Security Directory

V

Vereinigung liechtensteinischer gemeinnütziger Stiftungen und Trusts (e.V.)

vlgst.li

67

The Vereinigung liechtensteinischer gemeinnütziger Stiftungen und Trusts (VLGST) is a non-profit association representing charitable foundations and trusts in Liechtenstein. It serves as a platform for dialogue, governance promotion, and advocacy to strengthen the philanthropic sector in the region. The website reflects a professional and consistent brand presence, targeting foundations, trusts, and stakeholders interested in philanthropy and governance. Technically, the site is built on Concrete5 CMS with modern libraries such as jQuery and Bootstrap, and uses Matomo for privacy-conscious analytics. Security posture is good with HTTPS enforced, but lacks some security headers and explicit policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and well-positioned within its niche.

Finform AG is a Swiss company specializing in digitalized compliance services tailored for financial institutions, focusing on client onboarding and compliance back-office support. Their unique real-time onboarding process, supported by expert intervention for complex cases, positions them as an innovative service provider in the finance sector. The website reflects a professional and trustworthy image, supported by client testimonials and partnerships with recognized financial entities such as PostFinance AG and Yuh Ltd. Technically, the site is built on the Contao CMS with modern web technologies including Bootstrap, jQuery, and integrates security measures like hCaptcha and HTTPS. Privacy and cookie policies are well implemented, indicating GDPR compliance. However, the absence of a terms of service page and explicit security or incident response policies suggests areas for improvement. Overall, the site demonstrates a strong security posture with no critical vulnerabilities detected, and the WHOIS data aligns well with the business claims, supporting legitimacy.

A

A&A KG

ox-linz.at

56

OX Steaks & Grill Linz is a well-established hospitality business located in Pasching, Austria, offering a premium dining experience focused on steaks, grill dishes, sushi, brunch, and breakfast buffet. The website reflects a medium-sized restaurant with a strong local market position and a clear business model centered on dine-in services, online reservations, and gift voucher sales. The company is legally registered as A&A KG with transparent contact and legal information provided. Technically, the website is built on TYPO3 CMS with modern web technologies including jQuery, Google Analytics, and Google Tag Manager, ensuring a good user experience with mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some HTTP security headers could be improved. Privacy compliance is comprehensive with detailed GDPR-aligned policies and cookie management. Overall, the website is professional, trustworthy, and well-maintained, supporting the business's credibility and customer engagement.

I

it4sport GmbH

it4sport.de

55

IT4SPORT GmbH is a specialized IT solutions provider focused on software and digital services for sports associations and clubs in Germany. The company offers a range of products including the PHOENIX association management system, TYPO3-based website solutions, and mobile sports apps. With over 20 years of experience and more than 100 partnerships, IT4SPORT holds a strong market position in the sports technology sector. The website reflects a professional and consistent brand image aligned with its parent company, TRICEPT AG. Technically, the site is built on TYPO3 CMS and uses Matomo for analytics, indicating a modern and privacy-conscious infrastructure. Security posture is moderate with room for improvement in security headers and published policies. Privacy compliance is basic with a cookie consent mechanism but lacks explicit privacy and terms of service pages. Overall, the website is well-structured, mobile-optimized, and trustworthy, targeting sports organizations and related entities.

Medicom is a well-established German e-commerce company specializing in the sale of vitamins and high-quality dietary supplements. With over 30 years of expertise, the company positions itself as a trusted provider offering scientifically validated products, free shipping within Germany for orders over €15, and a 90-day money-back guarantee. The website reflects a professional and user-friendly online shopping experience tailored primarily for German-speaking consumers. The business model focuses on direct-to-consumer online retail leveraging Shopify's robust platform.

M

MADSACK Mediengruppe

madsack.de

52

MADSACK Mediengruppe is a large, established German media company founded in 1893, specializing in regional and national journalism through its 20 regional newspaper brands and the RedaktionsNetzwerk Deutschland (RND). The company offers a broad range of services including editorial, marketing, printing, accounting, and IT services tailored for media houses and publishers. Their business model focuses on leveraging regional roots while expanding digital and national reach. Technically, the website is built on WordPress with modern JavaScript libraries and SEO plugins, demonstrating good digital maturity and mobile optimization. Security posture is solid with HTTPS, consent management, and no visible vulnerabilities, though explicit security policies and incident response contacts are not published. Overall, the site is professional, trustworthy, and compliant with GDPR, making it a credible digital presence for the media group.

W

Württembergischer Tennis-Bund e.V.

wtb-tennis.de

57

The Württembergischer Tennis-Bund e.V. is a large, well-established regional tennis association in Germany, serving as the second largest within the German Tennis Federation. The organization provides a comprehensive range of tennis-related services including competition management, training and education for coaches and referees, youth development, and media relations. Their website reflects a professional and content-rich platform targeting tennis players, clubs, and enthusiasts in the Württemberg region. Technically, the site is built on the TYPO3 CMS with Bootstrap for responsive design, delivering good performance and accessibility. Security posture is solid with HTTPS enforced, but lacks some advanced security headers and explicit security policies. Privacy compliance is moderate due to the absence of a clearly accessible privacy policy, though a cookie consent mechanism is present. Overall, the domain and website present a trustworthy and professional image with strong social media integration and active content updates.

H

hoster.by

hoster.by

65

hoster.by is a Belarus-based technology company specializing in domain registration, web hosting, and cloud infrastructure services. Established in 2004, it offers a comprehensive platform for businesses to start and grow online, including free SSL certificates and promotional offers for domain purchases. The company targets businesses and individuals seeking reliable hosting and IT infrastructure solutions. The website demonstrates a solid technical foundation using Bitrix CMS and integrates multiple communication channels such as live chat and social media. Security posture is generally good with HTTPS and Let’s Encrypt SSL usage; however, the absence of explicit privacy and cookie policies indicates compliance gaps. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

H

HBF Textiles

hbftextiles.com

50

HBF Textiles is a professional textile manufacturing company specializing in woven upholstery, wrapped panels, wallcoverings, coated fabrics, leather, and drapery products. The company targets designers, furniture manufacturers, and commercial and residential clients, positioning itself as a medium-sized player in the manufacturing sector. The website is built on a modern Drupal 10 CMS with e-commerce capabilities, integrating advanced technologies such as Google Tag Manager and Adobe DTM for analytics and marketing. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting a mature approach to data protection. Security posture is strong with HTTPS enforcement and security headers, though the absence of a published security policy and incident response information suggests room for improvement. The lack of WHOIS registration data is a notable concern, potentially indicating privacy protection or domain registration issues, which should be further investigated. Overall, the website is professional, well-structured, and trustworthy, with a good balance of business and technical maturity.

P

Pecheur-Store

pecheur-store.nl

62

Pecheur-Store is a specialized e-commerce retailer focused on fishing equipment, targeting anglers primarily in the Netherlands and broader European markets. The website offers a wide range of fishing products including rods, reels, bait, and accessories, with an emphasis on fast delivery and secure payment. The presence of multiple country-specific domains indicates an international expansion strategy. Technically, the site is built on Magento (OpenMage), leveraging modern tracking and consent management tools such as Google Analytics, Google Ads, and AppConsent for GDPR compliance. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security posture is solid with HTTPS enforced, DNSSEC enabled, and use of reCAPTCHA, though there is room for improvement in publishing explicit privacy and security policies. Overall, the site is trustworthy and functional but would benefit from enhanced transparency in privacy and contact information to improve compliance and user trust.

S

Stellenpakete.de

stellenpakete.de

45

Stellenpakete.de is a German-based recruitment service provider specializing in multiposting job advertisements across over 1,500 job boards. The company offers a comprehensive suite of services including job ad creation, multiposting, social recruiting, and a free applicant management system with AI support. Their market position is strong with over 4,700 satisfied customers and multiple popular packages. Technically, the website leverages modern frameworks such as Laravel Livewire, integrates Google Tag Manager and Usercentrics for consent management, and is hosted behind Cloudflare for performance and security. Security posture is solid with HTTPS enforced and CSRF protections, though explicit security headers and incident response policies are not publicly documented. Overall, the site is professional, GDPR compliant, and trustworthy, with clear contact channels and strong customer trust signals.

C

Captury

captury.com

57

Captury is a technology company specializing in advanced markerless motion capture solutions that enable precise tracking of full-body, finger, and facial movements for multiple actors simultaneously. Their offerings include real-time processing and post-processing software, targeting industries such as 3D game development, VFX, virtual reality, live entertainment, in-game player tracking, and life sciences research. The company is positioned as a versatile and innovative player in the motion capture market, trusted by major clients like Airbus, Audi, and Rockstar Games. Technically, the website is built on WordPress and employs modern libraries such as jQuery, CSS3 Animate It, and Slick Carousel. The site is moderately performant, mobile-optimized, and SEO-friendly, though accessibility features are basic. Hosting and domain registration are consistent with the company's European and US presence. No WAF or blocking mechanisms were detected, allowing full content access. From a security perspective, the site uses HTTPS with good SSL configuration but lacks DNSSEC and security headers. There is no visible security policy or incident response information, and no cookie consent mechanism is implemented, which may impact privacy compliance. No vulnerabilities or exposed sensitive data were found in the HTML content. Overall, Captury's website presents a professional and trustworthy digital presence with room for improvement in privacy compliance and security best practices. Strategic enhancements in these areas would strengthen their security posture and regulatory adherence.

C

Chronisten Tirol

chronisten.tirol

44

Chronisten Tirol is a culturally focused organization dedicated to supporting local chroniclers and preserving historical records in the Tirol region. The website serves as an information hub offering resources, events, and publications such as the quarterly 'Tiroler Chronist' magazine. The organization maintains partnerships with regional educational institutions, notably the Tiroler Bildungsforum, enhancing its credibility and outreach. Technically, the website is built on WordPress with modern plugins and frameworks, providing a good user experience and SEO optimization. Security posture is adequate with HTTPS enforced, but lacks some security headers and cookie consent mechanisms. The absence of WHOIS data is a minor concern but does not significantly detract from the site's legitimacy. Overall, the site is professional, trustworthy, and serves its niche audience effectively.

D

DARI Motion

darimotion.com

61

DARI Motion is a specialized healthcare technology company offering the world's only FDA-cleared markerless human motion analysis system. Their solution enables healthcare providers, wellness centers, and sports facilities to capture and analyze motion health data quickly and accurately, improving patient outcomes and athletic performance. The company has established a strong market position with patented technology and scientific validation, serving a medium-sized business footprint primarily in the United States. Technically, the website is built on WordPress hosted on WP Engine, leveraging modern libraries and SEO best practices, though performance is moderate and accessibility is basic. Security posture is adequate with HTTPS and domain protections but lacks DNSSEC and explicit security headers. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism. Business credibility is high with clear contact information, trust signals, and professional content. Overall, the website is professional, trustworthy, and well-branded, with room for improvement in security and privacy practices.

F

Fastenaktion

fastenopfer.ch

56

Fastenaktion is a Swiss non-profit organization dedicated to ending hunger and poverty through long-term development projects in Africa, Asia, and Latin America. The organization positions itself as a trusted and transparent entity with a strong focus on donor engagement and impact. Their website reflects a mature digital presence with multilingual support and comprehensive content about their mission and activities. Technically, the site is built on WordPress with WooCommerce integration for donations, enhanced by modern plugins for SEO, maps, and cookie consent management. Security posture is strong with HTTPS, reCAPTCHA, and cookie consent mechanisms, though some security headers could be improved. Overall, the site demonstrates good compliance with GDPR and provides clear contact and trust signals including ZEWO certification. The risk profile is low with no detected vulnerabilities or suspicious indicators.

F

FPT Software

fpt-software.com

79

FPT Software is a well-established global technology solutions provider headquartered in Vietnam, specializing in digital transformation and IT consulting services. The company offers a broad portfolio of services including AI, IoT, cloud computing, smart factories, and RPA, targeting enterprise clients worldwide. Their market position is strong, supported by a long domain history and a consistent brand presence across multiple localized domains. Technically, the website employs modern frameworks and analytics tools, indicating a mature digital infrastructure. However, some gaps exist in privacy compliance and security headers implementation. The security posture is generally good with HTTPS and domain transfer protections, but enabling DNSSEC and publishing security policies would enhance trust. Overall, the website is professional and trustworthy, with room for improvement in privacy and security transparency.

F

FPT Software

fptsoftware.com

79

FPT Software is a well-established global technology solutions provider headquartered in Vietnam, specializing in AI-powered digital transformation and IT consulting services. The company offers a broad portfolio of services including smart factories, cloud, RPA, AI, IoT, and product engineering, targeting enterprises seeking next-level digital transformation. The website reflects a mature digital presence with excellent design, mobile optimization, and clear navigation, supporting its enterprise market positioning. Technically, the site leverages modern frameworks such as Bootstrap 5 and integrates multiple analytics and marketing tools including Google Analytics, Hotjar, Microsoft Clarity, and LinkedIn Insight Tag. Hosting and DNS services are managed via Cloudflare, ensuring good performance and security. However, the absence of DNSSEC and security headers indicates room for improvement in technical security hardening. From a security perspective, the website uses HTTPS and has domain transfer protections in place, but lacks visible privacy and cookie policies, consent mechanisms, and incident response contacts. No vulnerability disclosure or security.txt files were found, which are recommended for enterprise-grade security transparency. The WHOIS data confirms domain legitimacy with consistent registration details and appropriate domain age. Overall, the website demonstrates strong business credibility and technical maturity but requires enhancements in privacy compliance and security best practices to align with modern enterprise security standards.

T

tomorrow bird GmbH

tomorrowbird.de

10

tomorrow bird GmbH is a specialized consulting firm focused on organizational and innovation development for the German Mittelstand. The company offers a range of transformation programs and ready-to-use products aimed at helping medium-sized family businesses navigate complex challenges related to digitalization and innovation. Their market position is strengthened by a portfolio of notable clients and a professional online presence. Technically, the website is built on WordPress with Elementor, leveraging modern analytics and marketing tools while maintaining GDPR compliance through a comprehensive cookie consent mechanism. Security posture is solid with HTTPS and privacy controls, though there is room for improvement in publishing explicit security policies and headers. Overall, the website reflects a mature digital infrastructure and a trustworthy business entity.

P

Poco

presto-changeo.com

10

Presto-Changeo is a technology company specializing in developing Wix apps and ecommerce modules designed to boost sales and productivity for online stores, particularly those using Wix and PrestaShop platforms. The company claims to have served over 100,000 customers worldwide since 2009, offering US-based dedicated support and a satisfaction guarantee. Their product suite includes tools for inventory management, email marketing integrations, shipping label printing, and conversion optimization. The website is professionally designed, mobile-optimized, and provides clear navigation and relevant content for its target audience of ecommerce store owners. Technically, the website leverages modern web technologies including Google Fonts, Font Awesome, Material Design Icons, and Slick Carousel for UI components, and integrates Google Analytics for tracking. The backend ecommerce platform appears to be PrestaShop. The site uses HTTPS with good SSL configuration, though lacks some advanced security headers. Privacy compliance is basic, with a privacy policy and terms of service present but no cookie consent mechanism or GDPR-specific indicators. Contact is primarily via a web form, with no explicit company emails or phone numbers displayed. From a security perspective, the site shows good practices such as HTTPS enforcement and no visible vulnerabilities or exposed sensitive data. However, the absence of WHOIS domain registration data raises concerns about domain legitimacy and ownership transparency. No security policy, incident response contacts, or vulnerability disclosure mechanisms are found, which could be improved to enhance trust and compliance. Overall, Presto-Changeo presents as a credible and professional ecommerce app provider with a solid product offering and customer base, but the missing domain registration data and limited privacy compliance features suggest areas for improvement in security posture and transparency.

S

Sogolytics

sogolytics.com

74

Sogolytics operates as a leading experience management platform offering a suite of SaaS products including online survey tools, enterprise feedback solutions, customer experience, and employee experience platforms. The company targets businesses seeking to improve feedback collection and experience management across multiple sectors. Their market position is strong with a professional and comprehensive digital presence, supported by rich content, embedded multimedia, and detailed product offerings. Technically, the website is built on WordPress with modern JavaScript libraries and marketing integrations, delivering a responsive and accessible user experience. Security posture is solid with HTTPS enforced and use of reCAPTCHA, though explicit security headers could be improved. The absence of WHOIS data introduces some uncertainty regarding domain registration legitimacy, but the overall professional presentation and business focus mitigate major concerns. Strategic recommendations include enhancing security headers, publishing vulnerability disclosure policies, and improving transparency on incident response and data retention.

Z

Zimmer MedizinSysteme GmbH

zimmer.de

48

Zimmer MedizinSysteme GmbH is a well-established German medical technology company with over 50 years of experience, specializing in physical therapy, diagnostics, and aesthetic medical devices. The company serves healthcare professionals worldwide, offering innovative products such as therapy devices, diagnostic systems, and cryotherapy solutions. Their market position is strong, supported by a professional website, active participation in industry events, and partnerships with educational institutions. Technically, the website is built on WordPress with modern JavaScript libraries and includes consent management for GDPR compliance. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. Overall, the site is professional, trustworthy, and compliant with privacy regulations.

H

Holzmann Medien GmbH & Co. KG

holzmann-medien.de

52

Holzmann Medien GmbH & Co. KG is a well-established German family-owned media publishing company founded in 1936. It specializes in economic and specialist media across sectors such as construction, cleaning, meat industry, craftsmanship, and hospitality. The company offers a broad portfolio including print publications, digital products, audio, video, events, and corporate publishing. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content tailored to industry professionals and entrepreneurs. Technically, the site is built on WordPress with modern plugins and frameworks, hosted likely by Deutsche Telekom, and includes a consent management platform for GDPR compliance. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. Privacy compliance is strong with clear policies and cookie consent mechanisms. Overall, the site is trustworthy and professionally maintained, supporting Holzmann Medien's market position as a leading specialist publisher in Germany.

D

Dressipi

dressipi.com

67

Dressipi is a UK-based technology company specializing in AI-powered personalization solutions for fashion ecommerce retailers. Their platform offers product tagging, product recommendations, and outfit recommendations designed to increase revenue, reduce returns, and improve customer retention. The company has a strong market presence with reputable clients and was recently acquired by Mapp Digital UK Ltd, indicating a solid position in the personalization technology market. Technically, the website is built using modern web technologies including jQuery, Bootstrap, and Jekyll CMS, hosted on AWS infrastructure. The site is well-optimized for SEO and mobile devices, with good user experience and professional design. Security posture is adequate with HTTPS enforced and domain transfer protection, but could be improved by adding DNSSEC and security headers. Privacy compliance is good with clear privacy and cookie policies and GDPR considerations. Overall, the website is trustworthy and professional, with extensive analytics and marketing tools integrated. No critical security issues or content safety concerns were found.

C

Conferenza dei vescovi svizzeri

ivescovi.ch

43

The website www.ivescovi.ch serves as the official online presence of the Swiss Bishops' Conference, a key religious and governmental entity representing the Catholic Church in Switzerland. It provides comprehensive information about the bishops, church history, committees, official documents, and news updates relevant to the Catholic community and the general public interested in religious affairs. The site targets primarily Italian-speaking users but offers links to German and French versions, reflecting Switzerland's multilingual context. The business model is non-profit, focusing on communication and information dissemination within the religious sector. Technically, the website is built on WordPress 6.6.2 with a Bootstrap-based theme, leveraging modern JavaScript libraries such as jQuery and Slick Carousel. It integrates Google Analytics via Google Site Kit for visitor tracking. The site demonstrates good mobile optimization and a professional design, though some accessibility features are basic. Performance is moderate, with no critical errors or broken elements detected. From a security perspective, the site enforces HTTPS with an excellent SSL configuration but lacks explicit HTTP security headers such as CSP or HSTS. No vulnerability disclosure or incident response policies are published, and cookie consent mechanisms are absent, which may affect GDPR compliance. Contact information is clearly provided, enhancing trust and credibility. Overall, the security posture is adequate but could be improved with additional headers and privacy compliance measures. The overall risk assessment indicates a well-maintained and trustworthy website with minor gaps in privacy compliance and security best practices. Strategic recommendations include implementing cookie consent, enhancing security headers, publishing security policies, and improving accessibility to strengthen the site's security and compliance posture.

E

eDreams ODIGEO

edreamsodigeo.com

69

eDreams ODIGEO operates as a leading global travel subscription platform and one of Europe's largest e-commerce businesses, offering a suite of travel brands including eDreams, Opodo, and Liligo. The company targets travel consumers and investors, providing subscription-based travel booking services and maintaining a strong investor relations presence. The website reflects a mature digital infrastructure built on WordPress with modern front-end technologies, optimized for mobile and SEO. Security posture is strong with HTTPS, security headers, and ISO 27001 certification, though public vulnerability disclosure and incident response contacts are not evident. Overall, the site is professional, trustworthy, and well-maintained, but the absence of WHOIS data introduces a minor trust concern.

D

digital concepts Novak Winkler OG

digital-concepts.com

67

Digital Concepts Novak Winkler OG is a small Austrian technology company specializing in e-commerce solutions and custom software development, with over 25 years of experience. Their website presents a professional image targeting B2B and B2C clients seeking tailored online shop systems and software projects. The company emphasizes stability, simplicity, and customer partnership in their service delivery. Technically, the website uses modern front-end libraries such as jQuery, Foundation framework, and lazy loading techniques, ensuring good mobile responsiveness and SEO optimization. However, no explicit security headers were detected, and SSL configuration details are unavailable, indicating room for security improvements. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. The absence of WHOIS domain registration data is a notable concern, reducing overall trustworthiness despite the professional web presence. Strategic recommendations include enhancing security headers, verifying SSL strength, and improving domain registration transparency to bolster trust and compliance.

The Secession website represents a well-established Austrian non-profit cultural institution dedicated to contemporary art exhibitions and events. It holds a strong market position as one of the oldest independent art exhibition houses globally, with a rich history dating back to 1897. The site targets art enthusiasts, visitors, and the contemporary art community, offering detailed information about exhibitions, events, and the institution's mission. The business model is non-commercial, focusing on cultural promotion and education. The website content is rich, professionally designed, and consistent with the institution's branding and reputation. Technically, the website employs a mix of legacy and modern JavaScript libraries, including jQuery 1.11.3, GSAP, and Slick Carousel, with no explicit CMS detected, suggesting a custom-built platform. Performance is moderate with good mobile optimization and accessibility features. SEO practices are well implemented with proper meta tags and Open Graph data. Hosting details are not explicitly identified. From a security perspective, the site enforces HTTPS and uses Google Analytics with consent mechanisms denying ad and analytics storage by default, indicating good privacy awareness. However, the use of outdated jQuery versions and missing explicit security headers like Content Security Policy and X-Frame-Options present moderate risks. No critical vulnerabilities or exposed sensitive data were detected. Privacy policies and cookie consent mechanisms are comprehensive and GDPR compliant. Overall, the website is trustworthy, professional, and safe for general audiences. It demonstrates a mature digital presence suitable for a cultural institution, with minor technical and security improvements recommended to enhance resilience and compliance.

R

ROTE NASEN Clowndoctors

rotenasen.at

54

ROTE NASEN Clowndoctors is a well-established Austrian non-profit organization founded in 1994, dedicated to bringing laughter and joy to patients of all ages through professional clown visits. The organization operates with a strong international partnership with RED NOSES International and focuses on various target groups including children, adults, seniors, and people with special needs. Their business model relies heavily on donations, sponsorships, and community engagement programs such as the Emergency Smile and online clown visits. The website reflects a mature digital presence with excellent content quality, clear navigation, and strong branding consistency. Technically, the website is built on the TYPO3 CMS platform, utilizing modern JavaScript libraries and frameworks such as jQuery and Bootstrap. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Security-wise, the site enforces HTTPS, implements cookie consent mechanisms, and avoids exposing sensitive data. However, there is room for improvement in security headers and incident response disclosures. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with GDPR and privacy standards. The presence of recognized certifications and clear donation information further enhances credibility. No critical security issues or content safety concerns were identified, making the site safe for general audiences. Strategically, the organization should focus on enhancing security headers, publishing vulnerability disclosure policies, and possibly providing more explicit incident response contacts to strengthen their security posture and trust further.

M

mégaphone-internet sàrl

megaphone-internet.ch

46

mégaphone-internet sàrl is a Swiss-based small technology company specializing in web creation and hosting services since 1995. The company targets associations and businesses in Switzerland seeking tailored digital solutions including website creation, e-commerce, content management, hosting, and email marketing. Their market position is that of a local artisan web service provider with a long-standing presence and a professional online presence. Technically, the website uses a modern but minimal tech stack including jQuery, Slick Carousel, and lazy loading with Lozad.js, delivering a good user experience with moderate performance and good mobile optimization. Security posture is adequate with HTTPS usage but lacks explicit security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Business credibility is strong given the clear company information, physical address, and professional content. Overall, the website is safe, professional, and trustworthy but could improve in privacy compliance and security best practices.

O

OX Steaks & Grill Ried

ox-ried.at

55

OX Steaks & Grill Ried is a hospitality business specializing in high-quality steaks, burgers, fish dishes, and Mediterranean appetizers. The restaurant positions itself as a premium dining location with a unique ambiance and a loyalty app for customers. The business is currently closed for renovation until November 2025, aiming to relaunch with a new concept. The website is built on TYPO3 CMS and integrates modern web technologies including Google Analytics and Facebook Pixel for marketing and analytics purposes. Privacy and cookie policies are well implemented with user consent mechanisms. Contact information and legal disclosures are clearly presented, enhancing business credibility. Security posture is good with HTTPS and anonymized IP tracking, though formal security policies and incident response contacts are not published. Overall, the website is professional, secure, and compliant with GDPR, serving a general audience in Austria.

O

OX-Fischapark GmbH

ox-wrneustadt.at

56

OX-Fischapark GmbH operates a hospitality business in Wiener Neustadt, Austria, specializing in steaks, pizza, and burgers served in a high-quality ambiance. The website reflects a well-established regional restaurant brand with multiple sister locations, offering dine-in services, online reservations, and gift vouchers. The business targets local residents and visitors seeking quality dining experiences. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates Google Analytics and Facebook Pixel for marketing and analytics. The site is mobile-optimized and provides clear navigation and content relevant to its audience. Security-wise, the site enforces HTTPS and includes cookie consent mechanisms compliant with GDPR. However, it lacks explicit security policies and incident response contacts. Overall, the website is professional, trustworthy, and compliant with privacy regulations, supporting the business's credibility and customer engagement.

O

OX Tulln GmbH & Co KG

ox-tulln.at

56

OX Tulln GmbH & Co KG operates a hospitality business focused on steak and grill dining complemented by a music bar offering cocktails and snacks. The company positions itself as a premium dining location in Tulln, Austria, targeting a broad audience including partygoers and food enthusiasts. Key services include high-quality food offerings, an online reservation system, a loyalty app, and gift vouchers. The website is built on TYPO3 CMS with modern frontend technologies and integrates marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Privacy and cookie policies are comprehensive and GDPR compliant, with clear consent mechanisms. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers and policies could be improved. Overall, the website is professional, trustworthy, and well-structured, supporting the business's market position effectively.

O

OX Wels Steaks&Grill GmbH & Co KG

ox-wels.at

56

OX Wels Steaks&Grill GmbH & Co KG operates a hospitality business specializing in high-quality steaks, fish dishes, Mediterranean appetizers, and a broad selection of wines in Wels, Austria. The website serves as a digital front for the restaurant, offering online reservations, gift voucher sales, and promoting a loyalty app. The business targets local and regional customers seeking premium dining experiences. The company maintains a network of partner hospitality sites, indicating a strong local market presence. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries such as jQuery, Fancybox, and carousel plugins. It integrates Google Analytics and Google Tag Manager with privacy-conscious configurations like IP anonymization. The site is mobile-optimized and provides a good user experience with clear navigation and downloadable menus. Cookie consent mechanisms and a comprehensive privacy policy demonstrate GDPR compliance. From a security perspective, the site uses HTTPS with no visible critical vulnerabilities or exposed sensitive data. However, it lacks explicit security policies and incident response contacts. The use of third-party scripts is standard but should be regularly audited. Overall, the security posture is solid but could be enhanced with additional headers and formal policies. The overall risk is low with no signs of malicious activity or suspicious registrations. Strategic recommendations include formalizing security policies, enhancing incident response readiness, and continuous monitoring of third-party components to maintain compliance and security standards.

E

entwickeln+gestalten

entwickelnundgestalten.de

47

entwickeln+gestalten is a small, specialized digital agency focused on supporting civil society organizations in Germany with digital transformation, political communication, and process optimization. Their key services include website development, consulting, Nextcloud integration, and CiviCRM solutions. The company positions itself as a trusted partner for progressive actors aiming for social development and justice. Technically, the website is built on Drupal 7 with common JavaScript libraries for UI enhancements, hosted on agenturserver infrastructure. The site is mobile-optimized and provides good user experience with clear navigation and professional design. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers are missing and the CMS version is outdated, which poses some risk. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or terms of service. Contact information is clearly provided, enhancing business credibility. Overall, the website is trustworthy and professional, serving a niche non-profit sector audience effectively.

A

A&G KG

ox-parndorf.at

40

OX Steaks & Grill Parndorf is a small hospitality business located in Austria, specializing in premium steak and grill dining experiences. The company offers a variety of high-quality food options including steaks, burgers, fish dishes, and Mediterranean appetizers. They maintain a strong market position as a top dining location in Parndorf, supported by a loyalty app and online gift voucher sales. The website is built on TYPO3 CMS and integrates modern front-end libraries and tracking tools such as Google Analytics and Facebook Pixel, with privacy-conscious configurations like IP anonymization and cookie consent mechanisms. Security posture is solid with HTTPS enforced, though there is room for improvement in security headers and incident response disclosures. Overall, the website is professional, user-friendly, and compliant with GDPR requirements, reflecting a trustworthy and credible business presence.

E

ECOTRANS

destinet.eu

51

The website destinet.eu operates as a knowledge networking portal dedicated to sustainable and responsible tourism. It serves as a platform connecting various stakeholders including businesses, certification bodies, destination administrations, and NGOs. The portal offers resources such as courses, publications, a market place, and news updates, positioning itself as a key player in the sustainable tourism ecosystem. The business model is non-profit and focuses on collaboration and information dissemination to promote sustainability in tourism. Technically, the site uses a Naaya CMS platform with a tech stack including jQuery, Google Analytics, Google Tag Manager, and Slick Carousel. The site is mobile optimized and has good SEO practices, though some technical debt exists with the use of an older jQuery version. Security posture is moderate with HTTPS enabled and some security best practices observed, but lacks advanced headers like CSP and a cookie consent mechanism. WHOIS data indicates consistent and legitimate domain registration without privacy protection, aligning with the website's business purpose. Overall, the site is professional, trustworthy, and serves its niche audience effectively.

Klima-Kollekte gGmbH is a German non-profit organization focused on facilitating climate protection through voluntary contributions to certified climate projects, primarily in the Global South. The organization offers services including emission accounting, financing of climate projects, consulting, and educational resources. Their business model emphasizes transparency, compliance with the Paris Agreement, and fostering global climate justice. The website targets environmentally conscious companies, organizations, and individuals seeking to offset their carbon footprint responsibly. Technically, the website is built on TYPO3 CMS with modern web technologies such as jQuery, Slick Carousel, and Featherlight Lightbox. It integrates consent management via Consentmanager.net and uses Google Tag Manager and Matomo (Piwik) for analytics. Hosting is managed through DomainControl nameservers, indicating professional domain management. The site is mobile-optimized with good SEO and accessibility basics. From a security perspective, the site uses HTTPS with a good SSL configuration and implements cookie consent mechanisms. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not visibly configured, and no formal security policy or incident response contacts are published. No vulnerabilities or exposed sensitive data were detected. The site demonstrates good privacy compliance with GDPR-aligned policies. Overall, Klima-Kollekte presents a trustworthy and professional online presence with strong business credibility and transparency. The security posture is solid but could be enhanced by adding explicit security headers and formalizing security policies. The website is safe, free from adult or questionable content, and well-suited for its target audience.

R

Roundtable Human Rights in Tourism

humanrights-in-tourism.net

48

The Roundtable Human Rights in Tourism is a well-established non-profit association based in Germany, focused on promoting human rights within the tourism industry. It serves as a multi-stakeholder platform offering networking, training, impact assessments, and knowledge sharing to tourism companies and related stakeholders. The organization is recognized for its credibility and international reach, supporting companies in implementing human rights due diligence aligned with UN guidelines. Technically, the website is built on Drupal 10, uses Matomo for analytics, and incorporates modern front-end libraries, providing a good user experience with mobile optimization and accessibility. Security posture is solid with HTTPS enforced, though some security headers are missing and privacy compliance could be improved by adding explicit policies and consent mechanisms. The domain WHOIS data is missing or inaccessible, which is unusual and slightly reduces trust, but the professional content and clear contact information support legitimacy. Overall, the website is professional, content-rich, and trustworthy, serving an important role in the human rights and tourism sector.

Z

Zotter Schokolade GmbH

zotter.at

62

Zotter Schokolade GmbH operates a professional and well-structured e-commerce website focused on premium organic and fair trade chocolates. The company offers a broad product range including custom editions, gift sets, and experiential tours at their Zotter Erlebniswelt location. The website is built on TYPO3 CMS with modern web technologies and integrates marketing and consent management tools such as Google Tag Manager, Intercom, and Usercentrics. The site demonstrates good SEO practices and mobile optimization, providing a positive user experience. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit security policies and incident response contacts are absent. Privacy compliance is partially addressed via cookie consent but lacks a visible privacy policy page. Overall, the website reflects a credible and established chocolate brand with a strong market position in Austria.

S

Schweizer Bischofskonferenz

bischoefe.ch

48

The Schweizer Bischofskonferenz website serves as the official digital presence of the Swiss Bishops' Conference, providing comprehensive information about the Catholic Church's activities, leadership, and ethical services in Switzerland. The site targets church members, religious communities, and the general public interested in ecclesiastical matters. It offers news, documents, and partner links, positioning itself as a trusted non-profit religious institution with a medium organizational size. Technically, the website is built on WordPress 6.6.2, leveraging common plugins such as Contact Form 7 and Bootstrap for responsive design. The infrastructure supports moderate performance and good mobile optimization, with Google Tag Manager integrated for analytics. However, some accessibility features are basic, and SEO practices are adequately implemented. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. Nonetheless, it lacks explicit security headers and a cookie consent mechanism, which are important for GDPR compliance and enhanced security posture. No vulnerability disclosures or incident response contacts are provided, indicating room for improvement in transparency and security readiness. Overall, the website is professional, trustworthy, and content-rich, but it would benefit from enhanced privacy compliance measures and security best practices to strengthen user trust and regulatory adherence.

A

Administration du Cadastre et de la Topographie (ACT)

geoportail.lu

56

The Geoportal of the Grand-Duchy of Luxembourg is an official government platform providing comprehensive geospatial data, maps, and related services to individuals, professionals, and developers. It serves as the authoritative source for governmental geodata, supporting sectors such as energy, environment, spatial planning, and real estate. The platform offers a variety of applications including cadastral extract ordering, 3D modeling, route planning, and mobile apps, positioning itself as a key digital infrastructure for Luxembourg's geospatial needs. Technically, the website employs a moderate technology stack including jQuery, Modernizr, and Matomo analytics, with good mobile optimization and accessibility features. The site is served over HTTPS with no detected blocking or WAF interference, ensuring accessibility and security. However, some security best practices such as explicit security headers and published incident response policies are missing. From a security perspective, the platform enforces strong authentication for sensitive services and uses privacy-conscious analytics. The absence of cookie consent mechanisms and vulnerability disclosure policies indicates room for improvement in privacy compliance and transparency. Overall, the site demonstrates a solid security posture appropriate for a government service but could enhance user trust by adopting additional security and privacy measures. The domain registration aligns well with the website's governmental nature, registered to a Luxembourg government entity, reinforcing legitimacy and trustworthiness. No suspicious or malicious content was found, and the site is safe for general audiences.

M

Mapp

mapp.com

51

Mapp is a well-established marketing cloud technology company founded in 2003, offering AI-powered digital analytics, marketing automation, and multi-channel campaign management solutions. The company targets businesses seeking to leverage customer data for personalized marketing across email, SMS, apps, and websites. With over 3500 brands trusting their platform and a recent acquisition of Dressipi, Mapp positions itself strongly in the retail and e-commerce sectors with a focus on AI-driven personalization. Technically, the website is built on WordPress hosted on AWS infrastructure, utilizing modern JavaScript libraries such as Swiper.js and Slick Carousel for UI components, and integrates multiple analytics and tracking tools including Google Tag Manager, Hotjar, and proprietary Mapp Intelligence. The site is well optimized for SEO, mobile responsiveness, and accessibility, reflecting a mature digital presence. From a security perspective, the site enforces HTTPS, employs domain registration protections, and uses a consent management platform (Usercentrics) to comply with privacy regulations. However, DNSSEC is not enabled, and explicit security headers are not detected, indicating room for improvement. No critical vulnerabilities or exposed sensitive data were found. Overall, Mapp demonstrates a strong business credibility and technical maturity with good privacy compliance. The website content is professional and safe for general audiences. Strategic recommendations include enabling DNSSEC, publishing a dedicated security policy, and enhancing security headers to further strengthen the security posture.

F

Freizeit- und Kulturzentrum Neue Schmiede

neue-schmiede.de

40

Neue Schmiede is a well-established non-profit leisure and cultural center located in Bethel, Bielefeld, Germany. It offers a broad range of inclusive services including gastronomy, cultural events, event spaces, leisure and travel programs, and employment opportunities for people with disabilities. The organization is affiliated with the v. Bodelschwinghsche Stiftungen Bethel, enhancing its credibility and community integration. The website reflects a strong commitment to accessibility and inclusion, supported by dedicated accessibility widgets and partnerships with recognized social organizations.

W

Wirtschaftsentwicklungsgesellschaft Bielefeld mbH

das-kommt-aus-bielefeld.de

45

Das kommt aus Bielefeld is a regional business network platform operated under the Wirtschaftsentwicklungsgesellschaft Bielefeld mbH, focused on connecting local companies, fostering knowledge exchange, and promoting the strengths of the Bielefeld economy. The website offers rich multimedia content, including videos, testimonials, and a magazine, targeting local businesses, professionals, students, and startups. The business model centers on networking, visibility, and collaborative growth within the regional economy. Technically, the website is built on WordPress with modern plugins and libraries such as jQuery, Bootstrap, and Borlabs Cookie for consent management. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Performance is moderate, with room for optimization. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. From a security perspective, the site uses HTTPS with good SSL configuration but lacks explicit security headers. No critical vulnerabilities or exposed sensitive data were detected. The absence of a public security policy or incident response contact is noted as an area for improvement. Overall, the domain registration and DNS setup appear legitimate and consistent with the business's regional focus. The overall risk assessment is low, with recommendations to enhance security headers, publish incident response information, and consider a vulnerability disclosure policy to further strengthen trust and compliance.

E

Ermin Plant Hire Services Ltd

erminplant.co.uk

69

Ermin Plant Hire Services Ltd is a well-established UK-based company specializing in plant, tool, and access hire, alongside equipment sales and training services. With over 60 years of operational history, the company serves professional contractors, tradespeople, and DIY enthusiasts primarily across Gloucestershire and surrounding counties. Their market position is that of a trusted regional specialist with multiple depots and a comprehensive product offering. The website reflects a professional and consistent brand image, supported by testimonials and active social media channels. Technically, the website is built on WordPress with WooCommerce for e-commerce capabilities, leveraging modern plugins such as Yoast SEO, Instagram Feed, and Contact Form 7. The site is mobile-optimized, SEO-friendly, and includes cookie consent mechanisms aligned with GDPR requirements. Performance is moderate with good accessibility features, although some security headers are not explicitly detected. From a security perspective, the site enforces HTTPS and employs cookie consent, but lacks visible advanced security headers and explicit incident response or vulnerability disclosure information. No critical vulnerabilities or exposed sensitive data were identified. The absence of WHOIS data due to a domain query error limits full domain trust verification, but the website content and contact details support a moderate to high trust level. Overall, Ermin Plant presents a solid digital presence with good business credibility and privacy compliance. Strategic improvements in security headers and incident response transparency would enhance their security posture and trustworthiness further.

P

Plasztikgyár

plasztikgyar.hu

44

Plasztikgyár.hu is a Hungarian-based manufacturing company specializing in the production of plastic cards, recycled plastic cards, card holders, and custom lanyards. Established since 2009, the company serves a broad B2B audience with over 10,000 business clients, offering personalized and premium-quality products. Their website reflects a professional and consistent brand image with a focus on quality and customer satisfaction. Technically, the site uses modern frameworks such as Yii and Bootstrap, integrates multiple analytics and marketing tools, and implements GDPR-compliant cookie consent mechanisms. Security posture is solid with HTTPS and CSRF protections, though some security headers could be improved. No critical vulnerabilities or suspicious indicators were found. Overall, the site is well-structured, user-friendly, and trustworthy.

S

SPACEFOOT SAS

golf-and-co.nl

62

Golf and Co is a specialized e-commerce retailer focused on golf equipment and accessories, serving primarily the Dutch market with a broader European presence. The company operates under SPACEFOOT SAS, a French legal entity, with customer service and logistics based in France. Their website offers a wide range of golf products including clubs, balls, trolleys, shoes, and apparel from well-known brands. The business model is direct online retail with a focus on quality, competitive pricing, and customer service. The market position is that of a specialist retailer with a strong brand presence in the golf niche.

C

Captury

thecaptury.com

56

Captury is a technology company specializing in advanced markerless motion capture solutions that enable precise tracking of full-body, finger, and facial movements for multiple actors simultaneously. Their product suite includes real-time processing software, post-processing tools, and specialized hardware solutions targeting industries such as 3D game development, VFX, virtual reality, live entertainment, in-game player tracking, and life sciences research. The company has a solid market position with notable clients including Airbus, Audi, Daimler, Rockstar Games, and Scanline VFX. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as jQuery, CSS3 Animate It, and Slick Carousel for UI enhancements. The site is moderately performant, mobile-optimized, and SEO-friendly, though accessibility features are basic. Hosting appears stable with SSL properly configured, ensuring secure HTTPS connections. From a security perspective, the site employs HTTPS but lacks visible security headers and published security policies or incident response information. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of service, but no cookie consent mechanism was found. Contact information is clearly presented, enhancing business credibility. Overall, Captury's website reflects a mature, professional technology company with strong business credibility and a good security posture. Strategic improvements in security headers, cookie consent, and incident response transparency would further enhance trust and compliance.

The CISPA Helmholtz Center for Information Security is a prominent German national research institution specializing in cybersecurity, privacy, and trustworthy artificial intelligence. It operates as a Big Science institution within the Helmholtz Association and is recognized as a world-leading center in its field. The website showcases extensive research achievements, faculty expertise, and collaborations, particularly with the Technical University of Munich. The institution focuses on foundational and applied research, technology transfer, and knowledge dissemination to benefit society and industry.