Security Directory

V

Verein für Konsumenteninformation (VKI)

verbraucherrecht.at

40

The website Verbraucherrecht.at is operated by the Verein für Konsumenteninformation (VKI), a prominent Austrian non-profit organization focused on consumer rights and legal information. It provides comprehensive resources including news, legal judgments, collective actions, and educational offerings targeted at Austrian consumers. The site is well-branded, consistent, and supported by the Austrian Ministry of Social Affairs, reinforcing its authoritative position in the consumer protection sector. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and uses modern web technologies including Matomo for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly undermines user trust and security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site offers valuable content and services but requires urgent security improvements to meet modern standards.

V

Verein für Konsumenteninformation (VKI)

vki.at

40

The Verein für Konsumenteninformation (VKI) is a well-established Austrian non-profit organization dedicated to consumer protection through product testing, advice, and information dissemination. The website serves as a comprehensive portal for consumers, offering access to product recalls, educational seminars, and greenwashing checks, targeting Austrian consumers primarily. Technically, the site is built on Drupal CMS and hosted on Amazon AWS infrastructure, utilizing Matomo analytics with a clear cookie consent mechanism, reflecting a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. While privacy policies and GDPR compliance are well addressed, the lack of security headers and modern TLS protocols indicates room for significant security improvements. Overall, the site provides excellent content quality and user experience but requires urgent security enhancements to align with best practices and regulatory requirements.

V

Vienna Tourist Board

vienna.info

58

The website vienna.info is the official online travel guide for the City of Vienna, operated by the Vienna Tourist Board. It provides comprehensive information and services for tourists including attractions, events, accommodations, city cards, and accessibility resources. The site targets visitors planning trips to Vienna and serves as an authoritative source for travel-related content. Technically, the site uses modern JavaScript libraries, structured data (JSON-LD), and integrates privacy-conscious analytics (Matomo) alongside cookie consent via OneTrust. However, a critical security gap is the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly undermines the site's security posture. Security headers are present and well-configured, but without HTTPS, the site is vulnerable to interception and man-in-the-middle attacks. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site is professional, content-rich, and user-friendly but urgently requires HTTPS implementation to meet modern security standards.

U

Universitätsklinikum Hamburg-Eppendorf

uke.de

40

The Universitätsklinikum Hamburg-Eppendorf (UKE) is a leading European university hospital specializing in healthcare, research, and education. The website reflects a comprehensive digital presence with extensive information about clinics, institutes, research programs, patient services, and educational offerings. The site targets patients, medical professionals, researchers, and students, positioning UKE as a major healthcare and research institution in Germany. Technically, the site uses established libraries like jQuery and Modernizr, and employs Matomo for privacy-conscious analytics. However, the absence of a valid SSL certificate and modern TLS protocols significantly impacts the security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. The site demonstrates high professionalism and trustworthiness but requires urgent improvements in security infrastructure to protect user data and enhance trust.

A

Arvato Systems

arvato-systems.de

40

Arvato Systems is a leading German IT service provider specializing in digital transformation across multiple industries including energy, manufacturing, healthcare, retail, government, and finance. The company offers a broad portfolio of services such as consulting, cloud and data center services, application development, security, and managed services. It holds multiple industry awards and certifications, including ISO 27001 and Top Employer Germany 2024, reflecting its strong market position and commitment to quality and security. Technically, the website is built on CoreMedia CMS and integrates various analytics and marketing technologies, but suffers from a critical lack of valid SSL/TLS certificates, impacting its security posture. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and GDPR-aligned privacy policies. Overall, the company demonstrates a mature digital presence with strong business credibility but needs urgent improvements in SSL/TLS security to protect user data and maintain trust.

F

Frequency

frequency.xyz

69

Frequency.xyz is a technology-focused website branded as "Frequency" with the tagline "Welcome to the People's Internet." The site appears to be a simple single-page application built with modern JavaScript frameworks, specifically SvelteKit, and hosted on GitHub Pages. It targets a technology-savvy audience interested in internet and privacy-related topics, though explicit business model details and market positioning are not provided. The site uses Matomo analytics and Klaro for cookie consent management, indicating a moderate level of privacy awareness. From a technical perspective, the website employs a modern tech stack with JavaScript and SvelteKit, and it is hosted on a reliable platform (GitHub Pages). Performance is fast with minimal resources loaded, but mobile optimization and accessibility are basic. SEO metadata is present but limited to Open Graph tags without structured data. The SSL certificate is valid but lacks advanced security features such as HSTS. Security posture is adequate with HTTPS enabled and no detected vulnerable cipher suites or subdomain takeover risks. However, the absence of security headers like HSTS and Content-Security-Policy reduces the overall security robustness. No privacy policy, terms of service, or contact information is provided, which impacts compliance and trust. Cookie consent is implemented properly via Klaro, requiring user consent before tracking. Overall, the website is functional and moderately secure but lacks comprehensive privacy and business transparency documentation. Strategic improvements in security headers, privacy disclosures, and contact information would enhance trust and compliance.

C

Calls for Transfer

callsfortransfer.de

31

Calls for Transfer (C4T) is a specialized funding program based in Hamburg, Germany, designed to support innovative projects emerging from the city's state universities and scientific research institutions. The program offers up to 35,000 Euro in funding for a 12-month project period, aiming to facilitate the transfer of knowledge and technology from academia to practical applications. The website presents a professional and well-structured portal with clear navigation, targeting researchers and innovators in Hamburg. Technically, the site is built on WordPress with popular plugins such as Elementor and LayerSlider, but it suffers from critical security shortcomings including the absence of a valid SSL certificate and disabled TLS protocols, which significantly impact its security posture. Privacy compliance is well addressed with a cookie consent mechanism and links to privacy and terms of service hosted on the parent organization's domain. Overall, while the business and content aspects are strong, the lack of HTTPS and modern security configurations pose a significant risk that should be urgently addressed.

O

ODAV AG - Lehrinstitut für Informatik

odav-lehrinstitut.de

40

ODAV AG - Lehrinstitut für Informatik is a well-established educational institution based in Straubing, Germany, specializing in IT training and professional development. With over 40 years of experience, it offers a variety of courses, firm seminars, and funding options targeting IT professionals and companies seeking to enhance digital competencies. The website reflects a professional and content-rich platform with clear navigation, testimonials, and detailed course information. Technically, the site uses Apache server, jQuery, Bootstrap, and a proprietary ODAV CMS, with Matomo analytics integrated under cookie consent management. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken its security posture. Security headers are partially implemented, but critical improvements are needed to ensure secure communications and compliance. Overall, the site is trustworthy and user-friendly but requires urgent security enhancements to protect user data and improve trust.

M

McCourt Global, Inc

mccourt.com

59

McCourt Global, Inc is a private family-owned diversified company with a 132-year legacy focused on real estate, sports, technology, media, and capital investment. The company operates globally with a strong emphasis on social impact and community value. The website is professionally designed with rich content, clear navigation, and good SEO practices, targeting investors, partners, and community stakeholders. Technically, the site is built on WordPress with modern JavaScript modules and uses Matomo for privacy-conscious analytics. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. Performance is slow, and security headers are missing, indicating room for improvement in security posture. Privacy compliance is good with a cookie consent mechanism and a comprehensive privacy policy. Overall, the site demonstrates high business credibility but requires urgent security enhancements to protect visitors and improve trust.

P

Project Liberty

ourbiggestfight.com

54

OurBiggestFight.com is a professionally developed WordPress website dedicated to promoting the book 'OUR BIGGEST FIGHT: Reclaiming Liberty, Humanity, and Dignity in the Digital Age' authored by Frank H. McCourt, Jr. and Michael J. Casey. The site serves as a platform to advocate for a healthier internet and supports the Project Liberty initiative, a 501(c)(3) non-profit organization focused on responsible technology development and digital rights. The website features rich content including testimonials from notable figures, event listings, media coverage, and calls to action such as book purchases and newsletter signups. Technically, the site uses modern web technologies including WordPress Gutenberg blocks, Yoast SEO, Matomo analytics, and HubSpot forms, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS, lack of security headers, and absence of DMARC records, exposing the site to potential risks. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism despite active tracking. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect users and enhance trust.

P

Project Liberty LLC

thepeoplesbid.com

40

The People's Bid for TikTok is an initiative led by Project Liberty LLC aiming to create a consortium to purchase TikTok and migrate it to a decentralized platform that empowers users with control over their data. The website positions itself as a movement to reclaim digital rights and reshape social media governance. Technically, the site is built on Webflow, hosted on AWS infrastructure, and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the site suffers from critical security shortcomings, including the absence of a valid SSL certificate and HTTPS protocols, lack of security headers, and no cookie consent mechanism, which significantly impact its security posture. Privacy policies and terms of service are present but basic, and contact information is limited to an email address. Overall, the site presents a professional and consistent brand image with good content quality but requires urgent security improvements to protect users and build trust.

J

Jugend will sich-er-leben (JWSL)

jwsl.de

40

Jugend will sich-er-leben (JWSL) is a German non-profit prevention program focused on occupational safety and health for apprentices. It provides educational materials, competitions, and media resources primarily targeting vocational schools, teachers, and training companies. The program is affiliated with the statutory accident insurance and the DGUV, positioning it as a recognized entity in the education and government sectors within Germany. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and uses Video.js for media playback. However, the site suffers from a critical security deficiency as it lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, but no terms of service or incident response contacts are found. Overall, the site offers good content and user experience but requires urgent security improvements.

B

Berufsgenossenschaft Rohstoffe und Chemische Industrie

bgrci.de

40

Berufsgenossenschaft Rohstoffe und Chemische Industrie (BG RCI) is a statutory accident insurance institution in Germany serving sectors such as mining, chemical industry, paper manufacturing, leather, sugar, and construction materials. The organization provides accident insurance, prevention, rehabilitation, and consulting services focused on occupational safety and health. The website targets entrepreneurs and insured members within these industries, offering information, publications, and access to online services such as a member portal. The site is built on TYPO3 CMS and uses modern JavaScript libraries and Matomo for analytics, indicating a moderate level of digital maturity. However, the website suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential data interception risks. Privacy compliance is well addressed with a comprehensive privacy policy and GDPR adherence, but cookie consent mechanisms are missing. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

B

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM)

bgetem.de

40

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM) is a German statutory accident insurance institution serving sectors including energy, textiles, electronics, and media. The organization provides prevention, rehabilitation, compensation, and member services to insured companies and individuals. The website reflects a well-structured, content-rich platform targeting employers, insured persons, and safety professionals with comprehensive information and resources. Technically, the site is built on the Plone CMS with Bootstrap and jQuery, integrating Matomo analytics and Cookiefirst for consent management. However, the site lacks HTTPS encryption, which is a critical security deficiency. No security headers or modern TLS protocols are configured, exposing the site to potential risks. Privacy and legal compliance are well addressed with clear policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and ensure compliance with modern standards.

P

Project Liberty

projectliberty.io

64

Project Liberty is a technology-focused organization dedicated to empowering individuals to reclaim control over their digital lives through innovative solutions, policy advocacy, and alliance building. The website presents a well-structured and content-rich platform highlighting their Labs, Institute, Alliance, and campaigns such as The People's Bid for TikTok. Their market position is that of a leader in the digital rights and decentralized internet space, targeting users and stakeholders interested in data privacy and internet governance. Technically, the site is built on WordPress with modern tools like HubSpot forms and Matomo analytics, but suffers from slow performance and lacks a valid SSL certificate, which impacts security and user trust. The security posture is weak due to missing HTTPS, lack of security headers, and disabled TLS protocols, posing significant risks. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect users and enhance credibility.

V

Vienna Airport Lines

viennaairportlines.at

40

Vienna Airport Lines is a transportation service operating express bus lines between Vienna city and Vienna International Airport. It is a business unit of the Österreichische Postbus Aktiengesellschaft, a subsidiary of ÖBB-Personenverkehr AG, positioning itself as a reliable and convenient airport shuttle provider. The website presents clear business information, service offerings, and partner links, targeting travelers and commuters in Vienna. The digital infrastructure includes a responsive design and uses Matomo analytics for user tracking. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. No cookie consent mechanism or comprehensive privacy compliance features are evident. The site is moderately performant and accessible but requires urgent security improvements to meet modern standards.

Ö

ÖBB Nightjet

nightjet.com

57

ÖBB Nightjet operates a comprehensive overnight train service connecting over 25 European metropolitan cities, focusing on comfortable, climate-friendly travel options including vehicle transport. The website is well-branded, content-rich, and targets travelers seeking overnight rail journeys across Europe. Technically, the site uses modern web technologies such as ES modules and web components, but performance data is lacking. Security posture is weakened by the absence of a valid SSL certificate and HTTPS support, which is a critical issue. Privacy and terms policies are linked to official ÖBB domains, indicating good compliance practices. Contact information is provided primarily via phone and external contact forms. Overall, the site is professional and trustworthy but requires urgent security improvements.

S

Saar-Lor-Lux Umweltzentrum GmbH

saar-lor-lux-umweltzentrum.de

40

The Saar-Lor-Lux Umweltzentrum GmbH is a regional environmental consultancy affiliated with the Handwerkskammer des Saarlandes, focused on providing free and paid environmental and energy consulting services to craft businesses in the Saar-Lor-Lux region. Their key offerings include environmental consulting, energy advice, regional development, and training programs aimed at supporting sustainable business practices and energy efficiency. The website is built on TYPO3 CMS and uses modern JavaScript libraries, with a clear structure and good content quality targeting German-speaking users. However, the technical infrastructure shows significant security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which critically impacts the site's security posture. Privacy compliance is addressed through a visible privacy policy and a consent management platform (Usercentrics), and analytics are handled via a self-hosted Matomo instance with user consent. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration and security best practices to enhance trust and protect user data.

D

DIHK-Gesellschaft für berufliche Bildung - Organisation zur Förderung der IHK-Weiterbildung gGmbH

dihk-bildungs-gmbh.de

40

DIHK-Bildungs-gGmbH is a German vocational education and training organization affiliated with the IHK and AHK networks, providing a wide range of standardized and innovative training, certification, and examination services. The website reflects a well-structured and content-rich platform targeting IHK and AHK employees as well as individuals seeking professional development. Technically, the site employs modern JavaScript modules, lazy loading, and integrates Matomo analytics and Usercentrics for consent management, hosted on SchlundTech infrastructure. However, the security posture is weakened by an invalid or missing SSL certificate and disabled TLS protocols, which significantly impacts secure communications. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information and partner links are clearly presented, enhancing business credibility.

F

Forschungsfabrik Mikroelektronik Deutschland

fmd-insight.de

33

FMD.insight is a specialized news platform operated by the Forschungsfabrik Mikroelektronik Deutschland, focusing on microelectronics research and innovation in Germany. It provides news, interviews, tutorials, and a virtual showroom to engage its target audience of researchers and industry professionals. The website is built on WordPress and uses various plugins including Matomo for analytics. While the content quality and user experience are good, the site lacks HTTPS support, which is a critical security deficiency. No cookie consent mechanism is present despite the use of tracking analytics, indicating partial privacy compliance. Contact information is available but email is obfuscated to prevent scraping. Overall, the site is professional but requires urgent security improvements.

M

McCourt Global, Inc

mg.com

61

McCourt Global, Inc is a private family-owned company with a long-standing legacy since 1893, focused on diversified sectors including real estate, sports, technology, media, and capital investment. The company emphasizes social impact and community value alongside financial results, led by Executive Chairman Frank McCourt and an international leadership team. The website reflects a mature business with strong branding, comprehensive content, and clear navigation targeting investors, partners, and community stakeholders. Technically, the site is built on WordPress with modern SEO and accessibility practices, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and HTTPS support. This exposes the site and its users to significant risks. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Business credibility is high, supported by philanthropic initiatives and partnerships with academic institutions. Overall, the site is professional and trustworthy but urgently requires security improvements to protect its digital presence.

W

Weiterbildungsportal Saarland

weiterbildungsdatenbank-saar.de

40

Weiterbildungsportal Saarland is a regional educational information platform focused on providing comprehensive resources about continuing education for individuals, companies, and educational providers within the Saarland region of Germany. The platform is supported by governmental and institutional partners, offering detailed course databases, funding information, and thematic content tailored to various user groups. Technically, the website is built on TYPO3 CMS with Bootstrap for responsive design, ensuring good accessibility and user experience. Security-wise, the site employs HTTPS with modern TLS protocols and a valid SPF record, though it lacks some advanced HTTP security headers such as HSTS and DMARC, which are recommended for enhanced protection. The use of Matomo analytics reflects a moderate user tracking approach with privacy compliance in mind. Overall, the site demonstrates a solid balance of content quality, technical implementation, and security posture, positioning it as a trustworthy and professional resource in its domain.

S

SoSafe

humanfirewallconference.com

40

SoSafe operates the Human Firewall Conference, a leading European cybersecurity event focused on the human factor in security. The company provides cybersecurity awareness training and human risk management services, positioning itself as a key player in the cybersecurity education and event space. The website is professionally designed, content-rich, and targets security professionals and CISOs. Technically, the site uses WordPress CMS, integrates with HubSpot for forms, Matomo and Google Analytics for tracking, and Cookiebot for GDPR-compliant cookie management. However, the site suffers from an invalid SSL certificate and lacks important security headers and DNS security features, which lowers its security posture. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Business credibility is strong with clear contact information, social media presence, and trust signals such as testimonials and speaker highlights. Overall, the site is functional and professional but requires improvements in security infrastructure to enhance trust and compliance.

T

TelemaxX Telekommunikation GmbH

telemaxx.de

40

TelemaxX Telekommunikation GmbH is a well-established provider of high-security data center services, managed IT services, colocation, and telecommunications based in Karlsruhe, Germany. Founded in 1999, the company operates multiple certified data centers and owns a substantial fiber optic network, positioning itself as a regional leader with a strong shareholder base. Their service portfolio includes cloud services, secure telecommunications, and comprehensive managed services tailored to business customers. Technically, the website is built on TYPO3 CMS with modern frameworks and integrates analytics and marketing tools such as Matomo and Google Tag Manager. However, the security posture is impacted by an invalid SSL certificate and lack of advanced security headers, which should be addressed to enhance trust and compliance. Overall, the site demonstrates excellent content quality, professional design, and strong business credibility, though improvements in security and privacy mechanisms are recommended.

S

Solvians IT-Solutions GmbH

ivestor.de

54

Ivestor.de is a German financial portal operated by Solvians IT-Solutions GmbH, providing stock prices, currency and commodity rates, and intelligent search tools for investment certificates and leveraged products. The website targets investors and financial market participants in Germany, offering relevant financial news and market data. Technically, the site is built on Angular 14.2.6, uses Matomo for analytics, and employs Microsoft Outlook services for email. The SSL configuration supports TLS 1.2 and 1.3 but lacks advanced security features like HSTS and OCSP stapling. DNS records are properly configured with SPF but lack DNSSEC and DMARC, indicating room for email security improvements. The website's performance is slow, with a load time exceeding 16 seconds, but it is mobile-optimized and SEO-friendly. Security posture is moderate with no critical vulnerabilities detected but could benefit from enhanced security headers and email authentication. Overall, ivestor.de presents a professional and trustworthy financial information service with a solid technical foundation but requires improvements in security and performance to enhance user trust and compliance.

E

Edgar Ambient Media Group GmbH

edgarfreecards.de

53

Edgar Ambient Media Group GmbH operates the Edgar Freecards platform, specializing in distributing free postcards as an innovative advertising medium targeting urban audiences, particularly generations Y and Z in Germany. With over 30 years of experience and a presence in more than 4000 locations, the company has established a strong market position in the media sector, leveraging creative and sustainable advertising solutions. The website reflects a mature digital presence with comprehensive content, structured data, and multiple analytics tools integrated for performance and user behavior insights. However, the absence of a valid SSL certificate and modern TLS protocols represents a significant security gap that undermines user trust and data protection. The company demonstrates compliance awareness through a dedicated privacy policy, cookie consent mechanisms, and a compliance hotline linked to its parent group, Ströer OOH. Strategic improvements in security infrastructure and performance optimization are recommended to enhance overall risk posture and user confidence.

S

SoSafe

sosafe-awareness.com

70

SoSafe is a leading European provider specializing in security awareness training and human risk management solutions. The company offers a behavioral science-based platform that empowers organizations to enhance their cybersecurity posture by educating employees and managing human-related risks. Positioned as Europe's largest provider in this niche, SoSafe delivers personalized, gamified training, phishing simulations, an AI-powered chatbot, and a comprehensive human risk management platform. Their market presence is reinforced by multiple certifications including ISO 27001, TISAX, and GDPR compliance, alongside strong customer testimonials and industry recognitions. Technically, SoSafe's website is built on WordPress and integrates a robust set of analytics and marketing tools such as Google Analytics, Matomo, Cookiebot for consent management, HubSpot forms, and Visual Website Optimizer for A/B testing. The infrastructure is hosted on Amazon AWS with DNS managed via Route53. While the site supports modern TLS protocols and has valid SPF and DMARC records, it lacks DNSSEC, CAA records, and HSTS, which are recommended for enhanced security. The website performance is moderate to slow, with room for optimization. From a security perspective, SoSafe demonstrates good practices including strong SSL configuration, OCSP stapling, and comprehensive cookie consent mechanisms. However, there is no public vulnerability disclosure or security.txt file, and incident response contact details are not explicitly provided. The company maintains a strong security posture with certifications and compliance but could improve transparency and DNS security. Overall, SoSafe presents a mature digital presence with a focus on privacy and compliance, extensive integration with enterprise platforms, and a clear commitment to security awareness. Strategic improvements in DNS security and incident response transparency would further strengthen their security posture and trustworthiness.

S

SAE Institute

sae.edu

62

SAE Institute is a global education provider specializing in creative media courses with multiple regional campuses worldwide. The website analyzed serves as a regional selector landing page directing users to localized campus sites. The business model focuses on delivering specialized education in creative media to students internationally, positioning itself as a large, established educational institution. Technically, the site uses a lightweight design with jQuery and Matomo analytics, hosted on Amazon AWS infrastructure. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. Security configurations such as DNSSEC, HSTS, and CAA records are missing, and no privacy or cookie policies are present on this landing page. The use of Matomo indicates some level of user tracking without explicit consent mechanisms, raising privacy concerns. Overall, the site demonstrates moderate digital maturity but requires significant improvements in security and compliance to meet modern standards.

D

DKB Grund GmbH

dkb-grund.de

61

DKB Grund GmbH is a German real estate company specializing in property sales, financing, insurance, and investment services. With over 25 years of experience, it serves private and commercial clients across Germany. The website presents a comprehensive portfolio of services including property valuation, financing certificates, and energy-saving advice, supported by a strong regional presence and recognized industry partnerships. Technically, the site uses modern web technologies and analytics tools but currently lacks a valid SSL certificate, which impacts its security posture. The company demonstrates good GDPR compliance with a clear privacy and cookie policy and employs consent management tools. However, there is no explicit security policy or incident response information available. Overall, the website is professionally designed, user-friendly, and trustworthy, but the lack of HTTPS is a critical security gap that should be addressed promptly.

R

RegioHelden GmbH

stroeer-online-marketing.de

64

RegioHelden GmbH, operating under the brand Ströer Online Marketing, is a large German media company specializing in local and measurable online marketing services for small and medium-sized enterprises. They hold a strong market position as one of the largest providers in Germany, offering a broad portfolio including Google Ads, SEO, directory listings, website creation, and social media advertising. Their digital presence is supported by a modern WordPress-based infrastructure with integrated analytics and consent management tools, reflecting a mature digital marketing operation. Security-wise, the company employs good SSL configurations, DNS security records like SPF and DMARC, and a comprehensive cookie consent mechanism, although there is room for improvement in HTTP security headers and vulnerability disclosure practices. Overall, the company demonstrates a high level of professionalism and trustworthiness, with clear contact channels and strong branding.

S

Ströer Media Deutschland GmbH

stroeer-direkt.de

58

Ströer Media Deutschland GmbH operates as a leading regional online and outdoor advertising provider in Germany, offering a broad portfolio of advertising media including street, station, shopping center, and airport placements, as well as digital marketing services such as Google Ads, SEO, and native advertising. The company holds a strong market position as a major German advertising marketer with exclusive media spaces across cities and municipalities. Technically, the website is built on WordPress with a custom theme and plugins, leveraging Matomo for privacy-conscious analytics and Klaro for cookie consent management. However, the site lacks a valid SSL certificate and modern TLS configurations, which poses a significant security risk. The DNS setup uses Cloudflare but does not implement DNSSEC or CAA records, further limiting DNS security. While privacy compliance is well addressed through cookie consent and a comprehensive privacy policy, the absence of terms of service, security policies, and incident response information indicates gaps in transparency and security governance. Overall, the website demonstrates good content quality, user experience, and branding consistency but requires urgent improvements in transport security and security headers to protect user data and enhance trust.

S

Ströer SE & Co. KGaA

stroeer.com

65

Ströer SE & Co. KGaA is a leading German media company specializing in Out-of-Home (OOH) advertising, digital advertising, dialog marketing, and e-commerce services. Listed on the MDAX, Ströer holds a strong market position in Germany with a comprehensive portfolio of advertising solutions supported by subsidiaries and partner companies. The company emphasizes sustainability and diversity, aiming for CO2 neutrality by 2025 and fostering an inclusive work environment. Technically, the website is built on TYPO3 CMS with modern frontend technologies like Alpine.js and uses Cloudflare for DNS and CDN services. Analytics are managed via Matomo, and cookie consent is handled by Cookiebot, ensuring GDPR compliance. Security posture is solid with valid SSL certificates, SPF and DMARC records, but lacks advanced DNS security features like DNSSEC and CAA records. The site does not currently publish a security policy or incident response plan publicly. Overall, the website demonstrates a professional, trustworthy, and well-maintained digital presence aligned with business goals and regulatory requirements.

R

Redseven Entertainment

redseven.de

58

Redseven Entertainment is a prominent German media company specializing in the development and production of innovative entertainment formats for national and international TV and streaming markets. With offices in Munich, Cologne, and Berlin, the company offers a broad portfolio including TV productions, branded content, visual effects, and content development. Their market position is strong, supported by well-known brands such as Germany’s Next Topmodel and collaborations with major broadcasters and streaming platforms. Technically, the website infrastructure leverages Cloudflare for DNS and hosting, uses Matomo for privacy-conscious analytics, and employs Usercentrics for cookie consent management, reflecting a mature digital presence. However, performance is moderate with room for optimization.

W

WP-Network

wp-network.org

49

WP-Network is a non-profit association based in Austria that unites WordPress professionals, digital agencies, freelancers, and web developers primarily in the Austrian and DACH region. The organization offers networking opportunities through monthly WordPress meetups, an expert search platform, and a job board targeting WordPress-related roles. It is supported by sponsorships from recognized companies in the WordPress ecosystem and funded through membership fees and event revenues. The website is well-branded and professionally presented, targeting a niche community of WordPress professionals. Technically, the website is built on WordPress 6.8.1 using the Enfold theme and child theme customizations. It employs modern web technologies including jQuery, Font Awesome, and Matomo analytics for user tracking. The site is hosted with domaintechnik.at and uses structured data (JSON-LD) for SEO enhancement. However, the website suffers from a critical security weakness due to the absence of a valid SSL certificate and lack of HTTPS support, which undermines user trust and data security. From a security perspective, the site has implemented a GDPR-compliant cookie consent mechanism with detailed cookie categories and uses SPF records for email authentication. Nevertheless, it lacks essential security headers, modern TLS protocols, HSTS, and DMARC records. These gaps expose the site to potential risks such as data interception, phishing, and email spoofing. No explicit security policy, incident response contacts, or vulnerability disclosure statements are found. Overall, WP-Network is a valuable community resource with a solid business model and good digital maturity but requires urgent improvements in its security posture to protect its users and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, and implementing comprehensive security headers and email authentication policies.

D

DRVLESS

drvless.com

54

Drvless is a technology company specializing in AI-powered software solutions for test automation, test case generation, robotic process automation, and continuous monitoring to optimize quality assurance processes. The company positions itself as an innovative player with over 25 years of automation experience and recognized excellence by the European Commission. Their product suite targets software development and QA teams seeking efficient and easy-to-use automation tools. The website reflects a mature digital presence built on WordPress with Elementor, featuring clear product offerings, trial options, and partnership with Objentis consultancy for enhanced customer support. Technically, the website leverages modern web technologies and plugins such as Matomo for analytics and Borlabs for cookie consent management, indicating a commitment to privacy compliance. However, the absence of a valid SSL certificate and lack of modern TLS support represent significant security weaknesses that could undermine user trust and data protection. The DNS configuration is standard but lacks DNSSEC and CAA records, which could improve domain security. Security posture is moderate with good email authentication (SPF) but critical gaps in transport security and missing security policies or incident response information. The site implements GDPR-compliant privacy and cookie policies with consent mechanisms, but no explicit terms of service or vulnerability disclosure policies were found. Contact information is clearly provided, supporting user engagement and support. Overall, Drvless demonstrates a strong business and technical foundation with room for improvement in security hardening and transparency. Addressing SSL/TLS issues and publishing comprehensive security policies would enhance trust and compliance, supporting their market position as a reliable AI automation provider.

M

Münchener Hypothekenbank eG

mhb.de

60

Münchener Hypothekenbank eG is a specialized financial institution focused on long-term real estate financing, serving private customers, commercial clients, and investors primarily in Germany. The bank emphasizes sustainability in its lending practices and maintains a strong market position with a history dating back to 1896. The website reflects a mature digital presence built on Drupal 10, integrating modern frontend technologies and a comprehensive cookie consent mechanism via Cookiebot. Analytics are handled through Matomo, balancing user tracking with privacy compliance. Security posture is solid with modern TLS protocols and no known vulnerabilities, though improvements such as DNSSEC, DMARC, and HSTS could enhance protection. Contact information is clearly presented, supporting customer engagement. Overall, the site demonstrates professionalism and trustworthiness aligned with its financial services business.

J

JTL-Software GmbH

jtl-url.de

63

JTL-Software GmbH is a leading German provider of ERP and e-commerce software solutions tailored for online retailers. With a strong market presence in the DACH region and over 50,000 customers, JTL offers a comprehensive ecosystem including ERP systems, online shop platforms, warehouse management, marketplace integration, and middleware solutions. Their product suite supports B2C, B2B, and D2C business models, emphasizing flexibility and scalability. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates advanced analytics and marketing tools such as Google Tag Manager, Matomo, and Microsoft Clarity. Security-wise, the site employs strong TLS protocols and valid certificates but lacks DNSSEC, HSTS, and CAA records, which are recommended for enhanced security. The company demonstrates strong compliance with GDPR through detailed privacy and cookie policies and uses a robust consent management system. Overall, JTL maintains a high level of professionalism, trustworthiness, and digital maturity, positioning itself as a reliable partner in the e-commerce software market.

R

respACT

respact.at

60

respACT is Austria's leading corporate platform for Corporate Social Responsibility (CSR), providing a comprehensive network and resources for businesses committed to sustainable development. The platform offers events, training, publications, and member services targeting companies and organizations interested in CSR and sustainability. Technically, the website is built on the siteswift CMS framework, leveraging modern JavaScript libraries such as jQuery, Swiper.js, and Macy.js, with analytics powered by Matomo and Brevo. The site implements GDPR-compliant cookie consent via Klaro and maintains a valid SSL certificate with strong TLS configurations. Security posture is generally good, with SPF and DMARC records configured, but improvements such as enabling HSTS, OCSP stapling, and DNSSEC are recommended. Overall, respACT demonstrates a mature digital presence with good content quality and user experience, positioning it as a trusted resource in the Austrian CSR ecosystem.

Q

Qwist GmbH

qwist.com

63

Qwist GmbH is a leading open finance platform operating primarily in the DACH and Iberian markets, offering a comprehensive suite of B2B2X financial technology products. Their key offerings include digital account and portfolio switching, open banking compliance solutions, financial data analytics, and digital lending integration. The company positions itself as the #1 open finance company in its region, serving major banks and financial institutions with a strong investor backing from Finch Capital and Finleap. Technically, the website is built on WordPress with the Divi theme and leverages modern marketing and analytics tools such as HubSpot, Matomo, and SalesLoft. The site employs GDPR-compliant cookie consent via Cookiebot and maintains a valid SSL certificate, although some security enhancements like HSTS and DNSSEC are absent. Performance is moderate with good mobile optimization and SEO practices. From a security perspective, Qwist demonstrates solid foundational practices including SPF and DMARC email protections and encrypted communications. However, the absence of advanced DNS security measures and a public security or incident response policy suggests room for improvement. No critical vulnerabilities were detected in the current analysis. Overall, Qwist presents a professional and trustworthy digital presence aligned with its market leadership in open finance. Strategic security enhancements and transparency in incident response would further strengthen its risk posture and customer confidence.

天

天津云脉三六五科技有限公司

kuajingvs.com

60

天津云脉三六五科技有限公司 operates the website kuajingvs.com, branded as 跨境卫士, providing specialized security and operational solutions for cross-border e-commerce sellers. The company focuses on multi-platform account security, offering products such as a secure browser, VPS solutions, virtual number management, and AI tools to enhance operational efficiency and reduce risks of account bans. Their market position is strong within the Chinese cross-border e-commerce sector, supporting over 300 million protected stores and integrating with over 100 platforms. The website content and services target e-commerce sellers managing multiple accounts across platforms like Amazon, eBay, Shopee, and TikTok Shop.

A

Angelbird Technologies GmbH

angelbird.com

71

Angelbird Technologies GmbH operates a professional e-commerce platform specializing in high-performance storage media such as memory cards, SSDs, and custom media solutions tailored for camera and audio professionals. The company positions itself as a niche market leader with a focus on quality and innovation, serving a global audience with a strong presence in Austria. The website demonstrates a solid digital infrastructure with modern web technologies, fast performance, and good mobile optimization. Security posture is generally good with valid SSL certificates, secure cookie practices, and HSTS enabled, though the lack of modern TLS protocols and absence of a cookie consent mechanism indicate areas for improvement. The company maintains active social media channels and provides comprehensive privacy and terms of service documentation, supporting trust and compliance. Overall, Angelbird shows a mature digital presence with room to enhance security and privacy transparency further.

D

DEKRA Certificación

dekra-certification.es

71

DEKRA Certificación is a leading European certification body accredited by ENAC, specializing in audits and certifications across quality, environmental management, occupational health and safety, sustainability, and cybersecurity sectors. The company offers a broad portfolio of certifications including ISO 9001, ISO 14001, ISO 45001, and industry-specific certifications such as SERMI and TISAX, targeting businesses aiming to improve compliance and operational excellence. Their market position is strong, supported by recognized accreditations and a comprehensive service offering tailored to various industries in Spain and beyond. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, hosted on Azure, and integrates multiple analytics and marketing tools such as Matomo, Hotjar, and Google Tag Manager. The site demonstrates good performance, mobile optimization, and accessibility, reflecting a mature digital infrastructure. However, the SSL/TLS configuration shows no enabled TLS protocols, which is unusual and should be addressed for secure communications. From a security perspective, the site implements robust HTTP security headers including HSTS, CSP, and X-Frame-Options, but the lack of TLS 1.2 or higher and the disabled X-XSS-Protection header indicate areas for improvement. No explicit security policy or incident response information is publicly available, which could be a gap in transparency and readiness. The site complies with GDPR, featuring comprehensive privacy and cookie policies with consent mechanisms. Overall, DEKRA Certificación presents a professional and trustworthy online presence with strong business credentials and technical maturity. Addressing the TLS configuration and enhancing security transparency would further strengthen their security posture and user trust.

D

DEKRA

dekra.com

77

DEKRA is a globally established enterprise founded in 1925, specializing in safety, security, and sustainability services across multiple sectors including automotive, industrial inspection, cybersecurity, and sustainability advisory. The company operates in over 50 countries, providing comprehensive services such as testing, certification, consulting, and training. Technically, DEKRA employs modern web technologies including Nuxt.js and Vue.js, hosted on Microsoft Azure, with strong performance and mobile optimization. Security measures are robust, featuring strict transport security, secure cookies, and a comprehensive content security policy, though enabling modern TLS versions would enhance security further. The website demonstrates good compliance with GDPR and includes detailed privacy and cookie policies. Overall, DEKRA maintains a high level of professionalism and trustworthiness, supported by extensive certifications and a strong global presence.

H

Heyflow GmbH

heyflow.com

75

Heyflow GmbH is a technology company specializing in no-code lead generation solutions, offering interactive lead funnels, multi-step forms, and customizable landing pages. Positioned as a user-friendly platform with native analytics and extensive integrations, Heyflow targets performance marketers, designers, agencies, and enterprises seeking to optimize lead conversion. The company is based in Germany and founded in 2020, with a medium-sized operational scale. Technically, Heyflow employs modern web technologies including Eleventy for static site generation, Cloudflare and Netlify for hosting and CDN, and integrates analytics tools like Matomo and Google Analytics. The website demonstrates excellent performance, mobile optimization, and SEO practices. Security-wise, Heyflow maintains a strong posture with ISO 27001 certification, GDPR compliance, robust security headers, and HSTS enabled, though TLS protocols could be updated for enhanced security. The company actively manages user consent and privacy through Usercentrics CMP and provides clear legal documentation. Overall, Heyflow presents a professional, trustworthy, and technically mature digital presence with a focus on security and compliance.

L

Liana Technologies

lianamailer.com

59

Liana Technologies operates a professional email marketing platform, LianaMailer, targeting B2B and B2C marketing teams globally. The company positions itself as a trusted provider with over 1,500 customers, offering advanced features such as AI-assisted content creation, personalized newsletters, and comprehensive reporting. Their technical infrastructure leverages modern web technologies, Cloudflare hosting, and integrates multiple analytics and marketing tools, reflecting a mature digital presence. Security posture is solid with HSTS and no known SSL vulnerabilities, though the lack of modern TLS protocols and DNSSEC indicates room for improvement. Privacy compliance is strong with GDPR adherence and cookie consent mechanisms in place. Overall, the website and service demonstrate high professionalism, trustworthiness, and a customer-centric approach.

C

castLabs

castlabs.com

71

castLabs is a specialized technology company providing premium digital video delivery solutions including cross-platform video players, multi-DRM licensing, conditional access systems, forensic watermarking, and cloud encoding. Positioned as a trusted B2B partner, castLabs serves OTT service providers, PayTV broadcasters, and passenger entertainment sectors with a combination of software products and expert consulting services. The company demonstrates a solid market presence with notable clients and partners such as Brightcove, HBO Europe, and PBS. Technically, the website is built on WordPress with modern SEO and analytics tools like Yoast SEO and Matomo, hosted on Google Cloud infrastructure. Security posture is strong with valid SSL certificates, HSTS preload, and multiple security headers, although TLS protocols are not enabled and DNSSEC is absent. Privacy and cookie policies are present with consent mechanisms, but no explicit security policy or incident response details are published. Overall, the website reflects a professional and trustworthy digital presence aligned with its business focus.

I

IONOS Inc.

ionos-status.com

73

The website demonstrates a mixed security posture with no critical vulnerabilities but multiple high and medium risk issues that could impact business operations and compliance. Key deficiencies include missing critical HTTP security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and absence of formalized security and incident response frameworks aligned with NIS2 requirements. While SSL/TLS and network security configurations are generally strong, the approaching SSL certificate expiration and weak HSTS settings present avoidable risks. The lack of documented security policies and incident response plans exposes the organization to increased operational and reputational risks in case of a breach. GDPR non-compliance may result in regulatory penalties and loss of customer trust. Immediate remediation in security headers, GDPR compliance, and NIS2 framework implementation is essential to strengthen the security baseline and meet regulatory obligations. Overall, this assessment highlights the need for a structured approach to security governance and technical hardening to reduce business risk effectively.

R

RFTB Digital Agency

rftb.agency

68

The website demonstrates a moderate security posture with no critical vulnerabilities detected but multiple high and medium-risk issues that could impact regulatory compliance and operational security. Notably, major gaps in GDPR compliance, including lack of privacy and cookie policies as well as absence of a consent mechanism, expose the business to legal and reputational risks. The absence of a formal information security framework, security policies, incident response, and business continuity plans significantly weakens the organization's resilience against cyber threats and regulatory mandates like NIS2. Technical security controls such as security headers and network services also show deficiencies, including missing Content-Security-Policy headers and exposure of high-risk services like FTP. SSL/TLS and email security are relatively strong, mitigating some risk. Overall, the company should urgently address compliance and governance gaps while strengthening security controls to reduce exposure and support sustainable business operations. Failure to act could result in regulatory penalties, data breaches, and damage to customer trust.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected, which reduces immediate risk of severe exploitation. However, significant gaps exist in compliance with GDPR and NIS2 regulations, particularly concerning privacy policies, cookie management, and documented security frameworks. Missing or weak security headers and incomplete SSL/TLS configurations leave the site vulnerable to man-in-the-middle attacks and data exposure. The absence of incident response and business continuity plans poses risks to operational resilience during security incidents. Network and email security settings are strong, which is a positive foundation. Immediate remediation in legal compliance and security policy documentation is essential to avoid regulatory penalties and reputational damage. Addressing SSL/TLS and header-related weaknesses will enhance user trust and protect sensitive information. Overall, the business should prioritize closing compliance gaps and reinforcing core security controls to safeguard assets and customer data effectively.