Security Directory

E

ekey biometric systems GmbH

ekey.net

35

ekey biometric systems GmbH is a medium-sized Austrian technology company founded in 2002, specializing in fingerprint-based access control and smart home integration solutions. The company holds a leading market position in Europe for fingerprint access systems, offering a range of products including door-integrated fingerprint readers, wall-mounted units, and retrofit kits. Their business model focuses on manufacturing, sales, and providing support and training services. The website reflects a mature digital presence with multilingual support and comprehensive product information targeting homeowners, businesses, and smart home users. Technically, the site is built on WordPress with modern plugins and analytics tools, but suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Security headers are well configured, and privacy compliance is strong with GDPR-aligned policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

D

DORDA Rechtsanwälte GmbH

dbj.at

40

DORDA Rechtsanwälte GmbH is a leading Austrian law firm specializing in business and economic law, offering a broad range of legal services including transactions, restructurings, and digital transformation advisory. The website reflects a professional and comprehensive digital presence with excellent content quality and user experience, targeting business clients nationally and internationally. Technically, the site is built on Drupal 10 with modern features such as video backgrounds and Matomo analytics, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. However, the absence of HTTPS and security headers significantly lowers the security posture. Overall, the domain registration data aligns well with the business identity, supporting legitimacy and trustworthiness.

M

MERKUR GAMING

merkur-gaming.com

40

MERKUR GAMING is an international sales and development brand under the German-based Gauselmann Group, specializing in gaming machines, linked progressive jackpots, and related gaming products. The website targets B2B clients in the gaming industry, offering a portfolio of games, cabinets, and linked solutions. The company maintains a consistent and professional brand presence with active social media channels and a corporate website featuring product showcases and news updates. Technically, the website uses a traditional Apache server with a variety of JavaScript libraries including jQuery and Bootstrap, and integrates a Usercentrics consent management platform along with Matomo analytics for privacy-conscious tracking. However, the site lacks HTTPS encryption, which is a critical security vulnerability. Security headers are partially implemented, but the absence of SSL/TLS severely impacts the security posture. Privacy compliance is supported by a cookie consent mechanism and a basic privacy policy, though no explicit security or incident response policies are found. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Ö

Österreichische Staatsdruckerei

staatsdruckerei.at

32

The Österreichische Staatsdruckerei (Austrian State Printing House) is a well-established government-related entity specializing in secure identity document production and digital identity solutions. With over 200 years of experience, it holds a strong market position internationally, offering tailored ID products and digital government services. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding consistency. Technically, the site is built on WordPress with modern SEO and analytics tools, but suffers from a critical SSL/TLS misconfiguration that undermines its security posture. Privacy compliance is robust, featuring detailed policies and a consent mechanism. Overall, the business credibility is high, supported by multiple certifications and active social media engagement.

N

Next Research GmbH

nextresearch.org

40

Next Research GmbH is a specialized contract research organization (CRO) based in Austria, focusing on clinical research, scientific consulting, and market analytics primarily in the healthcare sector, especially interventional radiology. The company leverages a decade of experience and strong ties to the CIRSE medical society to deliver tailored research services. Their website presents a professional image with comprehensive service descriptions, a detailed team section, and clear contact options including direct scheduling links. Technically, the site is built on WordPress with modern plugins for cookie consent and analytics, but suffers from a critical lack of a valid SSL certificate, impacting security and trust. Privacy policies are thorough and GDPR compliant, with user-friendly cookie consent mechanisms and opt-out options for analytics tracking. Overall, the business appears credible and well-positioned in its niche, but the absence of HTTPS is a significant security gap.

S

Scigility Switzerland AG

scigility.com

23

Scigility Switzerland AG is a specialized technology company focused on delivering advanced data solutions including AI, machine learning, data strategy, and governance primarily to enterprise clients in finance, healthcare, manufacturing, and utilities sectors. The company has a mature market presence with a domain age of 12 years and a strong client portfolio including major Swiss corporations. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates analytics tools such as Matomo and Google Analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness that undermines user trust and data protection. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the business credibility and website professionalism are high, but the security posture requires urgent improvement.

W

Wittur Group

wittur.com

40

Wittur Group operates as a leading global supplier of elevator components, offering a broad portfolio including doors, cars, drives, safety devices, and modernization solutions. The company targets elevator manufacturers, suppliers, and service providers, positioning itself as a trusted B2B partner in the transportation sector. Their website reflects a mature digital presence with comprehensive product information, customer service tools, and compliance documentation. Technically, the site uses a modern tech stack including jQuery, Bootstrap, and analytics platforms like Google Analytics and Matomo. However, the absence of a valid SSL certificate and lack of security headers represent significant security weaknesses that could impact user trust and data protection. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the website is professional and content-rich but requires urgent security improvements to meet industry best practices.

A

Austria Wirtschaftsservice Gesellschaft mbH

awsg.at

40

Austria Wirtschaftsservice Gesellschaft mbH (aws) is the official Austrian federal promotional bank dedicated to fostering innovation and economic growth within Austria. The website serves as a comprehensive portal for Austrian entrepreneurs and companies seeking funding, subsidies, and advisory services. It offers a broad range of programs targeting startups, SMEs, and established companies, with a strong emphasis on energy, sustainability, and internationalization. The site is well-branded, professionally designed, and provides clear navigation and rich content in German, targeting primarily Austrian businesses and innovators. Technically, the website is built on TYPO3 CMS and uses Apache as the web server. It integrates Matomo analytics for privacy-compliant user tracking and employs modern web technologies including CSP and various security headers. However, the SSL/TLS configuration is currently invalid or missing, which is a critical security concern. Performance metrics are not available, but the site appears mobile-optimized and accessible. From a security perspective, while several security headers are implemented, the lack of a valid SSL certificate and disabled TLS protocols significantly reduce the security posture. No explicit security or incident response policies are found on the site. Privacy compliance is strong, with a clear cookie consent mechanism and a comprehensive privacy policy in place, aligned with GDPR requirements. Overall, the site is a credible and professional government service platform with excellent content and user experience but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and improve trustworthiness.

Wieland Austria Ges.m.b.H. is a well-established manufacturing company specializing in copper tubes and semi-finished and finished copper alloy products. Founded in 1904 and part of the global Wieland Group since 1999, it holds a strong market position in Europe with modern production sites in Amstetten and Enzesfeld, Austria. The company targets industrial and energy sectors, providing engineered products and services with a focus on quality and sustainability. The website reflects a professional digital presence with comprehensive content, certifications, and contact options. Technically, the site uses modern CMS and caching technologies but lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a consent management platform and clear policies. However, the absence of incident response and vulnerability disclosure information indicates room for improvement in security transparency. Overall, the website is credible and professional but requires urgent SSL/TLS remediation to ensure secure communications and trust.

C

CompuGroup Medical

cgm.com

40

CompuGroup Medical is a global healthcare technology company specializing in digital healthcare solutions and services. The website serves as a corporate portal providing information about the company, its vision, press releases, and localized country pages. The company targets healthcare providers and industry professionals with a B2B business model. The website is built on modern technologies including Neos CMS and Flow Framework, hosted behind Cloudflare, and uses Matomo for analytics. However, the site suffers from an invalid SSL certificate, which undermines its HTTPS security and overall trustworthiness. Security headers are well implemented but the lack of valid TLS protocols and HSTS reduces the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Social media presence is strong, supporting brand trust. Overall, the website is professional and content-rich but requires urgent SSL/TLS remediation to improve security and user trust.

Elekta is a global enterprise specializing in precision radiation medicine and cancer care solutions. Their website showcases a comprehensive portfolio of products including radiation therapy machines, stereotactic radiosurgery, oncology software, brachytherapy, and neurosurgery systems. The company targets clinicians, healthcare providers, and patients seeking advanced cancer treatment technologies. Elekta maintains a strong market position as a leader in healthcare technology with a professional and consistent brand presence. Technically, the website is hosted on AWS infrastructure using modern web technologies and includes advanced tracking and marketing tools such as Matomo and Pardot. However, the security posture is weakened by an invalid SSL certificate and disabled TLS protocols, which are critical issues that must be addressed to ensure secure communications. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the website is professional, trustworthy, and content-rich but requires urgent SSL/TLS remediation to improve security and user trust.

faigle Kunststoffe GmbH is a medium-sized, family-owned company specializing in thermoplastic plastic solutions for industrial sectors such as transportation, intralogistics, public transport, and manufacturing. The company offers a range of products including machined finished parts, holding loops, plastic rollers, and semi-finished products, supported by an online shop. The business is positioned as an innovative and quality-focused player with international subsidiaries and recognized certifications like the Red Dot Design Award and Creditreform creditworthiness certificate. Technically, the website uses nginx, Google Tag Manager, and Matomo Analytics, but lacks a valid SSL certificate, resulting in insecure HTTP access and weak security posture. Privacy policies and cookie consent mechanisms are comprehensive and GDPR compliant. The website is well-structured, mobile-optimized, and professionally branded, though performance is slow and accessibility is basic. Security headers are partially implemented but critical SSL/TLS deficiencies significantly reduce the security score. Overall, the domain registration is consistent and legitimate, matching the business claims.

E

e7 GmbH

e-sieben.at

28

e7 GmbH is an Austrian energy and environmental engineering consultancy specializing in energy efficiency, renewable energy, and climate protection. The company offers a broad range of services including energy audits, management, consulting for new construction and renovations, energy innovations, and international projects. Their market position is that of a specialized small enterprise with a strong focus on sustainable energy solutions. The website content is professionally presented, targeting businesses and organizations interested in energy and climate solutions. Technically, the website is built on the webEdition CMS platform and uses Matomo for analytics, reflecting a privacy-conscious approach. However, the site suffers from a lack of HTTPS support and valid SSL certificates, which significantly undermines its security posture. Performance is slow, and no modern TLS protocols or security headers are configured, exposing the site to potential risks. From a security perspective, the absence of HTTPS and security headers are critical vulnerabilities. No explicit security policies or incident response contacts are provided, which could impact trust and compliance. Privacy compliance is reasonably good due to the presence of a comprehensive privacy policy and cookie information, although no explicit consent mechanism is observed. Overall, the website is functional and professional but requires urgent security improvements, especially enabling HTTPS and implementing security best practices. Strategic recommendations include obtaining a valid SSL certificate, enabling HSTS, adding security headers, and enhancing incident response transparency to improve trust and compliance.

R

retailsolutions AG

retailsolutions.ch

27

retailsolutions AG is a leading SAP Retail consulting firm in Europe, specializing in digital transformation, forecasting, omnichannel customer centricity, and analytics solutions. With over 350 employees and multiple international offices, the company supports retail clients worldwide in implementing SAP projects with a focus on sustainable and future-proof IT solutions. The website reflects a professional and content-rich digital presence, leveraging TYPO3 CMS and modern web technologies to deliver a good user experience and clear navigation. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS support, which severely impacts the security posture and user trust. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the business credibility and content quality are high, but urgent improvements in security infrastructure are necessary to protect users and enhance trust.

N

NCT Heidelberg

nct-heidelberg.de

40

NCT Heidelberg is a prominent German healthcare and research institution specializing in oncology. The website serves multiple audiences including patients, physicians, and researchers, offering comprehensive information on patient care, clinical studies, and cancer research programs. The site is well-structured and professionally designed, reflecting its institutional nature and affiliations with major German research and medical organizations. Technically, the website is built on TYPO3 CMS and integrates modern consent management tools like Usercentrics, alongside Matomo for privacy-focused analytics. However, the absence of a valid SSL certificate is a critical security flaw that undermines user trust and data protection. Security headers are partially implemented, but DNSSEC and proper CAA records are missing, indicating room for improvement in DNS security. Privacy compliance is strong with clear GDPR mechanisms in place. Overall, the site demonstrates good business credibility and content quality but requires urgent security enhancements to meet modern standards.

P

pixelart GmbH

pixelart.at

33

pixelart GmbH is a well-established full-service digital agency based in Austria with offices in Salzburg and Vienna. The company specializes in delivering innovative digital solutions including web experiences, digital commerce platforms, digital products, business solutions, and online marketing services. Their market position is strong, supported by a comprehensive portfolio of case studies and a diverse client base across various industries. The website demonstrates a high level of digital maturity with the use of TYPO3 CMS, responsive design, and multimedia content. However, the security posture is weakened by the absence of a valid SSL certificate, which is critical for protecting user data and ensuring trust. Privacy compliance is well addressed with a comprehensive GDPR-compliant privacy policy, though cookie consent mechanisms are missing. Overall, pixelart GmbH presents as a credible and professional digital agency with room for improvement in security infrastructure.

A

AMAG Austria Metall AG

amag.at

27

AMAG Austria Metall AG is a well-established Austrian manufacturer specializing in environmentally friendly and future-oriented aluminium products and solutions. The company serves various industries including automotive, aerospace, industrial goods, and consumer goods, positioning itself as a leader in the aluminium manufacturing sector. Their website provides comprehensive information about their products, corporate values, investor relations, media, and career opportunities, targeting business customers and industry partners. The digital infrastructure is based on TYPO3 CMS with integration of modern frontend frameworks and analytics tools such as Matomo and Cookiebot for privacy compliance. However, the absence of a valid SSL certificate and HTTPS implementation significantly weakens the security posture. While security headers like Content Security Policy and X-Content-Type-Options are present, critical improvements are needed to secure data transmission and enhance trust. Overall, the website is professional and content-rich but requires urgent security upgrades to meet modern standards.

S

SPIDI Friedl & Partner Unternehmensberatungs GmbH

spidi.at

28

SPIDI Friedl & Partner Unternehmensberatungs GmbH operates a professional language and intercultural learning institute based in Vienna, Austria. The company offers a broad portfolio of language courses, including group and individual training, online courses, and certification test centers such as ÖSD and Linguaskill. The business targets both private individuals and corporate clients, positioning itself as a quality provider in adult education with recognized certifications. The website reflects a mature digital presence built on WordPress with modern SEO and consent management tools, supporting GDPR compliance. However, the absence of a valid SSL certificate undermines the security posture and user trust. The company maintains clear contact channels and social media engagement, enhancing business credibility.

D

dmcgroup

dmcgroup.eu

24

dmcgroup is a design and digital agency specializing in strategic consulting, branding, UX/UI design, and web and software development. Positioned as a top-ten brand agency in Austria with notable industry rankings, it serves a diverse clientele including national and international companies. The website reflects a professional and consistent brand image with comprehensive service offerings and strong trust indicators such as reputable client logos and industry recognition. Technically, the site is built on WordPress with modern frontend libraries and caching mechanisms, but lacks a valid SSL certificate, which is a critical security gap. Security headers are partially implemented, and privacy policies are present and GDPR compliant, though cookie consent mechanisms are not evident. Overall, the security posture is basic and requires urgent improvements to protect user data and enhance trust. The website is accessible and well-structured, with good mobile optimization and SEO practices, but performance metrics are missing and inferred to be slow. Strategic recommendations include immediate SSL deployment, enabling modern TLS protocols, enhancing security headers, and implementing cookie consent mechanisms to improve compliance and user trust.

D

Dr. Andreas Riedler Facharzt für HNO, Kopf- und Halschirurgie

der-hno-arzt.at

40

Dr. Andreas Riedler operates a specialized ENT medical practice based in Wels, Austria, providing comprehensive ear, nose, and throat healthcare services including examinations, therapies, and surgeries. The website targets local patients seeking trusted medical care and emphasizes personalized patient relationships and appointment scheduling. Technically, the website is built on a CMS platform (ZMS) with standard web technologies and integrates Matomo analytics for user behavior tracking with privacy opt-out features. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security weaknesses that undermine user trust and data protection. Privacy and cookie policies are present but basic, and no terms of service or incident response policies are published. Overall, the website is functional and professionally presented but requires urgent security improvements to meet modern standards.

O

OC Oerlikon Management AG

oerlikon.com

40

OC Oerlikon Management AG is a global industrial technology leader specializing in surface technologies, advanced materials, and additive manufacturing solutions. The company serves key growth markets including automotive, aerospace, energy, tooling, and luxury sectors through a portfolio of subsidiaries and partner brands. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. However, the technical infrastructure shows critical security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which poses significant risks to user trust and data security. Privacy compliance is well addressed with a robust cookie consent mechanism and clear privacy policies. Overall, the business demonstrates high legitimacy and market positioning but requires urgent improvements in security posture to align with best practices.

C

COLOP Stempelerzeugung Skopek Gesellschaft m.b.H. & Co. KG

colop.com

28

COLOP Stempelerzeugung Skopek Gesellschaft m.b.H. & Co. KG is a well-established Austrian manufacturer specializing in stamps and marking solutions with a global footprint. Founded in 1981, the company operates multiple subsidiaries worldwide and offers a broad range of products including traditional stamps, mobile printing devices, and creative arts and crafts stamps. Their business model combines manufacturing with e-commerce and partner distribution, targeting both professional and creative markets. The website reflects a professional and comprehensive digital presence with strong branding and content quality.

W

Werner Mertz Professional

wmprof.com

31

Werner Mertz Professional is a medium-sized manufacturing company specializing in high-performance hygiene solutions for professional cleaning markets. With over 50 years of history and a strong commitment to sustainability, the company operates under well-known brands such as Green Care Professional and Tana Professional. The website reflects a mature digital presence with comprehensive content, professional design, and strong SEO practices. However, the lack of a valid SSL certificate and proper HTTPS configuration represents a significant security risk that undermines user trust and data protection. The company has implemented cookie consent mechanisms and privacy policies compliant with GDPR, indicating awareness of privacy regulations. Overall, the business is credible and well-positioned in its sector but must urgently address its security posture to meet modern standards.

B

BFI Salzburg BildungsGmbH

bfi-sbg.at

36

BFI Salzburg BildungsGmbH is a prominent educational institution in Salzburg, Austria, offering a wide range of courses, certifications, and educational services targeting individuals and companies seeking professional development. The website demonstrates a comprehensive and well-structured presentation of their offerings, including course programs, school qualifications, health and nursing professions, and corporate services. The digital infrastructure is built on Pimcore CMS and served via nginx, with Matomo analytics implemented for privacy-conscious user tracking. However, the absence of a valid SSL/TLS certificate and HTTPS significantly undermines the site's security posture, exposing users to potential risks. Privacy policies and cookie consent mechanisms are well implemented, reflecting GDPR compliance. Overall, the site is professional and trustworthy but requires urgent security improvements.

R

Research Industrial Systems Engineering (RISE)

rise-world.com

40

Research Industrial Systems Engineering (RISE) is a well-established independent IT service provider and system integrator based in Austria, with a strong European presence and multiple offices across Europe. The company specializes in planning and implementing large-scale IT systems, offering a broad range of engineering, operational, and research services. Their key markets include energy, transportation, banking, healthcare, telecommunications, and government sectors. RISE emphasizes 100% European value creation and maintains a large team of highly qualified technical experts. Technically, the website uses modern frameworks and libraries such as Bootstrap, jQuery, GSAP, Swiper, and Lottie Player, and employs Matomo for analytics, indicating a mature digital infrastructure. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines the overall security posture. Security headers are present but cannot compensate for the lack of encryption. Privacy compliance is partially met with a comprehensive privacy policy but lacks a cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional and content-rich but requires urgent improvements in security to protect users and data.

D

DS AUTOMOTION GmbH

ds-automotion.com

31

DS AUTOMOTION GmbH is a medium-sized Austrian company specializing in the development and manufacture of driverless transport systems and autonomous mobile robotics, with nearly 40 years of experience. The company operates internationally and is part of the SSI Schaefer Group, enhancing its market position. Their key offerings include automated guided vehicles (AGVs), autonomous mobile robots (AMRs), fleet management software (NAVIOS), and custom vehicle solutions tailored to various industries such as manufacturing and intralogistics. The website reflects a professional and modern digital presence built on TYPO3 CMS, featuring responsive design and good SEO practices. However, the absence of a valid SSL certificate and HTTPS implementation significantly undermines the site's security posture.

RAG Austria AG is Austria's largest energy storage company and a leading technical storage operator in Europe, specializing in the storage, conversion, and conditioning of gaseous energy carriers with a strong focus on renewable gases such as hydrogen. The company has a well-established market position with a history spanning over 90 years and operates multiple subsidiaries and partnerships in the energy sector. Technically, the website is built on TYPO3 CMS and uses modern tools like Usercentrics for cookie consent and Matomo for analytics, reflecting a moderate digital maturity. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS, which significantly impacts the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the company presents a professional and trustworthy online presence but must urgently address its SSL/TLS configuration to improve security and trust.

W

WELLCON

wellcon.at

22

Wellcon is an established Austrian company specializing in occupational health, safety, and workplace wellness services. With 25 years of experience and multiple locations, it serves companies seeking comprehensive occupational medicine, psychology, and safety technology solutions. The website is professionally designed using WordPress and Elementor, featuring good content quality and SEO optimization. However, the technical infrastructure lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security vulnerability. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism despite the use of Matomo analytics. Contact information is not explicitly provided on the homepage or footer, limiting direct communication channels. Overall, the business credibility is strong, but the security posture requires urgent improvement to protect user data and enhance trust.

Schachermayer GmbH is a well-established Austrian wholesale company specializing in technical products and design solutions, serving primarily B2B customers in trade, industry, and commerce. With a history dating back to 1838, the company offers a broad product range exceeding 100,000 items, supported by professional consulting and logistics services. Their digital presence includes a comprehensive web catalog and partner portal, facilitating efficient ordering and customer engagement. Technically, the website is built on TYPO3 CMS, employs Matomo for analytics, and integrates a cookie consent mechanism via Klaro, reflecting a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with clear policies and consent management. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent security improvements to safeguard data and user trust.

A

APK Pensionskasse AG

apk-pensionskasse.at

40

APK Pensionskasse AG operates as a leading Austrian pension fund provider specializing in occupational retirement provisions. The company offers services to employers and employees to facilitate additional pension savings, managing contributions and investments to provide monthly payouts upon retirement. The website reflects a professional and consistent brand presence with clear business information and regulatory compliance references. Technically, the site is built on TYPO3 CMS and protected by Sucuri Cloudproxy, with Matomo analytics for privacy-conscious tracking. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines user trust and data protection. Privacy compliance is well addressed through cookie banners and a comprehensive privacy policy. Overall, the site demonstrates solid business credibility but requires urgent security improvements.

Tyrol Air Ambulance is a well-established Austrian company specializing in worldwide medical air transport and assistance services. With over 40 years of experience, it operates a dedicated fleet of ambulance jets equipped with advanced medical technology and staffed by experienced medical professionals. The company holds multiple industry awards and accreditations, positioning itself as a leading provider in the air ambulance sector. The website reflects a professional and content-rich presence targeting patients, healthcare providers, and insurance companies requiring medical repatriation and emergency transport services. Technically, the website employs a traditional technology stack with jQuery and several plugins, and uses Matomo for privacy-conscious analytics. However, the absence of HTTPS and a valid SSL certificate is a critical security shortfall, exposing users to risks and undermining trust. Security headers are minimal, and no incident response or vulnerability disclosure policies are publicly available. Overall, the site is well-branded and informative but requires urgent security improvements to align with best practices and regulatory expectations.

M

Moore Salzburg GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft

moore-salzburg.at

40

Moore Salzburg GmbH is a professional services firm based in Salzburg, Austria, specializing in tax consulting, auditing, accounting, payroll, and management consulting. The company operates as part of the global Moore network, providing a broad range of financial and consulting services to businesses and individuals. Their website reflects a medium-sized enterprise with a clear focus on regional expertise and international affiliation. Technically, the website is built on ASP.NET WebForms with Kentico CMS, utilizing modern front-end libraries such as Bootstrap and jQuery. However, the site suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, no security headers, and absence of cookie consent mechanisms despite using Matomo analytics. Contact information is clearly presented, enhancing business credibility. Overall, the site is professional but requires urgent security improvements to protect user data and comply with privacy regulations.

N

NTS Retail

ntsretail.com

28

NTS Retail is a specialized B2B software provider offering smart commerce and retail management solutions primarily for telecommunications operators and specialist retailers. The company positions itself as a preferred partner for leading telco brands worldwide, delivering unified commerce platforms and tailored retail management services. Their website reflects a professional and consistent brand image with strong client references and active social media engagement. Technically, the website is built on Drupal CMS, hosted on Azure DNS infrastructure, and utilizes Apache server technology. It incorporates modern JavaScript libraries and analytics tools such as Matomo and Google Tag Manager. However, the website suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no HTTPS support. This significantly impacts the security posture and user trust. Security-wise, while some security headers are implemented, the lack of HTTPS, HSTS, and incident response information exposes the site to risks and compliance gaps. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site demonstrates good business credibility but requires urgent security improvements. Strategically, the company should prioritize securing its website with HTTPS, implement comprehensive privacy and cookie consent mechanisms, and publish clear security policies and incident response contacts to enhance trust and compliance.

F

Ferrochema GmbH & Co KG

ferrochema.at

40

Ferrochema GmbH & Co KG is a well-established wholesale company specializing in steel, reinforcement, and civil engineering materials, headquartered in Spittal an der Drau, Austria. It operates as part of the larger Weyland Group, which has multiple locations across Austria and neighboring countries. The company offers a broad range of products including steel sheets, bars, beams, pipes, aluminum, stainless steel, reinforcement steel, and related services such as steel processing and logistics. Their business model focuses on wholesale distribution with value-added services and an online shop targeting commercial and industrial customers in the construction and manufacturing sectors. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries such as jQuery and Tiny Slider, and uses Matomo for analytics. The hosting is on Microsoft Azure, with moderate performance and good mobile optimization. The site features a comprehensive cookie consent mechanism and clear navigation, but lacks HTTPS due to an invalid or missing SSL certificate, which is a critical security gap. From a security perspective, the site has no HTTPS enabled, no security headers, and lacks DNSSEC and CAA records, which lowers its security posture significantly. However, no known vulnerabilities or malware were detected. Privacy compliance is strong with GDPR-aligned policies and cookie consent. Incident response contact is provided via a whistleblower email. Overall, the site is professional and trustworthy but urgently needs to address its SSL/TLS configuration to improve security and user trust. Strategic recommendations include immediate installation of a valid SSL certificate, enabling security headers and HSTS, and implementing DNS security measures. These steps will enhance the security posture and compliance, thereby improving the overall trust and credibility of the website and business.

W

Wirtschaftsagentur Wien

wirtschaftsagentur.at

40

Wirtschaftsagentur Wien is a well-established government agency founded in 1982, dedicated to supporting economic development in Vienna. The agency offers a comprehensive range of services including free consulting, funding opportunities, event organization, and networking for startups, established businesses, and international companies. Their market position as the official economic development fund of the City of Vienna is strong, supported by consistent branding and a professional online presence. The website is content-rich, multilingual, and targets a broad audience of entrepreneurs and businesses in Vienna. Technically, the site is built on TYPO3 CMS with modern JavaScript frameworks and includes interactive features such as animated content and a service compass tool.

M

Muséum national d'Histoire naturelle

mnhn.fr

40

The Muséum national d'Histoire naturelle is a prominent French national institution dedicated to natural history research, education, and public exhibitions. It operates multiple sites across Paris and regions, serving a broad audience including families, scientists, educators, and professionals. The website reflects a well-structured, content-rich platform with excellent design and navigation, supporting its mission to disseminate knowledge and engage the public. Technically, the site is built on Drupal 10 with modern web technologies and uses caching and analytics tools such as Varnish, Matomo, and ContentSquare. Mobile optimization and SEO are well addressed, though performance is moderate. However, the critical security weakness is the absence of a valid SSL certificate and disabled TLS protocols, severely impacting secure communications and user trust. Security headers and policies are implemented, but the lack of HTTPS and modern TLS support is a major vulnerability. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact and legal information. Social media presence is official and consistent, enhancing credibility. Overall, the site is professionally managed with strong business credibility but requires urgent remediation of SSL/TLS issues to improve security posture and user trust. Strategic recommendations include installing valid certificates, enabling modern TLS, and enhancing security policies.

O

Open Knowledge Maps

openknowledgemaps.org

30

Open Knowledge Maps is a well-established non-profit organization founded in 2014, focused on revolutionizing scientific knowledge discovery through AI-based search and visualization tools. Their platform serves researchers and the scientific community by providing an accessible and open infrastructure for literature search and concept identification. Technically, the website uses modern frontend technologies such as Bootstrap, jQuery, and D3.js, and is hosted on Contabo servers. However, the absence of HTTPS is a critical security gap that undermines user trust and data protection. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms, alongside the use of privacy-respecting analytics (Matomo). Business credibility is supported by testimonials, awards, and open source transparency. Overall, the site is content-rich and professionally designed but requires urgent security improvements.

G

GrECo International AG

vmg.at

36

GrECo International AG is a leading Austrian risk and insurance management company specializing in industry, trade, commerce, and the public sector. Recently, it merged with VMG Versicherungsmakler GmbH, consolidating their services under the GrECo Group brand. The company offers comprehensive risk analysis, insurance brokerage, claims management, and risk engineering services, targeting clients primarily in Austria and the CEE region. The website is professionally designed, content-rich, and optimized for SEO with structured data and multilingual support. Technically, the site runs on WordPress with Elementor and uses Matomo for analytics, but suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Security headers are partially implemented, but modern TLS protocols and HSTS are not properly enabled. Privacy policies and cookie policies are present and GDPR compliant, with minimal user tracking. Overall, the site demonstrates strong business credibility and digital maturity but requires urgent improvements in SSL/TLS configuration to ensure secure user interactions.

C

CONFIDA Steiermark Steuerberatung GmbH

confida.at

39

CONFIDA Steiermark Steuerberatung GmbH is a professional tax advisory and auditing firm with a strong regional presence in Austria and Southeast Europe, including Croatia, Serbia, and Slovenia. The company offers a broad range of services such as tax consulting, auditing, corporate consulting, payroll accounting, and controlling. Their market position is that of an established medium-sized firm with multiple subsidiaries and offices, targeting businesses and individuals requiring financial and tax services. The website reflects a professional business model focused on client service and regional expertise. Technically, the website is hosted on an nginx server with DNS managed by net4you.net and uses Matomo analytics for privacy-conscious user tracking. The site employs modern web technologies including SVG graphics and JavaScript modules, and it is optimized for mobile devices with good accessibility and SEO practices. However, performance metrics indicate slow loading times, which could be improved. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability impacting user trust and data protection. While some security headers are present, the absence of TLS protocols and OCSP stapling reduces the overall security posture. Privacy policies and cookie consent mechanisms are implemented, indicating compliance with GDPR requirements, but no explicit security policy or incident response information is provided. Overall, the website is professionally designed and content-rich, supporting the company's credibility and trustworthiness. The main risk lies in the missing SSL/TLS configuration, which should be addressed urgently to protect users and improve the security score. Strategic recommendations include implementing HTTPS, enhancing SSL configuration, and adding security and incident response documentation to strengthen compliance and trust.

zeb.rolfes.schierenbeck.associates gmbh is a leading European strategy, management, and IT consulting firm specializing in the financial services industry. The company offers a broad range of consulting services including transformation, regulatory compliance, and corporate education, targeting banks, insurance companies, and financial technology specialists. Their market position is strong within Europe, supported by multiple subsidiary domains and partner sites across key financial markets. The website is professionally designed with excellent content quality and clear navigation, supporting a positive user experience and strong brand consistency. Technically, the website is built on Drupal 11 with modern frameworks such as Bootstrap and integrates analytics tools like Matomo and Google Tag Manager. Accessibility features and cookie consent mechanisms are implemented, reflecting good digital maturity. However, the website suffers from critical security issues due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts the security posture and overall trustworthiness. Security headers are well configured, but the lack of TLS protocols and OCSP stapling are notable vulnerabilities. Privacy compliance is strong, with comprehensive privacy and cookie policies and GDPR adherence. The company maintains active social media channels and provides clear contact information, enhancing business credibility. Overall, while the business and content aspects are excellent, urgent improvements in SSL/TLS configuration are necessary to elevate the security posture and user trust.

M

MASSIVE ART WebServices GmbH

massiveart.at

38

MASSIVE ART WebServices GmbH is a full-service digital agency based in Austria, specializing in digital strategy, website and portal development, e-commerce solutions, performance marketing, data analytics, mobile apps, and UI/UX design. The company targets B2B clients, particularly industry leaders and established businesses seeking sustainable digital transformation. With a strong market position supported by long-term partnerships and recognized certifications such as Google Partner and HubSpot Gold Partner, MASSIVE ART demonstrates a reputable presence in the technology sector. The website employs modern web technologies including nginx, Google Tag Manager, Matomo Analytics, and HubSpot forms, with advanced SVG animations enhancing user experience. The site is mobile-optimized and exhibits excellent design quality and navigation clarity. However, performance is currently slow, and the SSL/TLS configuration is inadequate, lacking a valid certificate and modern protocol support. Security posture is basic, with essential security headers present but critical issues such as an invalid SSL certificate and absence of TLS protocols significantly lowering the security score. Privacy compliance is good, with a comprehensive privacy policy and GDPR adherence, though no explicit cookie consent mechanism was detected. Contact information is clearly provided across multiple office locations, enhancing business credibility. Overall, MASSIVE ART's digital presence is professional and trustworthy, but immediate improvements in SSL/TLS security are recommended to enhance user trust and comply with best security practices.

The PKE Group is a well-established Austrian technology company founded in 1979, specializing in security, communication, media, traffic, building, and logistics technology solutions. It operates internationally with a strong regional presence across Europe and the Middle East through multiple subsidiaries. The website reflects a professional and comprehensive digital presence, targeting businesses seeking innovative and reliable technology services. Technically, the site uses modern frameworks such as Pimcore CMS and Alpine.js, and employs Matomo for analytics, indicating a mature digital infrastructure. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness, exposing users to potential risks and undermining trust. Privacy compliance is partially met with a clear privacy policy but lacks a cookie consent mechanism. Overall, the site demonstrates strong business credibility but requires urgent security improvements to align with best practices.

V

VARIOTHERM HEIZSYSTEME GMBH

variotherm.com

21

Variotherm Heizsysteme GmbH is an established Austrian company specializing in surface heating and cooling systems for floors, walls, and ceilings, leveraging over 30 years of expertise. Their product portfolio targets contractors, installers, architects, and end customers seeking efficient heating and cooling solutions. The company maintains a professional online presence with multilingual support and a comprehensive product and service offering. Technically, the website is built on TYPO3 CMS served by Apache, with integrated analytics via Matomo and Google Tag Manager. However, the absence of HTTPS and a valid SSL certificate significantly undermines the security posture. While cookie consent mechanisms and privacy policies are in place, the lack of advanced security headers and incident response information indicates room for improvement. Overall, the website is functional and professional but requires urgent security enhancements to protect user data and improve trust.

P

perma-tec

perma-tec.com

30

perma-tec is a globally recognized leader in manufacturing automatic lubrication systems, offering innovative and reliable solutions that reduce maintenance costs and prevent equipment failures. Their product portfolio includes single- and multi-point lubrication systems, connected solutions like perma CONNECT, and comprehensive services such as installation and technical training. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support. Technically, the site is built on the Flow Framework and Neos CMS, with Apache hosting and uses Matomo for analytics, indicating a privacy-conscious approach. However, the absence of a valid SSL certificate and HTTPS support is a significant security vulnerability, exposing users to risks and undermining trust. Security headers are partially implemented, but the lack of TLS protocols and cipher suites further weakens the security posture. Privacy policies and cookie consent mechanisms are present and comprehensive, supporting GDPR compliance. Overall, the site is content-rich and business credible but requires urgent security improvements to protect users and enhance trust.

T

TAUERN SPA World Betriebs GmbH & Co KG

tauernspakaprun.com

32

TAUERN SPA Kaprun is a mature, well-established 4-star superior resort located in the Austrian Alps, offering a comprehensive spa and wellness experience combined with high-quality accommodation and culinary services. The business is part of the VAMED Vitality World group, indicating strong market positioning in the hospitality and wellness sector. The website is professionally designed with rich content, clear navigation, and strong trust signals including multiple awards and certifications. Technically, the site uses Pimcore CMS and integrates modern tracking and consent management tools, but suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

Z

Zentrum für Ethik in der Medizin (ZEM)

medizinethik-frankfurt.de

38

The Zentrum für Ethik in der Medizin (ZEM) was a specialized non-profit center focused on medical ethics, affiliated with the Evangelische Kirche in Hessen und Nassau (EKHN). Founded in 1996, it served as a key institution in the region until its closure in April 2025. The website provides information about its services, publications, and contact details, targeting individuals and organizations interested in medical ethics within the church and healthcare sectors in Germany. Technically, the site is built on TYPO3 CMS and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall, significantly impacting the site's security posture. The site implements a comprehensive cookie consent mechanism and provides clear privacy policy information, demonstrating good privacy compliance. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

D

dwarfs and Giants eG

dwarfsandgiants.org

40

dwarfs and Giants eG is a small Austrian cooperative consultancy specializing in organizational development and new work methodologies. Their website, built on Drupal 10, offers comprehensive content including workshops, client stories, and toolboxes aimed at helping organizations improve work culture and self-organization. The site is well-designed, mobile-optimized, and provides clear navigation and professional content. However, the technical infrastructure lacks a valid SSL certificate and does not support modern TLS protocols, significantly weakening the security posture. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented. Overall, the business presents itself as credible and trustworthy, but the lack of HTTPS is a critical security gap that must be addressed.

B

BRAUNEIS RECHTSANWÄLTE GMBH

bkp.at

24

BRAUNEIS RECHTSANWÄLTE GMBH is a professional law firm based in Vienna, Austria, specializing in corporate and commercial law, litigation, and real estate legal services. The firm targets national and international companies, investors, developers, local authorities, law firms, and private individuals. It holds a reputable market position supported by rankings from Chambers Global and Legal 500, and features client testimonials that reinforce its credibility. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website uses Apache server technology, Alpine.js for frontend interactivity, Algolia for search functionality, and Matomo for privacy-conscious analytics. The site is mobile optimized and accessible, but performance metrics are not provided. Hosting appears to be with a1.net DNS and a dedicated IP address. SEO and navigation are well implemented. Security-wise, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical vulnerability. Other security best practices such as HSTS, DMARC, DNSSEC, and CAA records are missing. No explicit security or incident response policies are published. The cookie consent mechanism is implemented and GDPR compliant, indicating good privacy compliance. Overall, the website is trustworthy and professional but requires urgent security improvements, especially enabling HTTPS to protect user data and improve trust. Strategic recommendations include installing a valid SSL certificate, enabling security headers, and publishing security policies to enhance the security posture and compliance.

S

Statistik Austria

statistik.at

40

Statistik Austria is the official national statistical agency of Austria, providing independent and comprehensive statistical data to support fact-based decision making. The organization serves a broad audience including government entities, researchers, businesses, and the general public. Their services include data provision, publications, surveys, and various analytical tools. The website is professionally designed, content-rich, and well-structured, reflecting a mature digital presence. Technically, the site is built on TYPO3 CMS with privacy-conscious analytics via Matomo, and includes modern web technologies such as FontAwesome and jQuery. However, a critical security weakness is the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which severely impacts the site's security posture. Despite this, the site implements multiple security headers and cookie consent mechanisms, demonstrating good privacy compliance. Overall, the site is trustworthy and authoritative but urgently requires SSL implementation to protect user data and communications.

W

Wombats Hostels

wombats-hostels.com

21

Wombat's Hostels is a medium-sized hospitality business operating city hostels in multiple European cities including Vienna, London, Munich, Budapest, and Leipzig. The company targets travelers seeking affordable accommodation with social and event experiences. The website is built on TYPO3 CMS and hosted on Apache servers, with a modern but basic technical infrastructure. However, the absence of a valid SSL certificate and HTTPS support significantly weakens the security posture. The site includes privacy and cookie policies with a consent mechanism, but lacks explicit contact information and advanced security policies. Matomo analytics is used with cookie-less tracking, indicating some privacy awareness. Overall, the website is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.