Security Directory

V

Verein zur Förderung der entwicklungspolitischen Publizistik e.V.

welt-sichten.org

50

Welt-Sichten is a German-language non-profit magazine focused on global development and ecumenical cooperation. It is published by the Verein zur Förderung der entwicklungspolitischen Publizistik e.V. and partners with reputable NGOs such as Brot für die Welt and Misereor. The website offers rich content including articles, newsletters, and partner network contributions, targeting readers interested in social justice and development issues. Technically, the site is built on Drupal 10, uses Matomo and Google Tag Manager for analytics, and implements a consent management platform for GDPR compliance. Security posture is strong with HTTPS, security headers, and secure forms, though no explicit security policy or incident response contacts are found. WHOIS data is unavailable due to privacy protection, which is justified for this type of organization. Overall, the site is professional, trustworthy, and well-maintained.

T

The Reef-World Foundation

reef-world.org

66

The Reef-World Foundation is a well-established non-profit organization dedicated to coral reef conservation globally, leveraging marine conservation, sustainable tourism, and community engagement. Founded in 1999, it has a strong market position with extensive reach across 80+ countries and significant engagement with marine tourism businesses and tourists. The website reflects a professional and consistent brand image, targeting environmental stakeholders and the general public interested in marine conservation. Technically, the website is built on the Squarespace platform, utilizing modern web technologies including Google Analytics and Tag Manager for tracking, and a video player for rich media content. The site is mobile-optimized and performs moderately well, with good SEO and basic accessibility features. From a security perspective, the site enforces HTTPS with HSTS and has domain transfer protections in place. However, it lacks DNSSEC and explicit security or privacy policies, which are areas for improvement. No vulnerabilities or suspicious activities were detected. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and explicit security documentation to improve user trust and regulatory adherence.

Schloss - Herbersteins Brasserie is a small hospitality business based in Linz, Austria, offering restaurant dining, catering, exclusive event hosting, and special events such as Candle Light Dinners. The website positions the business as a local venue with a focus on quality dining experiences and private celebrations. The technical infrastructure is based on an older TYPO3 CMS version 4.5, with JavaScript libraries such as jQuery 1.4.4, and uses Google Analytics and Google Tag Manager for tracking. While the site is functional and provides clear contact information and event details, it lacks modern security headers and cookie consent mechanisms, which are important for GDPR compliance. The security posture is moderate but could be improved by updating outdated libraries and implementing security best practices. Overall, the website is professional and trustworthy but would benefit from technical modernization and enhanced privacy compliance.

O

OX Steaks & Grill Ried

ox-ried.at

55

OX Steaks & Grill Ried is a hospitality business specializing in high-quality steaks, burgers, fish dishes, and Mediterranean appetizers. The restaurant positions itself as a premium dining location with a unique ambiance and a loyalty app for customers. The business is currently closed for renovation until November 2025, aiming to relaunch with a new concept. The website is built on TYPO3 CMS and integrates modern web technologies including Google Analytics and Facebook Pixel for marketing and analytics purposes. Privacy and cookie policies are well implemented with user consent mechanisms. Contact information and legal disclosures are clearly presented, enhancing business credibility. Security posture is good with HTTPS and anonymized IP tracking, though formal security policies and incident response contacts are not published. Overall, the website is professional, secure, and compliant with GDPR, serving a general audience in Austria.

O

OX-Fischapark GmbH

ox-wrneustadt.at

56

OX-Fischapark GmbH operates a hospitality business in Wiener Neustadt, Austria, specializing in steaks, pizza, and burgers served in a high-quality ambiance. The website reflects a well-established regional restaurant brand with multiple sister locations, offering dine-in services, online reservations, and gift vouchers. The business targets local residents and visitors seeking quality dining experiences. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates Google Analytics and Facebook Pixel for marketing and analytics. The site is mobile-optimized and provides clear navigation and content relevant to its audience. Security-wise, the site enforces HTTPS and includes cookie consent mechanisms compliant with GDPR. However, it lacks explicit security policies and incident response contacts. Overall, the website is professional, trustworthy, and compliant with privacy regulations, supporting the business's credibility and customer engagement.

O

OX Tulln GmbH & Co KG

ox-tulln.at

56

OX Tulln GmbH & Co KG operates a hospitality business focused on steak and grill dining complemented by a music bar offering cocktails and snacks. The company positions itself as a premium dining location in Tulln, Austria, targeting a broad audience including partygoers and food enthusiasts. Key services include high-quality food offerings, an online reservation system, a loyalty app, and gift vouchers. The website is built on TYPO3 CMS with modern frontend technologies and integrates marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Privacy and cookie policies are comprehensive and GDPR compliant, with clear consent mechanisms. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers and policies could be improved. Overall, the website is professional, trustworthy, and well-structured, supporting the business's market position effectively.

O

OX Wels Steaks&Grill GmbH & Co KG

ox-wels.at

56

OX Wels Steaks&Grill GmbH & Co KG operates a hospitality business specializing in high-quality steaks, fish dishes, Mediterranean appetizers, and a broad selection of wines in Wels, Austria. The website serves as a digital front for the restaurant, offering online reservations, gift voucher sales, and promoting a loyalty app. The business targets local and regional customers seeking premium dining experiences. The company maintains a network of partner hospitality sites, indicating a strong local market presence. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries such as jQuery, Fancybox, and carousel plugins. It integrates Google Analytics and Google Tag Manager with privacy-conscious configurations like IP anonymization. The site is mobile-optimized and provides a good user experience with clear navigation and downloadable menus. Cookie consent mechanisms and a comprehensive privacy policy demonstrate GDPR compliance. From a security perspective, the site uses HTTPS with no visible critical vulnerabilities or exposed sensitive data. However, it lacks explicit security policies and incident response contacts. The use of third-party scripts is standard but should be regularly audited. Overall, the security posture is solid but could be enhanced with additional headers and formal policies. The overall risk is low with no signs of malicious activity or suspicious registrations. Strategic recommendations include formalizing security policies, enhancing incident response readiness, and continuous monitoring of third-party components to maintain compliance and security standards.

R

Roland Schmid Group

rsgroup.at

57

The Roland Schmid Group website presents a professional corporate presence focused on digitalization and innovation, led by owner Roland Schmid. The business appears to operate as an investment and holding entity with services including investments, sponsoring, and press relations. The website targets a German-speaking Austrian audience and maintains consistent branding and good content quality. Technically, the site is built on WordPress using the Avada theme and Fusion Builder, incorporating modern web technologies and SEO best practices. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though some security headers are missing and no explicit security policies or incident response contacts are published. Overall, the site is trustworthy and compliant with GDPR cookie requirements but could improve transparency on security and contact details.

L

lexunited GmbH

lexunited.com

61

lexunited GmbH operates as an official billing office of the Republic of Austria, providing authorized access to key public legal databases such as land registry, company register, and central population register. Founded in 2004 and based in Vienna, the company targets legal professionals and government officials, offering access to over 15 million documents across Austria, Germany, Switzerland, and the EU. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to its audience. Technically, the site is built on WordPress with modern plugins and integrates Google services for analytics and security, including reCAPTCHA. Security posture is solid with HTTPS and consent mechanisms, though explicit security headers and policies are absent. WHOIS data is missing, which impacts transparency and trust, but the business claims and website content appear legitimate and authoritative.

C

Center for International Private Enterprise

cipe.org

71

The Center for International Private Enterprise (CIPE) is a well-established non-profit organization founded in 1983, focused on promoting democracy and economic development through private sector engagement. The organization partners with local entities worldwide to craft business-driven solutions addressing socio-economic challenges. The website reflects a mature digital presence with a clear mission, professional design, and comprehensive content targeting business leaders, policymakers, and international development stakeholders. Technically, the website is built on WordPress, leveraging modern technologies such as Google Analytics, Microsoft Clarity, and Google Tag Manager for analytics and user tracking. The site is mobile-optimized, accessible, and SEO-friendly, with appropriate meta tags and structured data enhancing search visibility. Security best practices are observed with HTTPS enforcement and security headers, although explicit security policies and incident response information are not publicly available. From a security perspective, the site demonstrates a good posture with no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong, featuring a comprehensive privacy policy, cookie consent mechanisms, and GDPR adherence. However, the absence of a vulnerability disclosure program or security.txt file suggests room for improvement in transparency and incident handling readiness. Overall, the website presents a trustworthy and professional image consistent with the organization's mission and history. The lack of WHOIS data limits domain registration insights, but privacy protection is justified for this non-profit entity. Strategic recommendations include publishing detailed security policies, incident response contacts, and vulnerability disclosure information to enhance trust and security maturity.

S

SlovakAid

slovakaid.sk

57

SlovakAid is the official Slovak government agency responsible for international development cooperation and humanitarian aid. Established in 2003, it operates as a medium-sized government entity focused on delivering development projects, humanitarian assistance, microgrants, and fostering international partnerships. The agency targets governmental bodies, NGOs, and the general public interested in Slovakia's global development efforts. The website reflects a mature digital presence with comprehensive content, multilingual support, and clear navigation. Technically, it is built on WordPress with Elementor, leveraging modern web technologies and Cloudflare DNS for hosting and performance. Security posture is strong with HTTPS, security headers, and privacy compliance including GDPR. No critical vulnerabilities or WAF blocking were detected. The site integrates Google Analytics and Facebook Pixel for analytics and marketing, with appropriate consent mechanisms. Overall, SlovakAid presents a trustworthy, professional, and well-maintained online presence aligned with its governmental mission.

N

Nadácia Pontis

nadaciapontis.sk

59

Nadácia Pontis is a Slovak non-profit foundation dedicated to fostering positive changes through social innovation, philanthropy, and responsible business practices. The organization connects companies, organizations, and individuals to promote social impact initiatives. The website reflects a medium-sized, established non-profit entity with a clear mission and a professional online presence. The target audience includes firms, organizations, and individuals interested in social responsibility and innovation. The foundation offers services such as events, seminars, volunteer programs, and internships to engage its community. Technically, the website is built on WordPress 6.7.1 and leverages modern tools including Google Tag Manager, Google Analytics, Facebook Pixel, and various WordPress plugins for multilingual support, forms, and social media integration. The site is hosted with CDN support (Cloudfront) and uses HTTPS with strong SSL configuration. Performance and mobile optimization are good, though accessibility features are basic. SEO is well implemented with proper meta tags and structured data. From a security perspective, the site enforces HTTPS and uses reCAPTCHA for forms, indicating good baseline security practices. However, explicit security headers are missing, and there is no published security policy or incident response information. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with a cookie consent mechanism present but no visible privacy policy or terms of service pages. Overall, the website is trustworthy and professional, with extensive user tracking and marketing tools. The absence of explicit privacy and security policies is a gap that should be addressed to enhance compliance and user trust. The domain registration data aligns well with the organization's identity, supporting legitimacy. Strategic recommendations include adding privacy and security policies, implementing security headers, and publishing vulnerability disclosure information.

T

TopChrétien

topchretien.com

58

TopChrétien is a prominent French-speaking Christian community platform dedicated to sharing messages of love, forgiveness, and faith growth. It offers a wide range of content including daily devotionals, Bible reading plans, music, videos, audio messages, and educational courses. The platform serves over 500,000 members and maintains a strong online presence with multiple specialized subdomains and partner sites. Technically, the website is built on a custom Django-based CMS, leveraging modern web technologies and accessibility features such as sign language mode and dyslexic-friendly reading options. Security-wise, the site enforces HTTPS, uses CSRF tokens, and includes secure cookie attributes, though it lacks explicit cookie consent and a published security policy. WHOIS data confirms the legitimacy and transparency of the organization behind the domain. Overall, TopChrétien presents a professional, trustworthy, and well-maintained digital presence tailored to its faith-based audience.

B

Body Attack Sports Nutrition

body-attack.at

59

Body Attack Sports Nutrition operates a professional e-commerce platform specializing in fitness nutrition products such as protein powders, creatine, amino acids, and workout boosters. The company targets fitness enthusiasts and athletes primarily in German-speaking countries, emphasizing quality with a 'Made in Germany' label and 30 years of experience. The website is well-branded, consistent, and provides a good user experience with clear navigation and mobile optimization. Technically, the site leverages Shopware CMS, Google Tag Manager, and other modern web technologies with lazy loading to enhance performance. Security posture is solid with HTTPS and consent management, though some security headers and explicit policies are missing. WHOIS data aligns well with the business claims, supporting legitimacy. Overall, the site is trustworthy and professionally maintained but would benefit from publishing comprehensive privacy, terms, and security policies to improve compliance and user trust.

B

Bond

bond.org.uk

64

Bond is a UK-based non-profit organization that connects and champions a network of civil society organizations focused on eradicating global poverty, inequality, and injustice. The website demonstrates a strong market position within the international development sector, offering advocacy, events, job boards, training, and resources to its members. The organization is registered as a charity and company in England and Wales, reinforcing its legitimacy and trustworthiness. Technically, the website is built on WordPress with a modern tech stack including jQuery, Bootstrap, and Google Tag Manager. It is well-optimized for performance, mobile responsiveness, and SEO, providing an excellent user experience. The site uses HTTPS with good SSL configuration and employs best practices such as secure forms and controlled script loading. From a security perspective, the site shows a solid posture with HTTPS enforcement and no visible vulnerabilities or exposed sensitive data. However, explicit security headers and a published security policy or incident response contacts are absent, representing areas for improvement. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional, trustworthy, and well-maintained, with minor gaps in security policy transparency. The WHOIS data for the 'www.bond.org.uk' subdomain is unavailable due to domain naming rules, but the main domain 'bond.org.uk' is presumably authoritative and legitimate. Strategic recommendations include enhancing security headers, publishing security policies, and implementing vulnerability disclosure mechanisms.

A

Alda Europe

alda-europe.eu

40

Alda Europe is a well-established non-profit organization focused on fostering local democracy and civil society development across Europe and beyond. With 25 years of experience, it operates as a global alliance of local and regional authorities and civil society actors, delivering projects, advocacy, and capacity building services. The website reflects a professional and consistent brand image, targeting stakeholders in governance, civil society, and regional development. Technically, the site is built on WordPress with modern plugins and frameworks, ensuring good performance and mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and explicit policies could be improved. Overall, the site is trustworthy and compliant with privacy regulations, though WHOIS data is unavailable due to privacy protection, which is typical for such organizations.

A

ADRA Europe

adra.eu

50

ADRA Europe is a well-established Christian humanitarian aid organization operating globally with a focus on disaster relief, health, education, and livelihoods. The website presents a professional and consistent brand image, targeting donors, volunteers, and partners interested in humanitarian causes. Technically, the site is built on WordPress using Elementor and WooCommerce, integrating Google Analytics and Tag Manager for marketing and analytics purposes. The site is mobile-optimized and SEO-friendly but could improve accessibility features. Security posture is good with HTTPS enforced and cookie consent implemented, though the absence of security headers and privacy policy pages indicates room for improvement. Overall, the domain registration is consistent with a legitimate non-profit entity, enhancing trustworthiness. Strategic recommendations include publishing privacy and terms of service policies, adding security headers, and establishing incident response contacts to strengthen compliance and security.

A

ActionAid International

actionaid.org

65

ActionAid International is a well-established global non-profit federation dedicated to eradicating poverty and injustice through humanitarian aid, advocacy, and development programs. The organization operates in multiple countries worldwide, focusing on key themes such as women's rights, climate justice, emergencies, and economic and political issues. Their website reflects a professional and consistent brand image, providing comprehensive information about their mission, activities, and resources. The presence of multiple country-specific domains underscores their global footprint and operational scale. Technically, the website is built on Drupal 10, leveraging modern analytics tools like Google Analytics, Google Tag Manager, and Hotjar for user behavior insights. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Hosting and DNS services utilize Cloudflare, enhancing availability and resilience. Privacy and cookie compliance are well implemented, including user consent mechanisms aligned with GDPR requirements. From a security perspective, the site enforces HTTPS and employs domain transfer protection. However, DNSSEC is not enabled, and no explicit security headers were detected in the HTML content, representing areas for improvement. No vulnerability disclosure or incident response contacts are publicly available, which could be enhanced to improve transparency and trust. Overall, the security posture is solid but could benefit from additional hardening and disclosure practices. The overall risk assessment is low, with no indications of malicious content or suspicious activity. The site is trustworthy, professionally maintained, and compliant with privacy regulations. Strategic recommendations include enabling DNSSEC, publishing a vulnerability disclosure policy, adding security headers, and providing clear incident response contacts to further strengthen security and compliance posture.

A

ACT Alliance EU

actalliance.eu

57

ACT Alliance EU is a coalition of European faith-based development and humanitarian NGOs focused on advocating for fairer, locally-led humanitarian and development policies. The organization operates as a non-profit network, emphasizing social, economic, and environmental justice, and the empowerment of local communities. Their market position is that of a recognized European NGO coalition with a clear advocacy and networking mission. Technically, the website is built on WordPress using Elementor, with modern web technologies such as Google Tag Manager and FontAwesome. The site is mobile-optimized and SEO-friendly, though performance is moderate. Security posture is good with HTTPS enforced and cookie consent implemented, but lacks some advanced security headers and explicit public security policies. Overall, the site is professional, trustworthy, and compliant with GDPR, though it could improve transparency around security and incident response. The domain registration is consistent with the business purpose, with no suspicious patterns detected.

B

Body Attack Sports Nutrition

body-attack.de

66

Body Attack Sports Nutrition operates a professional e-commerce platform specializing in fitness and sports nutrition products, targeting German-speaking fitness enthusiasts and athletes. The company leverages a mature digital infrastructure based on the Shopware platform, enhanced with modern performance optimizations such as lazy loading and integration with Google Tag Manager and Mollie payment services. The website demonstrates consistent branding and a clear market position as a trusted German fitness nutrition provider with over 30 years of experience. Security posture is solid with HTTPS and Cloudflare DNS/CDN usage, though explicit security headers and policies are not fully visible. Privacy compliance is limited due to missing visible privacy and cookie policies. Overall, the site is well-designed, user-friendly, and trustworthy for its target audience.

K

KW automotive GmbH

kwautomotive.de

55

KW automotive GmbH is a well-established German company specializing in chassis optimization for racing and street vehicles, with over 30 years of industry experience. The company operates an informative and professionally designed website built on WordPress with Elementor, targeting automotive professionals and enthusiasts. The site supports multilingual content and integrates modern web technologies and analytics tools. Security posture is solid with HTTPS and reCAPTCHA, though explicit security policies and headers could be improved. Privacy compliance is basic, with cookie consent implemented but no visible privacy or terms of service pages. Overall, the website reflects a credible and mature business with room for enhanced transparency and security documentation.

A

AirTrack Factory

airtrackfactory.com

71

AirTrack Factory is a medium-sized e-commerce business specializing in the manufacture and sale of AirTrack sports equipment such as AirFloor, AirTrick, and AirBag products. Established in 2011, it positions itself as the world's leading AirTrack manufacturer, targeting sports enthusiasts, gymnasts, athletes, and families. The website is professionally designed with consistent branding and good content relevance, supporting multiple languages via WPML. The business model is direct online sales with integrated payment processing via Stripe.

N

Netxp GmbH

netxp-verein.de

62

Netxp GmbH operates the website www.netxp-verein.de, providing specialized online software solutions for clubs and associations to manage memberships, finances, and communications efficiently. The company positions itself as a trusted provider with a focus on ease of use, multi-user access, and comprehensive club management features. The website is professionally designed, well-structured, and targets German-speaking clubs and associations. Technically, the site uses modern web technologies including jQuery, Bootstrap, and tracking tools such as Google Analytics and Facebook Pixel, hosted on Schlund Technologies infrastructure. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers and explicit security policies are absent. Overall, the site is trustworthy, compliant with GDPR, and provides clear contact information and social media presence.

P

Pedalo®

pedalo.de

49

Pedalo® is a well-established German company specializing in innovative products and concepts for movement, play, sport, and therapy. Founded in 1963, it targets a broad demographic from children to seniors, emphasizing quality, sustainability, and health promotion. The company operates an e-commerce platform powered by Shopware, integrating modern payment methods such as PayPal and Amazon Pay, and employs Google Tag Manager and analytics for marketing and user behavior tracking. The website is professionally designed, mobile-optimized, and provides clear navigation and customer support channels including phone and email contact. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response information are not publicly available. Overall, the site reflects a credible and trustworthy business with a solid digital presence.

L

lafree.ch - Site évangélique d'information

eglisesfree.ch

50

The website eglisesfree.ch serves as the official online presence for the Fédération romande d'Églises évangéliques (FREE), a non-profit federation of evangelical churches in French-speaking Switzerland. It provides news, event information, resources, and community support tailored to evangelical communities. The site is well-structured, content-rich, and targets a specific religious audience with relevant services such as podcasts, theological commissions, and youth programs. The business model is non-profit and community-focused, with partnerships to support its mission. Technically, the site is built on Joomla CMS using the Helix3 framework, integrating common web technologies like jQuery, Google Analytics, and YouTube embeds. The site is mobile-optimized and performs moderately well, with good SEO practices. However, it lacks some advanced accessibility features and security headers that could enhance its robustness. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks explicit privacy and cookie policies, which are critical for GDPR compliance. No vulnerability disclosure or security.txt files are present, and security headers are missing, indicating room for improvement in security posture. The WHOIS data aligns well with the website's identity, supporting legitimacy. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices to reduce risk and improve user trust.

L

lafree.ch - Site évangélique d'information

myfreelife.ch

50

Myfreelife.ch is a French-language evangelical Christian news and community website operated under the Fédération romande d’Églises évangéliques (FREE), targeting the Suisse romande evangelical community. The site provides news, portraits, spiritual reflections, and societal articles relevant to its audience. It maintains a consistent brand identity aligned with the federation and integrates social media channels for broader engagement. Technically, the site is built on Joomla CMS with the Helix3 template framework and uses common web technologies such as jQuery and Bootstrap. Google Analytics and Tag Manager are employed for user tracking. Security posture is adequate with HTTPS enabled and CSRF protections in forms, but lacks security headers and explicit privacy or cookie policies. Contact information and incident response details are not directly visible, which may impact user trust and compliance. Overall, the site is professionally presented, content-rich, and trustworthy within its niche, but could improve privacy compliance and security best practices.

C

CCEJ

cckj.ch

48

The website cckj.ch represents a small non-profit organization focused on promoting a charter for Christian children and youth work in Switzerland. The site provides information about the charter, encourages signatories, and targets Christian youth organizations and stakeholders. The business model is centered on advocacy and community engagement within a niche religious and youth sector. Technically, the website is built on WordPress using common plugins such as WPML for multilingual support and Contact Form 7 for user interaction. The site employs Google Analytics and Tag Manager for user tracking, indicating moderate digital maturity. Security posture is basic with HTTPS enabled but lacks advanced security headers and formal security policies. Privacy compliance is partial, with a privacy policy PDF available but no cookie consent mechanism or GDPR explicit indicators. Overall, the site is functional and professional but could improve in security and privacy compliance to enhance trust and regulatory adherence.

C

Central Danube - Twin City Liner

twincityliner.com

52

Twin City Liner operates a ferry transportation service connecting Vienna and Bratislava, offering a fast 75-minute journey along the Danube River. The website presents a professional and consistent brand image focused on this niche regional transport market. The technical infrastructure employs modern web technologies including Bootstrap, jQuery, and multiple analytics and tracking tools such as Google Analytics, Microsoft Clarity, and Bing Ads. Cookie consent is managed via Cookiebot, indicating some level of privacy compliance. However, the site lacks explicit privacy policy, terms of service, and contact information pages, which are important for user trust and regulatory compliance. Security posture is moderate with HTTPS enabled but missing explicit security headers and incident response information. The domain WHOIS data is consistent with the business profile, showing a long-established domain registered since 2005 with no suspicious patterns. Overall, the website is functional and professional but could improve in privacy and security transparency.

O

Observer

observer.at

72

Observer is Austria's leading media monitoring and brand intelligence company, established in 1896. The company offers comprehensive services including media monitoring across print, online, social media, and broadcast channels, media resonance analysis, market research, and brand intelligence tools. Their market position is strong, supported by a long history and partnerships with major brands. Technically, the website is built on WordPress with modern JavaScript libraries and SEO optimizations, providing a good user experience and mobile responsiveness. Security posture is solid with HTTPS, security headers, and cookie consent mechanisms in place, though a dedicated security policy and incident response information are absent. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

S

ServusTV On

servustv.com

67

ServusTV On is a professional Austrian media platform providing livestreams, on-demand content, TV programming, and news primarily in German. The website targets German-speaking audiences interested in sports, news, and entertainment. The platform leverages modern web technologies including Next.js and uses CDNs such as Red Bull's for content delivery. The site is well-designed, mobile-optimized, and includes structured data for SEO. Security posture is good with HTTPS enforced, but lacks explicit security headers and visible privacy or cookie policies. WHOIS data is unavailable, which raises some concerns about domain registration transparency. Overall, the site appears legitimate and professionally maintained but would benefit from improved privacy compliance and clearer contact information.

I

ImmoUnited GmbH

immounited.com

50

ImmoUnited GmbH operates a professional website focused on providing real estate data and land registry analytics services primarily in Austria. The company offers a suite of products designed to support real estate professionals, banks, insurers, developers, and legal experts with data-driven decision-making tools. The website is well-branded, consistent, and targets a specialized B2B and B2C audience in the real estate sector. Technically, the site is built on WordPress with modern plugins and includes SEO and analytics integrations, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, reCAPTCHA, and cookie consent mechanisms, though explicit security policies and incident response details are absent. Overall, the site is trustworthy, professional, and compliant with GDPR requirements.

Technogym is a globally recognized leader in manufacturing commercial and home fitness equipment, serving gyms, sports centers, healthcare facilities, and individual consumers. The website presents a professional and comprehensive catalog of products and services, emphasizing wellness and fitness solutions. Technogym's market position is strong, supported by decades of experience and Olympic partnerships. The technical infrastructure leverages modern web technologies such as React and integrates secure payment solutions like Adyen Checkout, indicating a mature digital presence. Security posture is generally good with HTTPS and secure payment integration, though explicit security headers and policies are not evident in the provided data. The absence of WHOIS registration details is a concern but does not detract significantly from the overall legitimacy given the brand's global recognition. Strategic recommendations include enhancing transparency around privacy, security policies, and domain registration details to bolster trust further.

V

VERBUND

verbund.com

75

VERBUND is Austria's leading energy company and a major producer of electricity from renewable sources in Europe. The company focuses on sustainable energy generation using water, wind, and solar power, positioning itself as a key player in the clean energy transition. The website reflects a mature digital presence with comprehensive corporate information, investor relations, and sustainability initiatives. The technical infrastructure includes a custom CMS, modern JavaScript frameworks, and integration with Google Tag Manager and a consent management platform, indicating a commitment to privacy and analytics best practices. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response details are not publicly available. Overall, the website is professional, trustworthy, and compliant with GDPR, serving a broad audience including customers, investors, and partners.

B

Burgenland Tourismus GmbH

burgenland.info

47

Burgenland.info is the official tourism website for the Burgenland region in Austria, providing comprehensive travel information, cultural highlights, and leisure activities. The site targets tourists and visitors seeking detailed guidance on visiting Burgenland, positioning itself as a trusted regional tourism authority. The business model focuses on tourism promotion and visitor engagement through digital content and event information. Technically, the website is built on the TYPO3 CMS platform, leveraging modern web technologies including JavaScript, CSS, and HTML5. It integrates multiple marketing and analytics tools such as Cookiebot for consent management, Facebook Pixel for advertising, Google Tag Manager, and Matomo for analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms aligned with GDPR requirements. However, explicit security headers and incident response information are not evident, suggesting room for improvement in security posture transparency. No critical vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the website presents a professional, trustworthy, and privacy-compliant digital presence for Burgenland tourism. The lack of WHOIS data limits domain registration insights, but the official nature and content quality support legitimacy. Strategic recommendations include enhancing security headers, publishing a security policy, and adding a vulnerability disclosure channel to strengthen trust and security readiness.

S

Schweizerische Elektro-Einkaufs-Vereinigung (eev Genossenschaft)

e-tec.swiss

50

The website www.e-tec.swiss is a professionally designed online magazine focused on electrical and communication technology topics, primarily serving the Swiss market. It provides comprehensive content on intelligent living, building automation, security systems, solar energy, and related electrical engineering subjects. The site is affiliated with the Schweizerische Elektro-Einkaufs-Vereinigung (eev Genossenschaft), which adds credibility and industry relevance. The content is well-structured, regularly updated, and targets both professionals and consumers interested in these technologies. Technically, the website uses a modern but somewhat dated JavaScript library (jQuery 1.11.3) alongside Google Tag Manager and Cookiebot for analytics and cookie consent management. The site is mobile optimized with good SEO practices and uses HTTPS securely. However, no advanced security headers were detected, and no CMS or hosting provider information was found. The site performance is moderate, with good mobile responsiveness and accessibility at a basic level. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms, but lacks visible security policies or incident response contacts. No vulnerabilities or suspicious external links were found. WHOIS data is privacy protected, which is common for Swiss domains, and the domain appears legitimate and consistent with the website's professional nature. Overall, the website presents a low risk profile with strong business credibility and good privacy compliance. Strategic recommendations include enhancing security headers, publishing explicit security and incident response policies, and updating JavaScript libraries to maintain security posture.

R

ReturnGO

returngo.ai

68

ReturnGO is a technology company founded in 2020, specializing in providing a SaaS platform for sustainable returns and exchanges management targeted at e-commerce businesses and retailers. Their platform offers self-service portals to streamline product returns, warranty claims, exchanges, tracking, and shipping, aiming to increase revenue and customer retention. The company positions itself as a niche provider in the returns management market with a professional and consistent brand presence. Technically, the website is built on WordPress using the Divi theme, integrated with HubSpot for marketing and analytics, and hosted behind Cloudflare DNS. The site demonstrates moderate performance and good mobile optimization but lacks some advanced accessibility features. Security posture is adequate with HTTPS and domain transfer lock, but lacks DNSSEC and some HTTP security headers. Privacy compliance is basic with a cookie consent mechanism but no visible privacy policy or terms of service on the homepage. Overall, the website is professional and trustworthy with moderate risk exposure due to missing privacy and security disclosures.

W

WERK Bowling Billard Events Parndorf

werkbowling.at

51

WERK Bowling Billard Events Parndorf is a local hospitality and entertainment business based in Parndorf, Austria, offering bowling, billiards, snooker, restaurant, bar, and event hosting services. The website reflects a well-established business founded around 2015, with a clear market position as a regional entertainment center. The company targets general audiences seeking leisure and event experiences. Technically, the website is built on WordPress with WooCommerce for e-commerce capabilities and uses modern SEO and cookie consent plugins, indicating a moderate level of digital maturity. Security-wise, the site enforces HTTPS and uses cookie consent mechanisms, but lacks explicit security policies or incident response contacts. Overall, the site is professional, compliant with GDPR, and trustworthy, with room for improvement in security header implementation and incident response transparency.

H

Heilsarmee Schweiz

armeedusalut.ch

48

The website armeedusalut.ch represents Heilsarmee Schweiz, a Swiss non-profit humanitarian organization focused on social aid, housing assistance, and community support. The site targets the general public, especially vulnerable populations and donors, providing information, resources, and calls to action for donations and volunteering. The organization holds recognized certifications such as ZEWO, enhancing its trustworthiness. Technically, the site is built on WordPress with modern plugins for multilingual support, consent management, and analytics integration. The site is mobile-optimized and accessible with good SEO practices. Security posture is solid with HTTPS, reCAPTCHA, and cookie consent, though additional HTTP security headers and published security policies would improve it further. WHOIS data confirms the domain's legitimacy and consistency with the organization's identity. Overall, the site is professional, trustworthy, and well-maintained, serving its humanitarian mission effectively.

A

A&G KG

ox-parndorf.at

40

OX Steaks & Grill Parndorf is a small hospitality business located in Austria, specializing in premium steak and grill dining experiences. The company offers a variety of high-quality food options including steaks, burgers, fish dishes, and Mediterranean appetizers. They maintain a strong market position as a top dining location in Parndorf, supported by a loyalty app and online gift voucher sales. The website is built on TYPO3 CMS and integrates modern front-end libraries and tracking tools such as Google Analytics and Facebook Pixel, with privacy-conscious configurations like IP anonymization and cookie consent mechanisms. Security posture is solid with HTTPS enforced, though there is room for improvement in security headers and incident response disclosures. Overall, the website is professional, user-friendly, and compliant with GDPR requirements, reflecting a trustworthy and credible business presence.

L

lafree.ch - Site évangélique d'information

lafree.ch

9

lafree.ch is a French-language evangelical information website primarily serving the French-speaking evangelical Christian community in Switzerland. It functions as a portal and redirection page to a network of affiliated sites offering news, cultural content, biblical education, church resources, and youth commission information. The website is built on Joomla CMS using modern front-end frameworks and integrates Google Analytics for visitor tracking. The design is professional and consistent with the organization's branding, targeting a niche religious audience. However, the site lacks visible privacy and cookie policies, contact emails, and security headers, which are areas for improvement. The domain uses privacy protection for WHOIS data, which is justified given the non-profit religious nature of the organization.

J

JUNE - Online Marketing Cloud

juneapp.com

68

JUNE - Online Marketing Cloud is a German-based SaaS company founded in 2016, providing comprehensive online marketing solutions including email marketing, landing pages, workflow automation, and WhatsApp communication. The company targets businesses and marketers seeking flexible, no-code marketing tools. With over 1000 users and ISO 27001 certification, JUNE holds a reputable market position supported by strong branding and client trust signals. The website is professionally designed, mobile-optimized, and integrates multiple marketing and analytics tools, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, domain transfer protection, and certification, although DNSSEC is not enabled and explicit privacy and terms pages are missing. Overall, the site demonstrates a high level of business credibility and technical competence.

B

blackcrows

black-crows.com

73

Black Crows operates a professional e-commerce website specializing in skis and outerwear, targeting winter sports enthusiasts. The company presents a strong market position as a niche premium brand with a comprehensive product range including skis, poles, apparel, and accessories. The website is built on the Shopify platform, leveraging modern technologies such as Alpine.js and Tailwind CSS, and integrates multiple marketing and analytics tools including Google Tag Manager, Microsoft Clarity, and Klaviyo. The site demonstrates excellent design quality, mobile optimization, and user experience, with clear navigation and consistent branding. Security posture is strong with HTTPS enforcement, security headers, and secure payment integrations, although explicit security policies and incident response contacts are not publicly disclosed. Privacy compliance is well addressed with comprehensive privacy and cookie policies and consent mechanisms. WHOIS data aligns with the business claims, indicating legitimacy and transparency. Overall, the website is a secure, professional, and trustworthy platform for Black Crows' e-commerce operations.

E

ECOTRANS

destinet.eu

51

The website destinet.eu operates as a knowledge networking portal dedicated to sustainable and responsible tourism. It serves as a platform connecting various stakeholders including businesses, certification bodies, destination administrations, and NGOs. The portal offers resources such as courses, publications, a market place, and news updates, positioning itself as a key player in the sustainable tourism ecosystem. The business model is non-profit and focuses on collaboration and information dissemination to promote sustainability in tourism. Technically, the site uses a Naaya CMS platform with a tech stack including jQuery, Google Analytics, Google Tag Manager, and Slick Carousel. The site is mobile optimized and has good SEO practices, though some technical debt exists with the use of an older jQuery version. Security posture is moderate with HTTPS enabled and some security best practices observed, but lacks advanced headers like CSP and a cookie consent mechanism. WHOIS data indicates consistent and legitimate domain registration without privacy protection, aligning with the website's business purpose. Overall, the site is professional, trustworthy, and serves its niche audience effectively.

Klima-Kollekte gGmbH is a German non-profit organization focused on facilitating climate protection through voluntary contributions to certified climate projects, primarily in the Global South. The organization offers services including emission accounting, financing of climate projects, consulting, and educational resources. Their business model emphasizes transparency, compliance with the Paris Agreement, and fostering global climate justice. The website targets environmentally conscious companies, organizations, and individuals seeking to offset their carbon footprint responsibly. Technically, the website is built on TYPO3 CMS with modern web technologies such as jQuery, Slick Carousel, and Featherlight Lightbox. It integrates consent management via Consentmanager.net and uses Google Tag Manager and Matomo (Piwik) for analytics. Hosting is managed through DomainControl nameservers, indicating professional domain management. The site is mobile-optimized with good SEO and accessibility basics. From a security perspective, the site uses HTTPS with a good SSL configuration and implements cookie consent mechanisms. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not visibly configured, and no formal security policy or incident response contacts are published. No vulnerabilities or exposed sensitive data were detected. The site demonstrates good privacy compliance with GDPR-aligned policies. Overall, Klima-Kollekte presents a trustworthy and professional online presence with strong business credibility and transparency. The security posture is solid but could be enhanced by adding explicit security headers and formalizing security policies. The website is safe, free from adult or questionable content, and well-suited for its target audience.

F

fairunterwegs

fairunterwegs.org

57

fairunterwegs is a Swiss non-profit organization dedicated to promoting fair and sustainable tourism. The website provides educational content, tips, and resources aimed at consumers interested in environmentally friendly and socially responsible travel. Positioned as a niche player in the sustainable tourism sector, fairunterwegs leverages digital channels and social media to engage its target audience. The organization was founded in 2003 and operates primarily within Switzerland. Technically, the website is built on WordPress and integrates modern tools such as Google Tag Manager, Google reCAPTCHA, and Cookiebot for consent management. The site demonstrates good SEO practices, mobile optimization, and basic accessibility features. Hosting and DNS services are provided by reputable providers, though DNSSEC is not enabled, representing a minor security enhancement opportunity. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms aligned with GDPR requirements. However, additional security headers could be implemented to strengthen the security posture. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent with the website's claims, indicating a legitimate and trustworthy domain. Overall, fairunterwegs presents a professional and trustworthy online presence with a focus on privacy compliance and user consent. Strategic recommendations include enabling DNSSEC, publishing a formal privacy policy and terms of service, and enhancing security headers to improve resilience against web threats.

V

Verein ehemaliger Schüler und Freunde der Sebastian-Kneipp-Schule Bad Wörishofen e.V.

ves-kneippschule.de

50

VES Kneippschule is a non-profit association based in Germany focused on providing continuing education and training in physiotherapy. The organization targets physiotherapists, masseurs, and other medical auxiliary professionals, including former students and friends of the Sebastian-Kneipp-Schule. Their offerings include specialized courses, symposia, and membership services. The website reflects a niche regional educational provider with a clear business model centered on professional development in healthcare. Technically, the website is built on TYPO3 CMS, utilizing modern web technologies such as Google Tag Manager and Google Analytics for tracking. The site is mobile-optimized with good navigation and SEO practices. Hosting appears to be managed via your-server.de, with no detected WAF or blocking mechanisms. Performance is moderate with good accessibility features. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, indicating awareness of privacy compliance. However, explicit security headers like CSP and X-Frame-Options are not detected, and no formal security policy or incident response information is published. No vulnerabilities or exposed sensitive data were found in the analysis. Overall, the website is professional, trustworthy, and compliant with GDPR requirements. The risk profile is low, with recommendations to enhance security headers and publish security policies to improve transparency and resilience.

B

BBS

bbs.com

63

BBS is a reputable manufacturer specializing in automotive wheels with a strong motorsport heritage. Their website reflects a professional e-commerce platform built on Magento, targeting quality-conscious automotive enthusiasts globally. The technical infrastructure leverages modern JavaScript frameworks and includes tracking and consent management tools, indicating a mature digital presence. Security posture is adequate with HTTPS and cookie consent but lacks visible security headers and explicit privacy policies, which are areas for improvement. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, warranting further verification. Overall, the website is functional, professional, and safe for general audiences.

J

JODEXNIS Versicherungsmakler GmbH

clickvers.de

10

ClickVers.de is an established German online insurance brokerage platform operated by JODEXNIS Versicherungsmakler GmbH, founded in 1952. The company offers a wide range of insurance products including liability, accident, vehicle, household, and specialized insurance categories. The website is professionally designed with clear navigation and good SEO practices, targeting a broad audience seeking insurance solutions in Germany. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and Slider Revolution, and employs cookie consent mechanisms to comply with GDPR. Security posture is strong with HTTPS enforced and no critical vulnerabilities detected, though additional security headers could enhance protection. Overall, the site demonstrates a mature digital presence with good privacy compliance and business credibility.

I

INVENT Marketing und Tourismus GmbH

urlaubsbox.com

61

Urlaubsbox.com is a well-established Austrian e-commerce platform specializing in the sale of travel vouchers, hotel vouchers, and experience gift boxes for short trips and wellness vacations primarily in Austria, Germany, and neighboring European countries. The company positions itself as a premium provider with over 30 years of experience, offering flexible and attractive gift solutions for a wide range of customer segments including couples, families, singles, and activity enthusiasts. The website features a professional design, clear navigation, and comprehensive product information, supporting a positive user experience and strong brand trust. Technically, the site uses modern JavaScript libraries and frameworks such as jQuery and Foundation, integrates trusted third-party services like Trusted Shops for buyer protection, and enforces HTTPS with appropriate security headers. However, there is room for improvement in privacy compliance, notably the absence of an explicit cookie consent mechanism and published security policies. Overall, the site demonstrates a solid security posture with no evident vulnerabilities or suspicious content, making it a trustworthy platform for customers seeking travel gift solutions.