Security Directory

I

Institut der deutschen Wirtschaft

iwd.de

45

The website www.iwd.de serves as the information service of the Institut der deutschen Wirtschaft, providing up-to-date economic analyses, research results, and background information on current economic topics primarily focused on Germany and Europe. It targets professionals, policymakers, academics, and the general public interested in economic affairs. The business model revolves around disseminating economic knowledge through articles, dossiers, newsletters, and interactive graphics, positioning itself as a reputable and authoritative source in the German economic research landscape. Technically, the site is built on the TYPO3 CMS platform, leveraging modern web technologies including JavaScript, CSS, and integrates analytics tools such as Matomo and Google Tag Manager. It employs Usercentrics for GDPR-compliant consent management. The site is mobile-optimized, accessible, and SEO-friendly, with structured data enhancing search engine visibility. Hosting is managed via domaincontrol.com (GoDaddy), a common and reliable provider. From a security perspective, the website enforces HTTPS with a strong SSL configuration and uses consent management for cookies, reflecting good privacy practices. However, it lacks explicit security headers and published security policies or incident response contacts, which are areas for improvement. No vulnerabilities or exposed sensitive data were detected in the content. The site demonstrates a moderate to high security posture but could enhance transparency and technical security controls. Overall, www.iwd.de is a professional, trustworthy, and content-rich platform with strong compliance to privacy regulations and a solid technical foundation. Strategic recommendations include implementing security headers, publishing a security policy and incident response information, and adding a security.txt file to facilitate vulnerability disclosures. These steps would further strengthen the site's security posture and trustworthiness.

S

STORK Umweltdienste GmbH

stork-umwelt.de

46

STORK Umweltdienste GmbH is a medium-sized German company specializing in recycling, waste disposal, and raw material recovery with over 30 years of experience. The company operates from Magdeburg with a strong focus on environmental sustainability, supported by ISO 14001 certification. Their services include recycling, container services, mobile processing technology, and logistics leveraging trimodal transport connections. The website is professionally designed using TYPO3 CMS, providing clear navigation and multilingual support. Contact information and social media presence enhance business credibility. Security posture is good with HTTPS and cookie consent mechanisms, though no explicit security policy or incident response contacts are published. Overall, the website reflects a trustworthy and established business with a solid digital presence.

K

KjG Berlin

kjg-berlin.de

56

KjG Berlin is a small non-profit Catholic youth organization based in Germany, focused on engaging young people in community activities, education, and events within the Catholic framework. The website serves as an informational and organizational platform for members and interested parties, providing updates, event information, and contact details primarily via email. The organization maintains a presence on social media platforms such as Instagram and Facebook to reach its target audience. Technically, the website is built on WordPress, utilizing standard web technologies such as PHP, JavaScript, and CSS. The site is served over HTTPS with a valid SSL certificate, ensuring secure communication. While the site demonstrates good mobile optimization and basic SEO practices, it lacks advanced security headers and cookie consent mechanisms, which are recommended for GDPR compliance and enhanced security. From a security perspective, the site shows a moderate security posture with HTTPS enabled but missing several security headers and no visible incident response or vulnerability disclosure policies. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partially met with a privacy policy present, but the absence of a cookie consent banner is a gap. Overall, KjG Berlin presents a trustworthy and professional online presence for a small non-profit organization. Strategic improvements in security headers, cookie consent, and incident response documentation would enhance compliance and security posture, supporting the organization's credibility and user trust.

J

Jugendverbände der Gemeinschaft Christlichen Lebens - Diözesanverband Berlin

j-gcl.berlin

42

J-GCL Berlin is a small non-profit youth organization focused on Christian community activities within the Berlin region. The website serves primarily as an informational portal presenting the organization's identity, social media presence, and contact email. The business model centers on community engagement and youth involvement in Christian life, positioning itself as a local entity without commercial operations. Technically, the website is built on a simple HTML5 and CSS stack with some JavaScript for UI enhancements, using the HTML5 UP design template and Font Awesome icons. The site is moderately optimized for mobile devices but lacks advanced SEO and accessibility features. Security posture is basic; while the domain is registered with a reputable German registrar and protected against unauthorized transfers, the site lacks DNSSEC, security headers, and visible HTTPS enforcement details. No privacy or cookie policies are present, indicating compliance gaps with GDPR and related regulations. Overall, the site is safe, with no adult or questionable content, but would benefit from enhanced security and compliance measures.

HÜF-NRW is a regional educational organization providing professional development and training services primarily for technical and administrative staff across 36 cooperating universities in North Rhine-Westphalia, Germany. Their offerings include a broad event program and a comprehensive e-learning platform accessible via ILIAS. The website is built on TYPO3 CMS, leveraging modern web technologies and privacy-conscious analytics through Matomo. The site demonstrates good compliance with GDPR and cookie consent regulations, providing clear contact information and social media presence. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though formal security policies and incident response contacts are absent. Overall, the website reflects a professional and trustworthy educational service with a medium-sized organizational footprint.

H

Hamburg Port Authority

hamburg-port-authority.de

47

Hamburg Port Authority (HPA) is a large public entity managing the port infrastructure of Hamburg since 2005. It provides comprehensive services including infrastructure planning, port safety, traffic management, and real estate management. The website reflects a mature digital presence with a structured navigation system, multilingual support, and integration of modern web technologies such as TYPO3 CMS and video content. The organization maintains active social media channels and uses consent management and analytics tools to monitor user engagement. Security posture is strong with HTTPS and security headers in place, though privacy policy documentation and incident response contacts could be improved. Overall, the site is professional, trustworthy, and serves a broad audience including port users, residents, and business partners.

B

Bundesverband Transportbeton

betonwissen.de

54

BetonWissen is an educational and informational platform affiliated with the Bundesverband Transportbeton, serving the transport concrete industry in Germany. The website consolidates training and knowledge resources targeted at professionals in this niche sector. Technically, the site is built on WordPress and hosted by Hetzner, a reputable German hosting provider, indicating a stable and professional infrastructure. The website demonstrates good SEO practices and mobile optimization, although accessibility features are basic. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and explicit security policies. Privacy compliance is partial, with a cookie consent mechanism present but no explicit privacy policy page detected. Business credibility is strong due to clear affiliation with a recognized industry association, but contact information is not readily found in the provided content. Overall, the site is professional and trustworthy but could improve in privacy transparency and security best practices.

Hübener Versicherung is a Europe-wide specialist insurance provider, operating primarily in the finance sector. The website presents a professional appearance with multilingual support, targeting European insurance clients. The technical infrastructure is based on WordPress CMS with performance optimizations such as WP Rocket and preconnect hints. The site uses Fathom Analytics for minimal user tracking, indicating a moderate level of digital maturity. Security posture is basic, with no advanced security headers or incident response information visible. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the website is functional and professional but would benefit from enhanced security and compliance features.

S

sensis GmbH

sensis.de

56

sensis GmbH is a specialized software company focused on developing tailored system solutions for the waste management industry in Germany. Their offerings cover municipal waste management, recycling and recovery plants, commercial waste processes, and innovative digital recycling yard solutions. The company targets municipal enterprises, commercial waste handlers, and recycling facilities, positioning itself as a niche provider with strong industry expertise. The website reflects a professional and consistent brand image with clear contact channels and customer references. Technically, the site is built on a modern React and Next.js stack, providing good mobile optimization and user experience. Security posture is adequate with HTTPS enforced and secure forms, but lacks some advanced security headers and explicit incident response policies. Privacy compliance is good with a comprehensive privacy policy, though cookie consent mechanisms are missing. Overall, the site scores well on business credibility and content quality, with minor improvements recommended in security and privacy transparency.

B

BRANDI Rechtsanwälte Partnerschaft mbB

brandi.net

48

BRANDI Rechtsanwälte Partnerschaft mbB is a well-established German law firm with a history dating back to 1895, offering specialized legal and notarial services across multiple German cities and an international partner office in Paris. The firm targets medium to large enterprises and private clients requiring expert legal counsel, particularly in economic law and related fields. Their market position is strong regionally with international cooperation, supported by over 100 lawyers and 27 notaries. Technically, the website is built on TYPO3 CMS, uses Matomo for privacy-conscious analytics, and demonstrates good mobile optimization and SEO practices. Security posture is solid with HTTPS and privacy-respecting analytics, though improvements are recommended in security headers and cookie consent mechanisms. The absence of WHOIS registration data is a notable concern, potentially indicating privacy protection or a query issue, which slightly impacts trustworthiness. Overall, the site is professional, trustworthy, and well-maintained, with room for enhanced transparency and security disclosures.

E

Erlenbach GmbH

erlenbach.de

48

Erlenbach GmbH is a German medium-sized manufacturing company specializing in particle foam processing equipment, including pre-expansion machines, block molding machines, and shape molding machines. The company targets industrial manufacturers requiring efficient EPS and EPP processing solutions. Their website is professionally designed using TYPO3 CMS, offering multilingual support and a clear navigation structure. They provide comprehensive product information, customer testimonials, and training services via an Experience Center. Technically, the site is moderately optimized with cookie consent and uses Matomo for analytics, reflecting a good level of digital maturity. Security posture is adequate but could be improved by implementing standard HTTP security headers and publishing explicit security policies. Contact information is clearly presented with obfuscated emails to reduce spam risk. Overall, the website is trustworthy and business-focused with no signs of malicious or adult content.

E

Evangelisches Medienhaus GmbH

gemeindebaukasten.de

59

The website www.gemeindebaukasten.de is a professionally designed platform offering a modular website builder service tailored for churches, diaconal organizations, youth groups, and related non-profit entities primarily in Germany. Operated by Evangelisches Medienhaus GmbH, it provides personalized support, privacy-compliant tools, and hosting within Germany, positioning itself as a niche provider in the religious and community sector. The site leverages TYPO3 CMS and integrates Matomo analytics with a strong focus on GDPR compliance and accessibility. Security posture is solid with HTTPS and consent management, though explicit security policies and headers could be enhanced. Overall, the site is trustworthy, well-structured, and serves its target audience effectively.

E

Evangelisches Medienhaus GmbH

komm2print.de

56

The website komm2print.de is an online print portal specializing in customized print products for church communities and districts in Germany. Operated by Evangelisches Medienhaus GmbH, it offers a streamlined Web2Print service with standardized and individual print solutions including business cards, invitations, signage, and fundraising flyers. The portal targets religious organizations seeking high-quality communication materials. Technically, the site is built on TYPO3 CMS, employs Matomo for analytics, and demonstrates good mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though security headers and incident response policies could be improved. Overall, the domain registration aligns well with the business, indicating legitimacy and trustworthiness.

S

SyWaTeC Logistic GmbH

sywatec.de

60

SyWaTeC Logistic GmbH operates as a logistics and transportation service provider, targeting primarily German-speaking clients. The company uses a Wix-hosted website with a free subdomain, indicating a small or medium-sized business with a basic digital presence. The website content is primarily in German and focuses on logistics services, but lacks detailed business or contact information. Technically, the site is built on the Wix platform using standard web technologies and includes a cookie consent mechanism, reflecting some privacy awareness. Security-wise, the site uses HTTPS and includes Sentry for error monitoring but lacks visible security headers and explicit security or privacy policies. The WHOIS data is unavailable for the subdomain, which is typical for Wix free subdomains but limits domain trustworthiness. Overall, the site presents a basic but functional online presence with room for improvement in security, privacy, and business transparency.

M

MÜLLER Umwelttechnik GmbH & Co. KG

mueller-umwelt.de

50

MÜLLER Umwelttechnik GmbH & Co. KG is a medium-sized, family-owned German company specializing in advanced wet waste disposal technology, including specialized vehicles, service, and accessories. The company holds a strong market position internationally with innovative products such as the CANALMASTER with a 360° hose deployment system. Their website reflects a professional and consistent brand image, targeting industrial clients and professionals in the environmental and transportation sectors. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and includes a cookie consent mechanism ensuring GDPR compliance. Security posture is solid with HTTPS and certifications like ISO 9001 and ISO 14001 prominently displayed, though some security headers could be improved. Overall, the website is trustworthy, well-structured, and compliant with privacy regulations, supporting the company’s credibility and business operations.

U

URID

urid.de

44

URID is a small German-based internet services and web design studio established in 2008. The company offers a range of services focused on creating and improving internet presence for clients, primarily targeting small and medium businesses or individuals. Their market position is that of a niche provider with personalized service, supported by a portfolio of projects and customer testimonials. Technically, the website is built on WordPress with a modern but moderate performance infrastructure hosted by netcup. The site is mobile optimized and SEO friendly, though accessibility features are basic. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and explicit incident response policies. Overall, the website is professional and trustworthy with no signs of malicious content or vulnerabilities.

L

Lesní mysl

lesnimysl.cz

41

Lesní mysl is a small Czech website focused on training mind skills in nature, established around 2015. The website uses WordPress with the Divi theme and several plugins including Yoast SEO and Complianz GDPR for SEO and cookie compliance. The technical infrastructure is moderate with good mobile optimization and basic accessibility. Security posture is limited with no detected security headers or explicit security policies, and no privacy policy is present, though cookie consent is implemented. Overall, the website is safe and suitable for a general audience with no adult or questionable content detected. The domain registration data is consistent and legitimate, supporting the business credibility. Strategic improvements include adding a privacy policy, enhancing security headers, and providing clear contact information.

A

Axians eWaste

eavalportal.de

66

Axians eWaste operates a specialized login portal for its e-waste management services, targeting business and enterprise clients primarily in Germany. The website is part of the Axians brand ecosystem, focusing on technology and environmental services. The portal uses modern authentication protocols such as OpenID Connect with PKCE, indicating a secure approach to user authentication. However, the website content is minimal and currently displays an error related to an invalid redirect URI, which may impact user experience and trust. Technically, the site uses jQuery and Keycloak for authentication, but lacks visible security headers and advanced SEO or accessibility features. The cookie consent mechanism and privacy policy presence demonstrate basic compliance with GDPR requirements. The absence of WHOIS data for the domain raises concerns about domain legitimacy and registration transparency, although the linkage to known Axians domains suggests it is a legitimate corporate asset. Security posture is moderate with good authentication practices but missing security headers and error handling improvements needed. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. Overall, the site requires improvements in content quality, error handling, and security hardening to enhance trust and user experience.

C

Contena-Ochsner AG

contena-ochsner.ch

53

Contena-Ochsner AG is a Swiss company specializing in environmental and waste disposal technology, offering services and products such as containers, garbage trucks, and sweeping machines. The company positions itself as a competent partner within Switzerland's environmental sector, targeting businesses and organizations requiring waste management solutions. The website is built on WordPress using the Divi theme and Yoast SEO, reflecting a moderate level of digital maturity with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled but lacks advanced security headers and explicit security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the website is professional and trustworthy but would benefit from enhanced privacy and security disclosures.

O

Optocycle GmbH

optocycle.com

60

Optocycle GmbH is a German startup founded in 2022 specializing in AI-driven optical recognition systems for mineral construction waste recycling. Their innovative platform enables automated documentation and real-time material analysis to support circular economy initiatives in the construction sector. The company targets B2B customers such as construction firms and recycling facilities, positioning itself as a technology innovator in sustainable waste management. The website is professionally designed using HubSpot CMS, featuring multilingual support, customer testimonials, and integrated contact forms protected by Google reCAPTCHA Enterprise. Security posture is solid with HTTPS and spam protection, though some security headers and DNSSEC are missing. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are published. Overall, the domain registration and website content are consistent and trustworthy, reflecting a credible and growing business.

K

Kronos Solar

kronos-solar.com

75

Kronos Solar is a well-established solar photovoltaic development company operating primarily in Germany, France, the Netherlands, and the UK. As part of the global renewable energy group EDPR since 2022, it offers a fully integrated business model covering project development, financing, construction, ownership, and operation of utility scale solar farms. The company has a strong market position with over 1.5 GW of commissioned projects and a clear focus on powering the clean energy transition. The website reflects a professional corporate presence with good content quality and clear navigation aimed at investors, partners, and stakeholders in the renewable energy sector. Technically, the site is built on Drupal CMS, uses Google Tag Manager for analytics, and implements OneTrust for cookie consent, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS and domain transfer protection, but lacks DNSSEC and security headers, which are recommended improvements. Privacy compliance is basic with cookie consent but no explicit privacy policy or terms of service detected. Overall, the site is trustworthy and professional, with room for enhanced security and compliance transparency.

InduRec is a German-based company specializing in industrial dismantling, demolition, hazardous substance remediation, site recycling, and waste disposal services. The company targets industrial clients requiring environmentally conscious and resource-efficient deconstruction and recycling solutions. Their website highlights references from major industrial clients, indicating a solid regional market presence. Technically, the website uses legacy JavaScript libraries such as jQuery 1.4.2 and Spry Accordion, with basic mobile optimization and SEO. Security posture is moderate but could be improved by updating libraries, implementing security headers, and enforcing HTTPS. Privacy compliance is good with a clear cookie consent mechanism and a privacy policy in German. No terms of service or incident response policies are publicly available. Overall, the website is functional and trustworthy but would benefit from modernization and enhanced security practices.

Hochschule für Gestaltung Offenbach am Main is a German university specializing in art and design education. The website serves as an information portal for students, faculty, and the public, offering news, event calendars, study counseling, job offers, and cooperation opportunities. The institution positions itself as a contemporary and future-oriented academic entity with a regional focus and active cultural engagement. Technically, the website employs standard web technologies including JavaScript and CSS, with internationalization support and autocomplete search features. The hosting appears to be managed via German academic network DNS servers, indicating institutional legitimacy. Security posture is moderate with HTTPS usage and CSRF tokens but lacks visible advanced security headers or published security policies. Privacy compliance is basic, with an accessibility declaration present but no explicit cookie or privacy policies. Overall, the site is professional, trustworthy, and safe for general audiences.

S

Studio StillSoft

studiostillsoft.com

45

Studio StillSoft is a small creative or digital studio established around 2020, focusing on showcasing selected projects through a minimalistic website design. The business appears to target a general audience interested in creative digital services, positioning itself as a niche player in the creative industry. The website is simple and visually oriented, with limited textual content and no explicit business or contact details visible on the homepage. Technically, the website uses modern JavaScript modules and CSS with a probable Vue.js framework, hosted on Websupport infrastructure. The site is mobile optimized and moderately performant but lacks advanced SEO and accessibility features. No CMS or third-party marketing/analytics tools are detected, indicating a lightweight and straightforward technical setup. From a security perspective, the site lacks critical security headers and privacy compliance mechanisms such as privacy or cookie policies. The domain registration is legitimate and consistent with the business profile, but the absence of security best practices and contact information reduces trustworthiness. No WAF or blocking mechanisms are detected, and the site content is safe for general audiences. Overall, the website scores moderately on content and business credibility but scores low on security and privacy compliance. Strategic improvements in security headers, privacy policies, and contact transparency are recommended to enhance trust and compliance.

E

Evangelische Kirche von Westfalen, Landeskirchenamt

ekvw.de

49

The Evangelische Kirche von Westfalen is a major regional Protestant church organization in Germany, providing religious, educational, and social services. The website serves as an information and engagement platform for members and the public, featuring news, events, and resources. The organization holds a strong market position as the fourth largest evangelical church in Germany, targeting a broad general audience interested in faith and community activities. Technically, the website is built on TYPO3 CMS, with modern web standards, responsive design, and accessibility features. It integrates third-party services for analytics and media content while maintaining GDPR compliance through a comprehensive cookie consent mechanism. Security posture is solid with HTTPS and privacy-respecting analytics, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the site is professional, trustworthy, and well-maintained, reflecting the organization's credibility and commitment to transparency.

A

Alma und Lovis

almalovis.de

49

Alma & Lovis is a German sustainable fashion brand specializing in eco-friendly and fair women's clothing. The company emphasizes timeless design, high-quality natural materials, and responsible production practices. Their market position is that of a niche retailer focused on slow fashion, targeting environmentally conscious female consumers. The website is built on the Shopware CMS platform and hosted behind Cloudflare, indicating a modern technical infrastructure with CDN and security benefits. The site is well-optimized for mobile devices and SEO, providing a good user experience with clear navigation and professional design. Security posture is solid with HTTPS enforced, but lacks some security headers and explicit privacy and cookie policies, which are areas for improvement. No contact emails or phone numbers are directly visible, which may affect user trust and compliance. Overall, the website is safe, professional, and credible, with room to enhance privacy compliance and security best practices.

Elektrizitätswerk Goldbach-Hösbach GmbH & Co. KG operates as a regional utility and telecommunications provider in Germany, offering energy products such as electricity, gas, and water, alongside VDSL and fiber internet services and IPTV television. The website targets private customers with detailed product offerings and pricing, emphasizing local service and customer support. The company maintains a professional online presence with clear navigation and comprehensive contact options. Technically, the website uses Bootstrap and jQuery frameworks, with legacy Google Analytics for tracking. Mobile optimization and accessibility are well addressed, though some modernization opportunities exist. Security posture is moderate; while HTTPS is implied and email obfuscation is used, explicit security headers and policies are absent. Privacy compliance is supported by a cookie consent mechanism and a comprehensive privacy policy. Overall, the site is trustworthy and professionally maintained, suitable for its regional utility business model.

E

ELB Learning

trivantis.com

75

ELB Learning is a professional eLearning solutions company specializing in corporate training, gamification consulting, and learning management systems. The company offers a wide range of services including custom course development, AI-powered training, VR simulations, and staff augmentation. Their market position is that of an established provider with a comprehensive portfolio targeting businesses seeking advanced learning and development solutions. Technically, the website is built on modern platforms such as Webflow and HubSpot, integrating various marketing and analytics tools to optimize user engagement and performance. The security posture is strong with HTTPS enforcement, SOC 2 Type II compliance, GDPR adherence, and cookie consent mechanisms, although explicit security headers could be improved. Overall, the website is professional, well-structured, and trustworthy, but the absence of WHOIS registration data raises concerns about domain legitimacy that should be further investigated.

H

Hauptverband der Deutschen Bauindustrie e.V.

bauindustrie.de

53

The Hauptverband der Deutschen Bauindustrie e.V. is the leading industry association representing the German construction sector. It advocates for the interests of construction companies at all levels of government and society, providing data, best practices, and policy dialogue to strengthen the industry's competitiveness. The website is professionally designed, content-rich, and targets construction professionals, policymakers, and stakeholders. Technically, the site is built on TYPO3 CMS with Bootstrap and uses Matomo for privacy-conscious analytics. It is mobile-optimized and well-structured for SEO and accessibility. Security posture is good with HTTPS enforced and cookie consent implemented, though formal security policies and incident response contacts are not published. Overall, the site is trustworthy, compliant with GDPR, and safe for general audiences.

S

Spruegel.de

spruegel.de

49

Spruegel.de is a German-based e-commerce retailer specializing in workwear, business clothing, and related accessories. The company targets professional and business customers seeking customizable clothing solutions, including logo embroidery and product individualization. The website is built on the Shopware 6 platform, indicating a modern e-commerce infrastructure with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though explicit privacy and terms of service pages are missing, which impacts compliance confidence. Tracking is performed via etracker and Google Analytics, with moderate user tracking levels. Overall, the website presents a professional and trustworthy front for its niche market segment.

W

William Hill

williamhill.com

52

William Hill is a well-known gambling and betting company. The analyzed page is a localized closure notice for German users, informing them that the service is not available in their location and advising users with account balances to contact customer service for withdrawals. The website content is minimal and focused solely on this message, with no additional business or compliance information provided. The technical infrastructure appears basic, with only HTML and CSS detected and no advanced frameworks or analytics present. Security posture is weak due to lack of visible security headers and absence of privacy or cookie policies. The WHOIS data is unavailable or missing, which raises concerns about domain registration legitimacy despite the brand's known market presence. Overall, the site is safe but limited in content and transparency.

O

OneDoc SA

onedoc.ch

73

OneDoc SA operates a leading online medical appointment booking platform in Switzerland, enabling patients to find and book appointments with doctors, dentists, and therapists both for in-person visits and teleconsultations. Founded in 2017 and headquartered in Geneva, OneDoc has established a strong market position with subsidiaries covering different Swiss regions. The platform offers a user-friendly experience with mobile app support, SMS reminders, and a comprehensive help center. Technically, the website employs modern web technologies including Google Tag Manager, Google Maps API, and a consent management platform, ensuring good performance and mobile optimization. Security posture is strong, supported by ISO 27001 and DPCO certifications, encrypted data storage in Switzerland, and GDPR-compliant privacy and cookie policies. No critical vulnerabilities or suspicious activities were detected. Overall, OneDoc demonstrates a mature digital infrastructure and trustworthy business operations in the healthcare technology sector.

B

Brunner Medien AG

brunner-verlag.ch

65

Brunner Medien AG operates as a Swiss-based publishing company specializing in educational, religious, and pedagogical books and music. Their website serves as an e-commerce platform targeting German-speaking audiences interested in cultural and educational content. The company maintains a clear market niche with a professional online presence and a consistent brand image. Technically, the website employs modern JavaScript libraries and custom fonts, with a responsive design that supports good user experience across devices. Security posture is adequate with HTTPS and cookie consent mechanisms, though explicit security policies and headers could be improved. Privacy compliance is well addressed with accessible privacy and cookie policies. Overall, the website reflects a trustworthy and credible business with room for technical and security enhancements.

B

Bauindustrieverband Hessen-Thüringen e.V.

bauindustrie-mitte.de

46

Bauindustrieverband Hessen-Thüringen e.V. is a regional industry association representing the construction sector in the German states of Hessen and Thüringen. The organization acts as a political advocate and service provider for construction companies, offering employer association services, economic representation, sustainability initiatives, and educational events. The website reflects a professional and consistent brand presence, targeting industry stakeholders and members. Technically, the site is built on TYPO3 CMS with standard web technologies and demonstrates moderate performance and good mobile optimization. Security posture is basic with HTTPS enabled but lacks advanced security headers and incident response information. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and functional but could improve in security and privacy transparency.

The website originalshrine.org serves as an informational platform dedicated to the Original Shrine of the international Schoenstatt Movement, focusing on religious and cultural content. It provides visitors with historical information, event details, a live webcam feed, and media resources such as sermons. The site targets a broad audience interested in religious and cultural heritage, operating primarily as a non-commercial informational resource. The domain is well-established since 2012, registered with a reputable registrar, and shows consistency between WHOIS data and website content. Technically, the website employs basic web technologies including HTML, CSS, JavaScript with jQuery and Superfish for navigation menus, and Google Web Fonts. The hosting provider is Vautron Rechenzentrum AG. While the site uses HTTPS, it lacks advanced security headers and uses an outdated JavaScript library version, which could pose security risks. Mobile optimization and accessibility are basic, and SEO practices are minimal but functional. From a security perspective, the site benefits from HTTPS but misses DNSSEC and security headers, and no cookie consent mechanism is present. No forms or user data collection points were detected, reducing exposure to input-based vulnerabilities. The WHOIS data indicates a legitimate and stable domain registration with no privacy protection, aligning with the website's purpose. No signs of malware, phishing, or adult content were found, indicating a safe browsing experience. Overall, the website is moderately secure and credible but would benefit from updates to its technical stack, enhanced security practices, and improved privacy compliance. Strategic improvements in these areas would strengthen trust and user experience.

B

B2C, s.r.o.

dezeta.cz

45

Papírnictví DEZETA is an e-commerce and physical retail business operated by B2C, s.r.o., specializing in office, school, and paper products. The company has a local market presence in the Czech Republic, with a physical store located at Thákurova 7, Prague 6, and an online shop offering a wide range of stationery and related products. The website is built using modern JavaScript frameworks, specifically Vue.js, providing a responsive and user-friendly shopping experience. However, the site lacks some advanced security and privacy features such as cookie consent mechanisms and security headers. The WHOIS data confirms the legitimacy and consistency of the domain registration with the business information provided on the site.

D

DGNB GmbH

dgnb.de

57

DGNB GmbH is a well-established non-profit organization founded in 2007, recognized as Europe's largest network for sustainable building and the second largest worldwide. The organization offers a comprehensive certification system (DGNB Zertifizierung), educational programs through the DGNB Akademie, and a digital networking platform (myDGNB). Their market position is strong within the sustainability and construction sectors, supported by over 2,800 member organizations and more than 11,000 certified projects globally. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support.

B

bvse-Bundesverband Sekundärrohstoffe und Entsorgung e.V.

bvse.de

54

The bvse-Bundesverband Sekundärrohstoffe und Entsorgung e.V. is a well-established German industry association representing approximately 1,000 medium-sized companies in the secondary raw materials, recycling, and waste disposal sectors. It holds a leading market position as the largest industry association in Germany and Europe for this sector. The organization provides a range of services including market news, seminars, quality seals, and political advocacy to support its members and promote sustainable circular economy practices. The website content is professionally presented in German, targeting industry professionals and stakeholders in the recycling and waste management fields. Technically, the website is built on Joomla CMS with modern frontend technologies such as Bootstrap 5 and jQuery, ensuring good mobile responsiveness and accessibility. The site uses HTTPS with strong SSL configuration and includes a cookie consent mechanism that limits cookie usage to essential session cookies. No major security vulnerabilities or tracking technologies were detected, indicating a privacy-conscious and secure digital infrastructure. From a security perspective, while HTTPS and secure login forms are implemented, the site lacks published security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced trust and compliance. The WHOIS data aligns well with the website's business claims, showing consistent domain registration and no privacy protection, supporting legitimacy. Overall, the site is professional, secure, and compliant with GDPR requirements, serving as a credible resource for the recycling industry. Strategic improvements in security transparency and incident response readiness would further strengthen its posture.

schoenstattTV is a small non-profit media platform dedicated to streaming and archiving religious events related to the Schoenstatt spirituality and community. It offers multilingual content and live streams, targeting followers and families interested in Schoenstatt. The website is hosted on servers associated with kasserver.com and uses HTTPS with embedded YouTube videos for media delivery. The technical infrastructure is basic but functional, with moderate performance and limited mobile optimization. Security posture is adequate with HTTPS but lacks advanced security headers and visible privacy or cookie policies. No contact information or social media presence is evident, which limits direct user engagement and trust signals. Overall, the site serves a niche religious community with a focus on media content delivery rather than commercial business operations.

S

Schönstatt-Bewegung Deutschland, PressOffice Schoenstatt

schoenstatt.de

53

The Schönstatt-Bewegung Deutschland operates a German-language website providing news, events, and spiritual resources related to the Schönstatt religious movement. The organization targets members and interested parties within the Christian community, offering livestreams, newsletters, and educational materials. The website reflects a medium-sized non-profit entity with a consistent brand presence and a focus on community engagement. Technically, the site uses a custom CMS with legacy JavaScript libraries such as jQuery 1.7.2 and jQuery UI 1.8.21. The site is served over HTTPS, but lacks modern security headers and cookie consent mechanisms, which are important for GDPR compliance. Performance and mobile optimization are basic, with room for improvement in accessibility and SEO. Security posture is moderate; the site uses HTTPS and does not expose sensitive data, but the absence of security headers and use of outdated libraries present potential risks. No incident response or vulnerability disclosure policies are publicly available. WHOIS data is consistent and supports the legitimacy of the domain. Overall, the website is trustworthy and safe for general audiences, but could benefit from enhanced security practices and privacy compliance measures to improve user trust and regulatory adherence.

C

Corporation for National Research Initiatives

handle.net

61

The Handle.Net Registry website represents the Corporation for National Research Initiatives (CNRI), a non-profit organization managing the Handle System's global registry services. The site provides information about prefix allotment, software downloads, and performance testing related to persistent digital identifiers. The organization holds a strong market position as a key administrator within the digital object architecture ecosystem, serving organizations requiring persistent identifiers. Technically, the website is simple and primarily informational, built with basic HTML and CSS, hosted via Cloudflare. It lacks modern web frameworks or CMS platforms and does not implement advanced SEO or accessibility features. Performance is moderate, and mobile optimization is basic. No analytics or tracking technologies are detected, indicating a privacy-conscious approach. From a security perspective, the site benefits from domain transfer protections and Cloudflare's registrar services but lacks DNSSEC and security headers. No explicit security policies or incident response contacts are published, which could be improved. The site uses HTTPS, but SSL configuration details are unknown. No vulnerabilities or exposed sensitive data were detected. Overall, the website is trustworthy and professional, with clear contact information and a long-established domain. However, improvements in security practices, privacy compliance, and technical modernization would enhance its posture and user experience.

W

World Wildlife Fund

worldwildlife.org

70

World Wildlife Fund (WWF) is a globally recognized non-profit organization dedicated to wildlife conservation and endangered species protection. The website serves as a comprehensive platform to educate the public, engage supporters, and facilitate donations and advocacy efforts. It positions itself as a leader in environmental sustainability and conservation efforts worldwide. The site targets a broad audience including environmental advocates, donors, educators, and the general public interested in nature preservation. Technically, the website employs modern web technologies including JavaScript, CSS, and HTML5, with integration of Google Tag Manager for analytics and OneTrust for cookie consent management. The site is mobile-optimized, accessible, and demonstrates good SEO practices. The use of HTTPS and security headers indicates a strong security posture, although explicit security policies and incident response information are not publicly disclosed. Security-wise, the site enforces HTTPS, uses a consent management platform to comply with privacy regulations, and avoids exposing sensitive data. However, the absence of a vulnerability disclosure policy or security.txt file and lack of visible Data Protection Officer contact details represent areas for improvement. The WHOIS data is malformed and unavailable, which limits domain trust verification but the website's professional presentation and branding mitigate concerns. Overall, WWF's website is a well-maintained, secure, and privacy-conscious platform that effectively supports its mission. Strategic recommendations include publishing detailed security policies, providing vulnerability disclosure channels, and enhancing transparency around data protection roles to further strengthen trust and compliance.

MESSER MEDICAL HOME CARE is a small Slovenian healthcare provider specializing in home oxygen therapy and sleep apnea treatment devices. Their website offers basic informational content about their services, including medical oxygen supply and CPAP/BIPAP devices for sleep therapy. The business targets patients requiring home medical support and operates locally in Slovenia. Technically, the website is simple, built with basic HTML and CSS, hosted by OVH, and lacks modern CMS or frameworks. There is no evidence of advanced analytics or tracking, and no social media presence is linked. Security posture is minimal with no detected security headers or privacy policies, and the presence of HTTPS could not be confirmed from the data provided. The domain registration is consistent with the business profile and location, supporting legitimacy. Overall, the website serves as a basic online presence but lacks important compliance and security features.

S

Sparkasse Aschaffenburg Miltenberg

s-abmil.de

68

Sparkasse Aschaffenburg Miltenberg operates a comprehensive regional banking website offering a wide range of financial services including online banking, loans, investments, insurance, and private banking. The website targets both private and corporate customers in the Aschaffenburg and Miltenberg regions of Germany. It holds a strong market position supported by multiple awards for service quality and advisory excellence. The digital infrastructure is built on Adobe Experience Manager, indicating a mature and professional technical environment. The site is well-structured, mobile-optimized, and provides clear navigation and extensive customer support channels including phone, chat, and email forms. Security measures such as HTTPS, session timeouts, and cookie consent mechanisms are implemented, though explicit security headers could be more transparent. Privacy policies and cookie management comply with GDPR requirements. Overall, the website demonstrates a high level of professionalism, trustworthiness, and digital maturity.

D

die profilschmiede GmbH & Co. KG

profilschmiede.de

47

die profilschmiede GmbH & Co. KG is a Cologne-based full-service agency specializing in web design, print production, hosting, social media, SEO, and consulting services. Established in 2000, the company targets businesses and associations seeking integrated digital and print solutions. Their market position is that of a trusted regional internet agency with over two decades of experience. Technically, the website employs a traditional tech stack including MooTools, Google Analytics, Hotjar, and eTracker, with moderate performance and basic mobile optimization. Security posture is adequate with HTTPS and reCAPTCHA integration, but lacks advanced security headers and explicit security policies. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR considerations. Overall, the website is professional, trustworthy, and business-focused with no signs of suspicious activity or adult content.

M

Menzel Metallchemie GmbH

menzel-metallchemie.de

45

Menzel Metallchemie GmbH is a German-based medium-sized company specializing in the development and manufacturing of minimum quantity cooling and lubrication technologies using biodegradable high-performance oils. Positioned as a pioneer and market leader, the company serves industrial manufacturers, particularly in metal and plastic processing sectors, offering products such as spray technology systems, cooling lubricants, safety cold bronzing systems, and technical cleaning solutions. The website reflects a professional and consistent brand image with comprehensive product information and multiple contact channels including GDPR-compliant forms. Technically, the website is built on Mae CMS and employs modern web technologies including HTML5, CSS, JavaScript, and jQuery, with Matomo analytics for privacy-conscious user tracking. The site is mobile-optimized with good SEO practices, though some accessibility features are basic. Performance is moderate, with room for improvement in loading speed and security headers. From a security perspective, the site uses HTTPS with good SSL configuration and secure forms incorporating CSRF tokens and GDPR consent checkboxes. However, explicit security policies and incident response information are absent, and security headers are not detected. No vulnerabilities or suspicious content were found, indicating a generally sound security posture. Overall, the website is trustworthy and professional, with strong business credibility and compliance with privacy regulations. Recommendations include implementing cookie consent mechanisms, enhancing security headers, and publishing security and incident response policies to further strengthen trust and compliance.

A

Akademie des Versicherers im Raum der Kirchen

autobahnkirche.de

60

The website autobahnkirche.de represents a non-profit organization focused on providing spiritual rest stops along German highways, known as Autobahnkirchen. The site is managed by the Akademie des Versicherers im Raum der Kirchen, supported by entities such as HUK-Coburg and Deutsche Telekom. The business model centers on offering travelers places for reflection, rest, and spiritual comfort, with information about locations and events. The website content is well-structured, professionally presented, and targets travelers and visitors interested in spiritual respite. Technically, the site is built using Adobe Experience Manager CMS, with standard web technologies including JavaScript and CSS. Hosting appears to be managed by Deutsche Telekom, inferred from nameservers. Performance is moderate with basic mobile optimization and accessibility features. The site uses Dynatrace for monitoring user experience and performance. SEO and meta tags are basic but sufficient for the site's scope. From a security perspective, the site uses HTTPS and implements a cookie consent banner, indicating awareness of privacy compliance. However, no explicit security headers were detected in the provided data, and no incident response or security policy pages are present. No forms or contact emails are visible on the main page, limiting direct user data collection. The WHOIS data aligns with the website's organizational claims, showing a consistent and legitimate registration. Overall, the website presents a low-risk profile with a good level of professionalism and compliance for a non-profit entity. Recommendations include enhancing security headers, improving mobile and accessibility features, and adding explicit security and incident response policies to strengthen trust and compliance.

G

Gasp!

gasp.agency

67

Gasp! is a small, award-winning marketing and communications agency based in Reading, Berkshire near London. The company focuses on brand and strategy-first marketing services, targeting businesses seeking creative and media-neutral marketing solutions. The website reflects a professional and consistent brand image with clear service offerings and a focus on creativity and strategy. Technically, the site uses modern web technologies including Cookiebot for cookie consent management, Google Tag Manager, and LinkedIn Insight Tag for analytics and marketing. The site is mobile optimized and SEO friendly, though accessibility features are basic. Security posture is moderate with HTTPS in use and cookie consent implemented, but lacks explicit security headers and published privacy or security policies. WHOIS data is privacy protected, which is typical for this business type, but limits transparency. Overall, the website is safe, professional, and trustworthy with room for improvement in privacy disclosures and security best practices.

Make AS operates as a Norwegian service provider specializing in the distribution of newsletters and SMS communications for businesses, ensuring compliance with Norwegian marketing laws. The website dialogapi.no serves as an informational landing page explaining the domain's purpose and providing contact details for Make AS. The company targets Norwegian businesses requiring compliant marketing communication services. The website content is minimal but consistent with the business focus, presented in Norwegian with clear contact information but lacking privacy and cookie policies. Technically, the website employs custom web fonts served from its own CDN subdomain and uses basic HTML and CSS without advanced frameworks or CMS. The site is moderately optimized for performance and mobile use but lacks SEO best practices and accessibility features. No analytics or tracking scripts are present, indicating a privacy-conscious approach but also limited digital marketing sophistication. From a security perspective, the site does not display security headers or incident response information, and no forms or data collection mechanisms are present, reducing attack surface but also limiting user engagement. The domain WHOIS data is consistent with the business information, showing a domain age appropriate for the company’s founding date and no privacy protection, enhancing trustworthiness. Overall, the website is functional as a basic informational resource but would benefit from enhanced privacy compliance, security hardening, and richer content to improve user trust and engagement.

4

4Ws Netdesign GbR

4ws-netdesign.de

51

4Ws Netdesign GbR is a small, established internet agency based in Oberried near Freiburg, Germany, specializing in custom web design, CMS development, and comprehensive internet solutions. With over 19 years of experience and more than 1000 customers, the company offers tailored services including their proprietary CMS "Private Section" and various web management tools. The website is professionally designed with clear navigation and relevant content targeting a broad audience including businesses and private users. Technically, the site uses older JavaScript libraries such as Prototype.js and Scriptaculous, which may require modernization to improve security and performance. The site lacks advanced security headers and cookie consent mechanisms, indicating room for improvement in privacy compliance and security posture. Contact information is clearly provided with a physical address and obfuscated email to reduce spam. Overall, the website is functional, trustworthy, and reflects a credible business presence in the regional technology services market.