's secure communication capabilities. While security headers and privacy policies are well implemented, the lack of HTTPS is a critical issue that should be addressed promptly. Overall, the website reflects a reputable enterprise with strong branding and compliance posture but requires urgent improvements in its SSL/TLS configuration to enhance trust and security.

M

Management Events

managementevents.com

35

Management Events is a B2B technology-focused event and networking platform that connects IT solution providers with over 10,000 high-level executives across Europe. The company offers curated 1-to-1 meetings, exclusive networking events, and branding opportunities to facilitate business growth and market expansion. The website is professionally designed using HubSpot CMS and integrates modern marketing and analytics tools such as Cookiebot and Google Tag Manager. However, the site lacks a valid SSL certificate, which significantly impacts its security posture. Privacy compliance is partially addressed through cookie consent mechanisms, but no explicit privacy policy or security incident response information is published. The domain is mature and consistent with the business's claimed history, enhancing credibility despite some minor security and compliance gaps.

T

TEDAI Vienna

tedxvienna.at

33

TEDAI Vienna is a prestigious, application-only TED conference focused on Artificial Intelligence, held in Vienna, Austria. It targets business leaders, innovators, and thinkers across multiple sectors including technology, healthcare, finance, and policy. The event offers a premium experience with curated TED Talks, workshops, networking, and exclusive dinners. The website is professionally designed, rich in content, and well-branded, reflecting a strong market position as Europe's exclusive TED AI event. Technically, the site uses modern web technologies such as Webflow CMS, Swiper.js, GSAP, and is hosted behind Cloudflare, but suffers from critical SSL/TLS misconfigurations that undermine its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. However, the absence of explicit contact emails and phone numbers limits direct communication channels. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent security improvements to protect user data and ensure secure communications.

W

WordPress

kapschcarrier.com

40

KapschCarrier.com is a small-scale WordPress-based blog focused on telecommunications policy and 5G network insights. The site provides regularly updated content authored by an identified individual, targeting telecom professionals and enthusiasts. Technically, the site uses WordPress with common libraries like jQuery and Swiper.js, hosted behind Cloudflare. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical security deficiency. No privacy, cookie, or terms of service policies are published, and no contact information is available, limiting trust and compliance. The site has good SEO metadata and structured data but lacks analytics or advertising integrations. Overall, the site is functional but has significant security and compliance gaps that should be addressed to improve trustworthiness and user safety.

E

ertex solar

ertex-solar.at

40

Ertex solar is a specialized company focused on building-integrated photovoltaics (BIPV), offering innovative solar energy solutions integrated into architectural elements such as façades, balconies, and roofs. With a strong emphasis on aesthetics and energy transition, the company serves architects, developers, and environmentally conscious clients globally. The website reflects a mature digital presence with professional design, multilingual support, and comprehensive product information. Technically, the site runs on a modern WordPress stack with SEO and performance optimizations, hosted on OVHcloud. Security posture is solid with HTTPS and multiple security headers, though SSL/TLS protocol support requires enhancement. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the domain and WHOIS data corroborate the legitimacy and consistency of the business claims.

V

Vereinigte Bühnen Wien

musicalvienna.at

31

Musical Vienna, operated by Vereinigte Bühnen Wien, is the official platform for musicals at the Raimund Theater and Ronacher in Vienna, Austria. It serves as a comprehensive source for musical event information, ticket sales, souvenirs, and membership benefits. The website targets musical theater enthusiasts locally and internationally, positioning itself as a leading cultural entertainment provider in Vienna. Technically, the site uses a custom CMS with modern JavaScript libraries such as jQuery and Swiper.js, integrates embedded Vimeo videos, and employs Google Tag Manager and Truendo Privacy Center for analytics and consent management. However, the site critically lacks a valid SSL certificate and HTTPS support, which severely impacts its security posture. While privacy and cookie policies are well implemented with consent mechanisms, the absence of HTTPS and TLS protocols exposes users to potential risks. Business credibility is strong with clear branding, partner and sponsor affiliations, and active social media presence. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect user data and maintain trust.

P

pc-web: it-solutions GmbH

pc-web.at

21

pc-web: it-solutions GmbH is an Austrian IT service provider specializing in IT solutions, software development, cloud computing, telephony, and online solutions. The company targets businesses and organizations seeking tailored and secure IT services. Their market position is that of an established regional provider with a medium-sized operation founded in 2023. The website presents a professional and comprehensive overview of their services, supported by customer testimonials and structured data indicating legitimacy. Technically, the website uses modern JavaScript frameworks and analytics tools but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with cookie consent and a comprehensive privacy policy. Overall, the security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Strategic improvements in SSL configuration and security headers are recommended to enhance trust and protect users.

Ghezzo GmbH is a small Austrian company specializing in B2B seminars, conferences, and consulting services primarily targeting professionals in sectors such as real estate, hospitality, and education. The company maintains a professional online presence with a well-structured website built on the Contao CMS platform, leveraging modern frontend technologies like Bootstrap 5 and Swiper.js. The website offers comprehensive information about events, seminars, and consulting offerings, supported by active social media channels and a newsletter subscription mechanism. However, the technical infrastructure shows critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly undermines the site's security posture. While privacy compliance is addressed with a cookie consent mechanism and a detailed privacy policy, the lack of security headers and slow page load times further impact the overall security and user experience. WHOIS data confirms the legitimacy of the domain registration consistent with the company's business claims. Strategic improvements in security and performance are recommended to enhance trust and compliance.

I

IFE Aufbereitungstechnik GmbH

ife-bulk.com

40

IFE Aufbereitungstechnik GmbH is a well-established Austrian manufacturer specializing in vibratory conveyors, screening machines, and magnetic separators for bulk material processing. With over 70 years of industry experience, IFE holds a strong market position as a leading global supplier offering customized and integrated machinery solutions. The company also embraces digital transformation through its i-STEP product line, providing smart tools and analytics for efficient processing. The website reflects a professional and comprehensive digital presence, supporting multiple languages and featuring extensive customer references and contact options. Technically, the website is built on the TYPO3 CMS platform, leveraging modern frontend technologies such as Bootstrap, Font Awesome, and Swiper.js. It uses Amazon CloudFront for content delivery and integrates marketing and analytics tools including HubSpot, Google Analytics, LinkedIn scripts, and Mailchimp. The site is mobile-optimized with good navigation and SEO practices, although performance metrics were not available. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability impacting user trust and data protection. While several security headers are implemented, the absence of TLS protocols and proper certificate management significantly lowers the security posture. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms in place. Contact information is clearly provided, enhancing business credibility. Overall, the website demonstrates strong business credibility and content quality but requires urgent security improvements to protect visitors and maintain trust. Strategic recommendations include immediate SSL/TLS deployment, enabling modern security protocols, and enhancing security header configurations to align with best practices.

W

wild GmbH

wild.as

29

wild GmbH is a technology and design company specializing in creating award-winning digital products such as websites, apps, and digital content for modern brands, startups, and enterprises. The company positions itself as an innovative partner combining design, technology, and business strategy. Their website reflects a professional and consistent brand image with extensive project showcases and active social media presence. Technically, the website uses modern JavaScript libraries and image CDN services but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security. The absence of HTTPS and security headers exposes the site to potential risks. Privacy compliance is partially addressed with a cookie consent banner and privacy policy, though GDPR compliance is not clearly demonstrated. No direct contact information is provided on the site, which may affect user trust. WHOIS data confirms the domain is active and registered without privacy protection, consistent with the business profile. Overall, the site is content-rich and professionally designed but requires urgent security improvements to meet modern standards.

P

Plasser & Theurer

plassertheurer.com

19

Plasser & Theurer is a well-established Austrian company specializing in the development, construction, and export of railway track maintenance machinery with over 60 years of industry presence. The company serves railway infrastructure operators and maintenance professionals globally, supported by a broad network of subsidiaries and partners. Their website reflects a professional and comprehensive digital presence, showcasing their products, services, and international reach. Technically, the website is built on TYPO3 CMS and uses modern JavaScript libraries such as Swiper.js for UI components and Matomo for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and user trust. Performance is slow, and no advanced security headers or domain protection mechanisms are in place. Security-wise, the lack of HTTPS and security headers exposes visitors to risks, and the absence of cookie consent mechanisms raises compliance concerns under GDPR. The WHOIS data confirms a mature and consistent domain registration aligned with the company's identity, enhancing legitimacy. Overall, while the business and content quality are strong, the security and privacy compliance gaps present significant risks. Strategic recommendations include immediate implementation of HTTPS, security headers, and cookie consent mechanisms, alongside enhancing domain security configurations. These steps will improve trust, compliance, and overall security posture, supporting the company's reputable market position.

B

BIGagency

bigagency.es

31

BIGagency is a digital marketing franchise business offering a comprehensive suite of services including branding, social media management, web design, digital marketing, content and video production, and e-commerce solutions. The company targets marketing professionals and commercial agents seeking to establish their own digital agency with low upfront investment. The website is built on WordPress using Elementor and integrates marketing tools such as ActiveCampaign and Google Tag Manager. However, the site lacks a valid SSL certificate, which is a critical security concern. Contact information is clearly provided with multiple physical locations in Portugal, Germany, and Spain, supporting a European market presence. Privacy and cookie policies are absent, indicating compliance gaps.

W

Wilhelm Schwarzmüller GmbH

schwarzmueller.com

38

Wilhelm Schwarzmüller GmbH operates as one of Europe's largest providers of towed commercial vehicles, specializing in manufacturing and servicing premium transport solutions tailored to various industries such as construction, logistics, and tank transport. The company maintains a strong market position with a broad portfolio of over 150 vehicle types and a commitment to quality, evidenced by ISO certifications and industry awards. Their digital presence is robust, featuring multilingual support, active social media channels, and comprehensive customer service offerings including telematics and rental services. Technically, the website is built on WordPress with modern frameworks and SEO optimizations, although it lacks HTTPS encryption, which is a significant security concern. The security posture is weak due to the absence of SSL/TLS, HSTS, and other critical security headers, exposing users to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding, detailed contact information, and trust signals. Strategic improvements in security infrastructure are essential to enhance trust and protect user data.

K

Kempinski Hotels

kempinski.com

40

Kempinski Hotels is a well-established luxury hospitality brand offering five-star hotels and resorts worldwide. The website reflects a mature and professional digital presence with comprehensive content targeting luxury travelers and business clientele. The brand emphasizes direct booking, loyalty programs, and a rich portfolio of global destinations. Technically, the site uses modern frameworks such as Next.js and React, hosted behind Cloudflare, ensuring good performance and mobile optimization. However, a critical security gap exists due to the absence of SSL/TLS certificates, severely impacting the security posture. While security headers are properly configured, the lack of HTTPS undermines user trust and data protection. Privacy and legal policies are comprehensive and GDPR compliant, but no cookie consent mechanism was detected. Overall, the site is professional and credible but requires urgent security improvements to protect user data and maintain trust.

C

CRIF Österreich

crif.at

40

CRIF Österreich operates as a leading provider of credit and risk management solutions, serving both businesses and private individuals primarily in Austria but also internationally. The company offers a broad portfolio including creditworthiness assessments, compliance, ESG risk management, identity management, and marketing services. The website reflects a mature enterprise with consistent branding and comprehensive content tailored to its target audience. Technically, the site uses modern JavaScript libraries and frameworks such as jQuery, Bootstrap, and Swiper.js, alongside Matomo analytics and Usercentrics for consent management. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are well implemented, indicating good GDPR compliance. Overall, the site is professional and trustworthy but requires urgent security improvements.

F

Festspielhaus St. Pölten

festspielhaus.at

36

Festspielhaus St. Pölten is a prominent cultural venue in Austria specializing in dance, music, and architectural events. The website serves as a comprehensive platform for event information, ticket sales, subscriptions, and educational programs, targeting a diverse audience including families, schools, and cultural enthusiasts. The business is well-positioned regionally with a strong brand presence and partnerships with local institutions. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. The security posture is basic with no advanced headers or HTTPS, though privacy compliance is well addressed with detailed cookie and privacy policies. Overall, the site is professional and content-rich but requires urgent security improvements to enhance trust and compliance.

P

pluradent-austria.at

pluradent-austria.at

37

The website pluradent-austria.at operates as an affiliate media platform specializing in online casino reviews and rankings targeted at Austrian players. It provides comprehensive content on casino options, bonuses, payment methods, legal considerations, and responsible gambling. The site is hosted behind Cloudflare and uses modern JavaScript libraries like Swiper.js for UI components. However, the site lacks a valid SSL certificate, resulting in no secure HTTPS connection, which significantly impacts its security posture. Security headers are present but cannot compensate for the missing SSL. Privacy compliance is poor due to the absence of privacy and cookie policies, and no contact information is provided, limiting business credibility. Overall, the site offers good content quality and moderate professionalism but requires urgent improvements in security and privacy to enhance trust and compliance.

C

Chrisanne Clover

chrisanne.com

38

Chrisanne Clover operates a professional e-commerce platform specializing in premium dancewear, including competition couture, practice wear, fabrics, and crystals. The company targets dancers and dance enthusiasts, offering bespoke couture services and a wide product range. The website is built on Magento and hosted behind Cloudflare, leveraging modern marketing and analytics tools such as Google Analytics, Google Tag Manager, and Cookiebot for privacy compliance. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which significantly weakens its security posture. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Overall, the business presents itself as a reputable and established player in the dancewear retail sector, but urgent improvements in security infrastructure are recommended to protect customer data and enhance trust.

E

ekey biometric systems GmbH

ekey.net

35

ekey biometric systems GmbH is a medium-sized Austrian technology company founded in 2002, specializing in fingerprint-based access control and smart home integration solutions. The company holds a leading market position in Europe for fingerprint access systems, offering a range of products including door-integrated fingerprint readers, wall-mounted units, and retrofit kits. Their business model focuses on manufacturing, sales, and providing support and training services. The website reflects a mature digital presence with multilingual support and comprehensive product information targeting homeowners, businesses, and smart home users. Technically, the site is built on WordPress with modern plugins and analytics tools, but suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Security headers are well configured, and privacy compliance is strong with GDPR-aligned policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.