Security Directory

H

HOYER GmbH

hoyer-anniversary.com

32

HOYER GmbH is a well-established international transportation and logistics company celebrating its 75th anniversary. The website serves primarily as a corporate milestone showcase with multimedia content and links to official corporate resources. The technical infrastructure is based on TYPO3 CMS running on an Apache server, with embedded video content and integration of Usercentrics for consent management scripts. However, the website lacks a valid SSL certificate, which critically impacts its security posture. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols significantly reduces the site's security score. Privacy compliance is moderate with a privacy policy present but no cookie consent mechanism detected. Business credibility is supported by consistent branding and official social media presence, though direct contact information is missing on the landing page. Overall, the site is functional but requires urgent security improvements to meet modern standards.

The website hoyer-jubilaeum.de currently serves a 404 error page indicating that no site configuration is found, rendering the site inaccessible to users. The site is built on TYPO3 CMS but is not properly configured or published. There is no visible business content, contact information, or legal policies such as privacy or cookie policies. The technical infrastructure shows an Apache server with some security headers implemented; however, the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, resulting in a poor security posture. Tracking scripts for Google Analytics and Usercentrics are present but without a consent mechanism, indicating non-compliance with privacy regulations. Overall, the site is non-functional and lacks essential business and security elements, leading to a very low trust and usability score.

cotac group operates as a medium-sized transportation service provider specializing in tank container services including cleaning, heating, repair, modifications, and depot management. The company maintains a professional online presence with a well-structured website powered by TYPO3 CMS, targeting businesses requiring specialized tank container logistics and maintenance. The website is designed responsively and includes a cookie consent mechanism via Usercentrics, indicating attention to privacy compliance. Technically, the site uses Apache on Debian with a valid SSL certificate, though TLS protocols are outdated and some security headers could be better configured. No direct contact emails or phone numbers are provided, relying on contact forms for communication. The security posture is moderate with room for improvement in TLS support and incident response transparency. Overall, the website reflects a legitimate and professional business with a moderate risk profile and good digital maturity.

B

Betty Barclay

bettybarclay.com

29

Betty Barclay operates as a well-established women's fashion brand focused on retail and e-commerce, targeting modern women seeking stylish and quality clothing for various occasions. The website presents a professional and user-friendly shopping experience with clear navigation, comprehensive content, and trust signals such as certifications and social media presence. Technically, the site uses a modern tech stack including Shopware, PHP 8.2, and advanced commerce services, with good mobile optimization and accessibility. However, the absence of HTTPS/SSL and missing DNS records represent critical security and infrastructure weaknesses that significantly impact the site's trustworthiness and security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is functional and credible but requires urgent security improvements to protect user data and enhance trust.

P

Pizzeria Uno Corporation

pizzeriaunodue.com

28

Pizzeria Uno Corporation operates a well-established restaurant brand known for inventing the Chicago Style Deep Dish Pizza in 1943. The website promotes their core business of pizza restaurants along with catering, group events, cooking classes, and fundraising activities. The brand has a strong market position with a legacy appeal and multiple service offerings targeting pizza enthusiasts and event organizers. Technically, the website uses a modern frontend stack including Bootstrap and jQuery, with embedded analytics and accessibility tools. However, the site lacks a valid SSL certificate and HTTPS configuration, which is a critical security flaw. The absence of cookie consent mechanisms and security headers further reduces the security posture. Overall, the business credibility is high due to consistent branding, clear contact information, and social media presence, but the security and privacy compliance need urgent improvement.

S

Stoller USA

stollerusa.com

40

Stoller USA is a medium-sized agricultural solutions provider specializing in fertilizers, crop protection, biostimulants, and plant hormones. The company targets growers and agricultural professionals, positioning itself as a trusted partner to increase crop yield and quality. The website is built on WordPress using Elementor and Yoast SEO, reflecting a modern digital presence with good content quality and clear navigation. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security weakness, exposing users to potential risks. The site includes GDPR-compliant privacy and cookie policies with consent mechanisms, demonstrating attention to privacy compliance. Social media integration and a toll-free contact number enhance business credibility. Overall, the website is professional and informative but requires urgent security improvements to protect user data and enhance trust.

G

Gemma Golfn GmbH

gemma-golfn.at

27

Gemma Golfn GmbH operates a specialized golf training center and the first Toptracer Range in Upper Austria, targeting golf enthusiasts and beginners. The company offers golf lessons, workshops, events, and a pro shop with fitting services. The website is professionally designed using WordPress with modern SEO and marketing tools integrated, including Facebook Pixel and Google Analytics. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the business presents a credible and consistent online presence but should urgently address its SSL/TLS deficiencies to improve security and trust.

M

Mailinblack

mailinblack.com

67

Mailinblack is a mature French cybersecurity company founded in 2003, specializing in user-centered cybersecurity solutions for enterprises, healthcare establishments, and public administrations. Their flagship platform, U-Cyber 360°, integrates multiple services including email protection, password management, phishing simulation, and e-learning cybersecurity training. With over 22,000 clients and a strong market presence, Mailinblack positions itself as an innovative and accessible provider in the cybersecurity industry. Technically, the website is built on WordPress with modern technologies such as Apache server, jQuery, and performance optimizations via WP Rocket. The site is well-optimized for SEO, mobile responsiveness, and accessibility, featuring comprehensive metadata, structured data, and multi-language support. Hosting appears to be on Microsoft Azure, ensuring reliable infrastructure. From a security perspective, the site employs HTTPS with a valid wildcard SSL certificate, includes important security headers like X-Frame-Options, X-XSS-Protection, and Content-Type-Options, and has properly configured DNS records including SPF and DMARC for email security. However, improvements such as enabling HSTS fully, implementing DNSSEC, and enabling OCSP stapling could enhance security further. No critical vulnerabilities or WAF blocking were detected. Overall, the website demonstrates a strong security posture, professional business credibility, and good privacy compliance with clear policies and consent mechanisms. The risk level is low, with recommendations focusing on enhancing security headers and DNS security to maintain trust and compliance.

emfluence Digital Marketing is a well-established digital marketing agency based in the United States, specializing in a broad range of services including digital strategy, SEO, paid media, content marketing, and marketing automation. The company positions itself as a leading provider in the Midwest region, targeting businesses seeking personalized and effective digital marketing solutions. Their website reflects a mature digital presence with rich content, client testimonials, and case studies that demonstrate their expertise and client success. Technically, the site is built on WordPress and leverages modern marketing and SEO tools, including Gravity Forms, Yoast SEO, and Amazon Polly, hosted on AWS with CloudFront CDN for content delivery. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Privacy compliance is addressed with a clear privacy policy and cookie consent mechanism, but direct contact information such as emails and phone numbers are not explicitly provided, relying mainly on contact forms. Overall, the website is professional and content-rich but requires urgent security improvements to meet modern standards.

The Scripps Research Institute is a well-established nonprofit research organization focused on pioneering scientific discovery and translational medicine to address major health challenges. With a century-long history and a strong reputation in the life sciences, it combines fundamental research with drug discovery and education. The website reflects a professional and content-rich platform targeting researchers, donors, and students. Technically, the site uses modern frameworks like Vue.js and integrates analytics and marketing tools such as Google Tag Manager and Klaviyo. However, the lack of a valid SSL certificate significantly impacts the security posture, exposing visitors to risks and undermining trust. No explicit privacy or cookie policies were found, and security policies or incident response contacts are absent, indicating compliance gaps. Overall, the site is credible and authoritative but requires urgent security improvements to protect user data and enhance trust.

umdasch Store Makers Management GmbH is a large, internationally operating company specializing in shopfitting and retail solutions, including consulting, project management, general contracting, and digital retail integration. The company is part of the Umdasch Group AG and serves retail businesses with comprehensive store design and implementation services. Their website reflects a professional and consistent brand presence with multilingual support and active social media engagement. Technically, the website uses Apache server technology with common JavaScript libraries for UI components but lacks a modern CMS indication. Hosting is managed via Azure DNS. Performance metrics are not provided but inferred as slow due to zero load time data. Security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, which critically impacts secure communications. Privacy compliance is addressed with a comprehensive GDPR policy and cookie consent mechanism, though no explicit security policy or incident response contacts are found. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

fab it Consulting GmbH is a small German company specializing in IT consulting and software development services tailored for the financial industry. Established in 1995, the company focuses on delivering market-oriented software solutions, particularly in interface and API development for front-, middle-, and back-office financial systems. Their target audience includes banks, insurance companies, investment firms, and financial departments of large industrial enterprises. The website content is professional and relevant, reflecting a niche market position with a clear business model centered on B2B IT services in finance. Technically, the website uses an older technology stack including Apache server, Bootstrap 3, and jQuery 3.1.1. The site lacks modern performance optimizations and accessibility features, and the absence of HTTPS severely impacts security and trust. The website is accessible without WAF or blocking mechanisms, but it lacks critical security configurations such as SSL/TLS, HSTS, and security headers. There is no evidence of privacy or cookie policies, GDPR compliance indicators, or contact emails and phone numbers, limiting user trust and regulatory compliance. From a security perspective, the site is at high risk due to the lack of HTTPS and modern security headers. DNS records show no DNSSEC or CAA records, and the SSL certificate is invalid or missing. No incident response or security policies are published. The WHOIS data aligns well with the business claims, showing consistent registration and legitimacy. Overall, the website scores low on security and privacy compliance, moderate on business credibility, and good on content quality. Strategic recommendations include immediate implementation of HTTPS with a valid certificate, addition of security headers, publication of privacy and cookie policies to meet GDPR requirements, and enhancement of contact information transparency. These steps will improve trust, security posture, and regulatory compliance, supporting the company’s professional image and business growth.

Y

YUMMY Publishing GmbH

yummy.digital

35

YUMMY Publishing GmbH operates the digital publishing platform Yumpu.com, providing tools for converting documents into online magazines with a global user base. The company targets publishers and businesses seeking innovative digital publishing solutions, leveraging cloud hosting and advanced rendering technologies. The website presents a professional brand image with notable client logos and a clear business focus on digital content publishing. Technically, the site uses SilverStripe CMS and common frontend libraries but lacks HTTPS, which is a critical security gap. The absence of SSL/TLS and security headers exposes the site to risks and undermines user trust. Privacy compliance is minimal, with no cookie consent mechanism detected and only a basic privacy policy available. Overall, the site is functional and informative but requires urgent security improvements to meet modern standards.

A

Ansorg GmbH

ansorg.com

31

Ansorg GmbH is a German-based expert company specializing in retail lighting solutions, offering innovative products, lighting planning, and sustainable concepts tailored for retail environments. The company operates under the parent company Trilux and targets retail businesses and professionals seeking high-quality lighting solutions. The website is built on TYPO3 CMS, uses Matomo for analytics, and integrates cookie consent mechanisms, reflecting a modern digital infrastructure. However, the lack of a valid SSL certificate and HTTPS implementation significantly weakens the security posture. Security headers are well configured, but the absence of TLS protocols and certificate transparency compliance are critical gaps. Overall, the website is professional, content-rich, and trustworthy but requires urgent SSL/TLS remediation to ensure secure communications and improve trust.

I

Intermarket Bank AG

intermarket.at

36

Intermarket Bank AG is a specialized financial institution under the Erste Group umbrella, focusing on factoring and supply-chain finance solutions primarily for small to medium enterprises in Austria and the CEE region. The website presents a professional and consistent brand image with clear product offerings and a user-friendly interface. Technically, the site uses a proprietary CMS (GEM) and is hosted on AWS CloudFront, leveraging modern marketing and analytics tools such as Google Tag Manager and LinkedIn Insight Tag. However, a critical security weakness is the absence of a valid SSL certificate, resulting in no HTTPS availability, which severely impacts the site's security posture. Privacy and cookie policies are comprehensive and GDPR compliant, and contact is primarily facilitated through a contact form. Overall, the site is credible and well-positioned in its market but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

Z

Zell Materials GmbH

zellamid.com

33

Zell Materials GmbH is a medium-sized manufacturing company specializing in engineering plastics, offering a range of products including general purpose materials, special performance materials, and high performance materials. The company operates primarily in the manufacturing sector and serves industrial and engineering clients. Their website provides product finders, material comparison tools, and a B2B webshop, indicating a mature digital presence tailored to professional customers. Technically, the website uses Apache server technology, ezPublish CMS, and includes JavaScript libraries such as jQuery and YUI. However, the absence of SSL/TLS encryption and DNS records significantly undermines the security posture and operational reliability of the domain. The site includes comprehensive privacy and cookie policies with consent mechanisms, reflecting good privacy compliance practices. Security headers are minimal, and no explicit security or incident response policies are published. Overall, the website is professionally designed with consistent branding but requires urgent security improvements to protect users and enhance trust.

The website torgersen.at currently serves only a minimal placeholder HTML page with no meaningful content, metadata, or business information. The domain is registered and has valid DNS records, including an A record and MX record pointing to Outlook mail protection, but lacks DNSSEC and CAA records. Critically, the site does not have a valid SSL/TLS certificate, serving content only over HTTP, which severely impacts security and trust. There are no privacy, cookie, or terms of service policies, nor any contact or incident response information, indicating a lack of compliance and transparency. The technical infrastructure is basic, hosted on Apache with no modern frameworks or CMS detected, and performance data indicates no resources loaded. Overall, the site is not professionally maintained and lacks essential security and compliance features.

S

SupplyTECH

supplytech.fr

32

SupplyTECH operates as a small French consulting and outsourced quality service provider specializing in regulatory and standardization compliance for Import/Export businesses. The website content is minimal and primarily serves as an informational landing page directing users to a parent company site for contact. Technically, the site runs on Apache with basic front-end technologies and includes Google Analytics for visitor tracking. However, the absence of HTTPS and a valid SSL certificate severely undermines the security posture, exposing users to potential data interception risks. The lack of privacy and cookie policies further indicates non-compliance with GDPR requirements. Overall, the site demonstrates a low level of digital maturity and security readiness, which could impact user trust and regulatory compliance.

P

Permapack AG

permapack.ch

26

Permapack AG is a Swiss family-owned manufacturing and trading company specializing in high-quality products such as labels, adhesive tapes, films, sealants, and garden articles. The company serves various sectors including food, cosmetics, industry, construction, and retail, offering both standard products and customized solutions. Their business model combines B2B sales with an online shop and extensive production services. The website reflects a medium-sized enterprise with a consistent brand presence and strong trust indicators such as awards and social media engagement. Technically, the site uses a custom e-commerce platform with modern JavaScript libraries and tracking tools, hosted by IP-Plus AG. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to risks and limiting secure communications. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Overall, the site is professional and trustworthy but requires urgent security improvements.

T

Theater Regensburg

theaterregensburg.de

25

Theater Regensburg is a public theater institution located in Regensburg, Germany, offering a diverse range of cultural performances including music theater, dance, and plays. The website serves as a portal for event information, ticket sales, and community engagement, targeting local and regional audiences interested in cultural arts. The business operates primarily in the hospitality and cultural sector with a medium-sized organizational footprint. Technically, the website employs a modern frontend stack with libraries such as jQuery, Bootstrap, and Font Awesome, providing a good user experience and mobile optimization. However, the absence of a valid SSL certificate and missing DNS records represent significant technical and security shortcomings. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR. The site maintains active social media channels and provides clear contact information, enhancing business credibility. Overall, the website is functional and professional but requires urgent improvements in security infrastructure to protect user data and improve trust.

Schlüsselbauer Technology GmbH & Co KG is a medium-sized Austrian manufacturing company specializing in the development and construction of machinery for producing concrete infrastructure components such as pipes and shafts. Established in 1964, the company positions itself as an innovation leader in machine building with a global presence including subsidiaries like Schlüsselbauer North America. Their website provides multi-language support and detailed information about their products and services targeting industrial and infrastructure sectors. Technically, the website uses Apache server with standard HTML5, CSS3, and JavaScript, likely leveraging Bootstrap for responsive design. However, the site lacks HTTPS encryption, which is a critical security gap. The absence of SSL/TLS certificates and modern security headers exposes the site to risks and reduces trustworthiness. Privacy compliance is addressed with a cookie consent manager and a privacy policy, but no explicit security or incident response policies are published. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance credibility.

S&P Global Commodity Insights is a leading enterprise providing comprehensive commodity market data, price assessments, and analytics, leveraging over a century of expertise. The website is professionally designed, highly relevant to its target audience of energy and commodity market professionals, and employs modern technologies including Adobe Experience Manager and various JavaScript libraries. However, a critical security issue is present due to an invalid or missing SSL certificate, which significantly impacts the site's security posture. Despite this, the site maintains strong privacy compliance with clear policies and consent mechanisms. The domain registration data aligns well with the business identity, reinforcing legitimacy. Strategic recommendations include immediate remediation of SSL issues, enhancement of security policies, and implementation of incident response and vulnerability disclosure frameworks.

Pelipal is a well-established German manufacturer and retailer specializing in high-quality bathroom furniture with a history spanning over 110 years. The company targets consumers and retail partners primarily in Germany, Austria, and Switzerland, offering a broad product range including mounted and customizable bathroom furniture, mirrors, and accessories. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site uses a traditional Apache server with jQuery and other JavaScript libraries, managed via the dialogperfect® CMS platform. However, the website lacks HTTPS support, which is a critical security shortfall. Security headers are minimal, and no advanced security policies or incident response information is provided. The cookie consent mechanism is implemented, indicating some privacy compliance efforts. WHOIS data confirms the domain's legitimacy and consistency with the business claims. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

N

neu plus herz gmbh

neuplusherz.at

26

Neu plus herz gmbh is a small, independent full-service advertising agency based in Vienna, Austria, with over 25 years of experience. The company offers a broad range of services including design, photography, text, communication, web, social media, and marketing, targeting businesses seeking comprehensive advertising solutions. Their website reflects a professional and consistent brand image with a clear presentation of services and client portfolio. Technically, the site is built on WordPress using the OnePress theme and several plugins such as Yoast SEO and Matomo Analytics, indicating a modern CMS infrastructure. However, performance metrics are missing, and the site is rated as slow in loading.

E

ELEA iC projektiranje in svetovanje d.o.o.

elea.si

26

ELEA iC projektiranje in svetovanje d.o.o. is a well-established Slovenian engineering and architectural consulting firm with over 30 years of experience. The company offers a broad range of services including structural engineering, geotechnics, architecture, low construction, geology, hydrogeology, and project management. It is part of the iC Group, a larger interdisciplinary consulting group based in Vienna, which enhances its market reach and expertise. The website is professionally designed, content-rich, and targets clients in the construction, infrastructure, and real estate sectors primarily in Slovenia. The firm emphasizes sustainability and advanced technologies such as BIM in its operations.

Henry Mex's website serves as an informational platform for the artist's work as a composer, musician, and artistic director in the contemporary music scene. The site highlights upcoming and past events, projects, and compositions, targeting an audience interested in experimental and chamber music. The business model revolves around artistic promotion, event participation, and music education. Technically, the website is basic, relying on static HTML with embedded YouTube videos and hosted on an Apache server via Ionos. There is no evidence of modern CMS or advanced web technologies, and performance appears limited. Security posture is weak, with no valid SSL certificate or HTTPS support, exposing visitors to risks. Privacy compliance is minimal, lacking privacy or cookie policies and no user data collection mechanisms. Overall, the site is functional for informational purposes but requires significant improvements in security and compliance to meet modern standards.

S

Strobl Bau – Holzbau GmbH

strobl.at

21

Strobl Bau – Holzbau GmbH is a well-established construction and wood construction company based in Austria, with a history dating back to 1964. The company specializes in residential, industrial, and commercial building projects using both massive and wood construction methods. It holds a leading position in the regional market of Steiermark, offering comprehensive services including planning, coordination, and quality control. The website reflects a professional and consistent brand image, targeting property developers and clients seeking high-quality construction solutions. Technically, the website is built on WordPress with a modern tech stack including Apache, jQuery, Bootstrap, and several specialized plugins for enhanced user experience and functionality. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. Despite this, the site implements several security headers and has a good privacy and cookie policy framework with consent mechanisms, indicating a commitment to compliance. The security evaluation reveals critical vulnerabilities due to the absence of HTTPS, lack of strong cipher suites, and incomplete HSTS implementation. These issues pose risks to data confidentiality and user trust. The website provides multiple contact channels, including phone, email, and contact forms, along with active social media profiles, enhancing its business credibility. Overall, while the business and content quality are strong, the security shortcomings require urgent attention to protect users and maintain trust. Strategic improvements in SSL/TLS deployment and security configurations are recommended to elevate the site's security and compliance standards.

I

IGT Geotechnik und Tunnelbau Ziviltechniker G.m.b.H.

ate.consulting

25

Austrian Tunnel Engineers (ATE) is a specialized engineering consultancy focused on complex tunnel construction projects worldwide. The company emphasizes its Austrian roots and over 35 years of cumulative experience, offering a wide range of services including project design, geotechnical and structural engineering, consulting, and site supervision. The website presents a professional and comprehensive overview of their expertise and project portfolio, targeting infrastructure developers and engineering firms. Technically, the site is built on WordPress with optimization plugins but lacks a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and no advanced SSL configurations. Privacy compliance is good with a clear privacy policy and cookie consent mechanism. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect users and enhance trust.

The website 2mountain.com is currently under maintenance, displaying only a minimal placeholder message in German indicating that the site will be back shortly. There is no substantive business content, contact information, or policies available on the site. The technical infrastructure is basic, served by an Apache server with mod_pagespeed enabled, but critically lacks a valid SSL/TLS certificate, resulting in no HTTPS support. DNS records are properly configured with A, AAAA, MX, and NS records, but DNSSEC and CAA are not enabled, which could improve security. The absence of privacy, cookie, and terms of service policies indicates non-compliance with GDPR and other privacy regulations. Overall, the site’s security posture is weak due to missing HTTPS and security headers, and the lack of business information reduces trustworthiness.

Y

Yeates

yeates.co.uk

26

Yeates is a well-established family-run removals and storage company operating in Clevedon and Weston-super-Mare, UK, with over 100 years of history. The company offers a range of services including household removals, packing, containerised storage, self storage, and shredding services. It holds reputable certifications such as Which? Trusted Trader and memberships with the Self Storage Association and The Furniture Ombudsman, reinforcing its market credibility and trustworthiness. The website is designed to target residential and business customers seeking reliable moving and storage solutions in the local area. Technically, the website is built on WordPress with modern plugins and tools for SEO and marketing, but lacks a valid SSL certificate, which is a critical security gap. The site is mobile responsive and includes structured data for enhanced SEO.

The Bernard Gruppe is a medium-sized, owner-managed engineering group founded in 1983, specializing in interdisciplinary engineering services across energy, industry, infrastructure, and transportation sectors. With approximately 400 employees and operations in over 40 countries, the company offers comprehensive consulting, planning, and project realization services, including specialized software and hardware solutions. The website content reflects a professional engineering firm with a broad service portfolio and international presence. Technically, the website is built on WordPress using the Avada theme and includes a cookie consent mechanism from an external provider. However, the site lacks HTTPS support and modern security configurations, which significantly impacts its security posture. Performance data is missing, and SEO and accessibility features are basic. No analytics or tracking services beyond cookie consent are detected. From a security perspective, the absence of a valid SSL certificate and HTTPS is a critical vulnerability, exposing users to potential data interception risks. The site also lacks security headers, DNSSEC, and other modern protections. No privacy policy, terms of service, or incident response information is provided, indicating gaps in compliance and security transparency. Overall, the website presents a moderate business credibility but suffers from significant security and privacy shortcomings. Strategic improvements in SSL deployment, security headers, and privacy documentation are essential to enhance trust and compliance.

4

4DESIGN

4design.co

28

4DESIGN is a New Zealand-based industrial design and product development consultancy specializing in creating innovative and award-winning products for a diverse clientele including companies, startups, and individuals. The company offers a broad range of services such as industrial design, engineering, prototyping, UI/UX design, manufacturing, and 3D printing. Their market position is strong within the manufacturing and technology sectors, supported by multiple awards and recognized certifications. The website reflects a professional and consistent brand image with excellent content quality and clear navigation, targeting clients seeking high-quality design consultancy services. Technically, the website is built on WordPress and leverages common technologies including Apache server, jQuery, Google Analytics, and various plugins for SEO and social media integration. Hosting is provided by InMotion Hosting. However, the website lacks HTTPS, which is a critical security shortfall. Performance is moderate with good mobile optimization and basic accessibility features. SEO is well implemented with comprehensive metadata and structured data. From a security perspective, the absence of a valid SSL certificate and HTTPS support significantly lowers the security posture. No advanced security headers or incident response policies are evident. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism or terms of service found. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional and credible but requires urgent security improvements, particularly enabling HTTPS and enhancing privacy compliance to meet modern standards. Strategic recommendations include installing SSL, enabling security headers, and implementing cookie consent mechanisms to improve trust and compliance.

R

Rhema Gemeinde

rhema.at

40

Rhema Gemeinde is a small non-profit religious community based in Linz, Austria, focused on providing Christian church services, youth and children programs, and community events. The website serves as an informational and engagement platform for members and visitors, offering event details, livestream access, and contact options. The technical infrastructure is based on TYPO3 CMS with common web technologies such as Bootstrap and jQuery, hosted via easyname.eu. However, the site lacks HTTPS encryption, which is a critical security deficiency. Security headers are minimal, and no advanced security or incident response policies are evident. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

König GesmbH is a small Austrian IT services company established in 1989, specializing in vendor-neutral technology solutions including network infrastructure, software support, hardware supply, data backup, consulting, and repair services. The company maintains long-term customer relationships and emphasizes independent product selection. Technically, the website is built on WordPress with the Divi theme and uses Apache hosting via Hetzner. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. No advanced security headers or incident response policies are publicly disclosed. Privacy compliance is minimal with a basic privacy policy present but no cookie consent mechanism. Overall, the website is professionally designed with good content quality but suffers from significant security shortcomings that impact trust and user safety.

Backhausen GmbH was a company that ceased operations on June 30, 2023. The website serves primarily as a closure notice and contact point for former customers and stakeholders. It is managed under the parent company AMEEA Beteiligungs GmbH. The site is minimalistic, bilingual (German and English), and lacks active e-commerce or interactive features. Technically, the website is built on Magento with jQuery libraries and served by an Apache server. However, it lacks a valid SSL certificate, resulting in HTTP-only access, which significantly impacts security posture. No privacy or cookie policies are present, and no security headers beyond basic HTTP headers are implemented. Contact information is limited to two company email addresses related to brand and archive inquiries. Overall, the site is informational with basic technical implementation and poor security and privacy compliance.

T

Tiroler Sparkasse

tirolersparkasse.at

40

Tiroler Sparkasse is a well-established Austrian banking institution with a history dating back to 1822. It offers a comprehensive range of financial services including retail banking, digital banking via the George platform, savings, investments, loans, and insurance products. The website reflects a mature digital presence with modern design, structured data, and clear navigation targeting diverse customer segments such as private customers, youth, businesses, and investors. Technically, the site uses a proprietary CMS (GEM) and is hosted on AWS CloudFront CDN, employing modern web technologies and accessibility features. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Security headers are partially implemented, and privacy compliance is strong with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to ensure secure user interactions.

K

KERRES | PARTNERS

kerres.at

25

KERRES | PARTNERS is a well-established Austrian law firm with over 30 years of experience, specializing in commercial law, litigation, arbitration, corporate, and contract law. The firm positions itself as a trusted legal advisor to companies, corporations, private clients, and foundations. The website reflects a professional and consistent brand image with good content relevance and clear navigation, targeting primarily German-speaking clients with multilingual support. Technically, the site runs on Drupal 7 with standard libraries and includes Google Analytics for visitor tracking. However, the absence of HTTPS and a valid SSL certificate is a critical security shortfall, exposing visitors to potential risks. Security headers are partially implemented, but key protections like HSTS and modern TLS protocols are missing. Privacy compliance is weak, with no visible privacy or cookie policies or consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security and privacy improvements.

P

planlicht GmbH&Co. KG

planlicht.com

40

PLANLICHT GmbH&Co. KG is an Austrian company specializing in architectural LED lighting solutions, serving sectors such as office, public, hospitality, and retail. Their website offers a comprehensive product catalog, customization options, and detailed technical documentation, targeting architects and lighting professionals. The company maintains a professional online presence with multilingual support and active social media channels. Technically, the website is built on WordPress with popular plugins and frameworks, providing a good user experience and moderate performance. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Business credibility is supported by clear contact information, job listings, and consistent branding. Overall, the site is functional and professional but requires urgent security improvements.

Hofegger Branding is a Vienna-based branding agency established in 2000, specializing in brand strategy, design, management, and consulting services. The company targets businesses seeking to develop or reposition their brands with a focus on meaningful connection and clarity. The website reflects a professional and consistent brand image with clear navigation and relevant content. Technically, the site uses Craft CMS and SEOmatic, hosted on internex.at, and is optimized for mobile devices. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines user trust and data protection. Security headers are present but cannot compensate for the lack of encryption. Privacy and terms policies are available, supporting GDPR compliance. Contact information is comprehensive, including email, phone, physical address, and a contact form. Overall, the site is credible and professional but requires urgent security improvements.

T

Ticket Gretchen GmbH

ticketgretchen.com

38

Ticket Gretchen GmbH operates a mobile application platform focused on providing fast and direct ticket sales for cultural events across Austria, including theater, musicals, concerts, and operas. The company targets cultural enthusiasts, especially younger demographics such as U27 and U30, offering exclusive promotions and original tickets without price surcharges. The website reflects a professional and well-branded presence with comprehensive event listings and user testimonials, positioning the company as a leading cultural ticketing service in Austria. Technically, the website is built on WordPress with modern plugins and frameworks such as Bootstrap and WPBakery Page Builder. It integrates analytics and marketing tools including Google Analytics, Google Tag Manager, and Facebook Pixel, supporting moderate user tracking and marketing efforts. Hosting is provided via Amazon AWS DNS infrastructure. The site is mobile-optimized and SEO-friendly, delivering a good user experience. From a security perspective, the website lacks HTTPS encryption, which is a critical vulnerability exposing users to potential data interception. Security headers are minimal, and no advanced security policies or incident response information are published. While no immediate vulnerabilities or malware are detected, the absence of SSL/TLS and security best practices significantly lowers the security posture. Overall, the business is credible and trustworthy based on domain registration consistency, clear contact information, and positive user feedback. However, the lack of HTTPS and cookie consent mechanisms presents compliance and security risks. Strategic improvements in security infrastructure and privacy compliance are recommended to enhance user trust and regulatory adherence.

ConSol Consulting & Solutions Software GmbH is a medium-sized German IT service provider specializing in custom IT solutions and product solutions across the entire software lifecycle. The company has a strong market position with notable clients such as BMW Group, Union Investment, and Lidl, and holds ISO 9001 and ISO 27001 certifications. Their website is professionally designed, content-rich, and well-structured, targeting businesses seeking tailored IT and software services. Technically, the site is built on TYPO3 CMS with modern frontend frameworks and integrates multiple analytics and marketing tools. However, the current lack of a valid SSL certificate and absence of HTTPS support represent critical security vulnerabilities that must be addressed promptly. The security posture is otherwise supported by appropriate security headers but lacks advanced SSL/TLS configurations. Overall, the website demonstrates good privacy compliance with comprehensive cookie and privacy policies and consent mechanisms. Strategic improvements in SSL/TLS implementation and security configurations are recommended to enhance trust and security.

E

Eyemaxx Real Estate AG

eyemaxx.com

38

Eyemaxx Real Estate AG is an established real estate development company operating primarily in Germany and Austria, with over 20 years of market presence. The company focuses on residential, micro and student apartments, hotels, urban quarters, retail, and logistics properties. It is publicly listed on the Frankfurt and Vienna Stock Exchanges and issues bonds, indicating a mature business model targeting investors and real estate clients. The website reflects a professional corporate presence with good content quality and consistent branding. Technically, the site uses standard web technologies such as Apache, Bootstrap, and Google Analytics, but lacks a valid SSL certificate, which is a significant security concern. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols severely impacts the security posture. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism despite tracking usage. Contact information is not explicitly provided on the homepage, which may affect user trust and engagement. Overall, the website is functional and professional but requires urgent improvements in security and privacy compliance to meet modern standards.

S

STAPPERT

stappert.biz

18

STAPPERT is a leading European stockholder and supplier of stainless steel long products and fittings, targeting industrial and business customers. The company emphasizes a comprehensive product range, quality, and customer-oriented service. The website is built on WordPress with professional SEO and multilingual support, indicating a mature digital presence. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to potential risks. Cookie consent is managed via a third-party tool, and contact forms are protected with reCAPTCHA, showing some privacy awareness. Overall, the site is functional and professional but requires urgent security improvements to protect data and build trust.

The hoyer-group.com website is currently non-functional, serving only a TYPO3 default 404 error page indicating no site configuration is present. This suggests the website is either under construction, misconfigured, or decommissioned. The domain is registered but lacks DNS records and a valid SSL certificate, which severely impacts accessibility and trust. The technical infrastructure includes an Apache server and TYPO3 CMS, but no active content or business information is available. Security posture is weak due to missing HTTPS and DNS configurations, despite some security headers being present. No privacy, cookie, or terms of service policies are found, and no contact information or forms exist on the site. Overall, the site is not operational and presents significant risks and gaps in security and compliance.

F

F-Top Institute

ftop.ch

24

F-Top Institute is a specialized organization focused on optimizing human capital to improve financial performance through data-driven people management solutions. The company offers research-backed HR solutions, live online training academies, advisory briefings, and a community platform targeting HR professionals and line managers. The website is built on WordPress with WooCommerce and several plugins, indicating a mature digital infrastructure but lacks a valid SSL certificate, which is a significant security concern. The site includes comprehensive privacy and cookie policies, reflecting good privacy compliance practices. However, the absence of HTTPS and incomplete DNS configuration pose risks to trust and security. Strategic improvements in SSL deployment and DNS management are recommended to enhance security posture and business credibility.

D

daten-strom.Medical-IT-Services GmbH

datenstrom.net

19

daten-strom.Medical-IT-Services GmbH is a specialized small business focused on providing secure digital transformation services in the healthcare sector, including IT security, telematics, and data protection for medical and care facilities in Germany and Austria. Their website presents a professional image with comprehensive content targeting healthcare providers such as doctors, therapists, and care institutions. Technically, the site is built on the Contao CMS platform using common web technologies like jQuery and Revolution Slider, with good mobile optimization and user experience. However, the absence of HTTPS and valid SSL certificates represents a critical security vulnerability, exposing users to potential data interception risks. The website includes privacy and cookie policies with consent mechanisms, reflecting GDPR compliance efforts, but lacks explicit terms of service and security policy documentation. DNS records for the domain are missing, raising concerns about domain configuration and legitimacy. Overall, while the business content and presentation are solid, significant improvements in security infrastructure are urgently needed to protect sensitive healthcare data and enhance trust.

The website for wimex.mr is minimalistic and primarily functions as a redirect landing page with limited content. It appears to target a French-speaking audience, likely in Mauritania, with a focus on technology or related services, as suggested by links to 'wimexTechnologie' and 'interlink.mr'. However, the lack of detailed business descriptions, contact information, or service listings limits the ability to fully understand the company's market position or business model. Technically, the site uses Apache server technology with jQuery and Bootstrap frameworks, but suffers from poor performance and basic mobile optimization. Security posture is weak due to the absence of a valid SSL certificate, no HTTPS support, and missing DNS records, which are critical for trust and operational stability. No privacy, cookie, or security policies are present, indicating poor compliance with data protection regulations. Overall, the site reflects a low maturity digital presence with significant gaps in security and compliance.

S

Searchteam Consulting OG

searchteam.at

26

Searchteam Consulting OG is a small SEO agency based in Graz, Austria, specializing in search engine optimization services to help clients improve their online visibility and sales. The company presents a professional website with clear branding, named senior consultants, and active social media profiles, positioning itself as a niche local SEO expert. Technically, the website is built on WordPress using Elementor and Yoast SEO, indicating a modern and maintainable infrastructure. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. The site includes GDPR-compliant privacy and cookie policies with a consent mechanism, but lacks published security policies or incident response information. Overall, the website is functional and professional but requires urgent security improvements to meet modern standards.

The website finanzamt-geilenkirchen.de serves as the official online presence of the Finanzamt Geilenkirchen, a regional tax office under the Oberfinanzdirektion Nordrhein-Westfalen in Germany. It provides comprehensive tax-related information, contact details, online services such as appointment booking and electronic tax declaration (ELSTER), and current news updates. The site targets residents and businesses in the Nordrhein-Westfalen region, offering clear navigation and well-structured content tailored to public service needs. Technically, the website is built on the Drupal CMS platform, utilizing modern web technologies including Apache server, Matomo analytics for user tracking, and a robust Content Security Policy. The site demonstrates good mobile optimization and accessibility features, ensuring usability across devices and for users with disabilities. However, the SSL/TLS configuration is critically flawed, with no valid certificate and no TLS protocols enabled, which undermines secure HTTPS access. From a security perspective, the site implements several best practices such as strict security headers (X-Frame-Options, X-Content-Type-Options, CSP), HSTS with preload directive, and referrer policies. Despite these, the lack of a valid SSL certificate and HTTPS support is a major vulnerability that must be addressed urgently to protect user data and maintain trust. Overall, the website is professional, trustworthy, and compliant with GDPR, featuring clear privacy and cookie policies with consent mechanisms. The business credibility is high given its government affiliation, but the security posture is currently weak due to SSL issues. Strategic recommendations include immediate remediation of SSL/TLS configuration, enhancement of session security features, and continuous monitoring of security compliance.

S

S. Spitz GmbH

spitz.at

31

S. Spitz GmbH is a well-established Austrian food and beverage manufacturer with over 160 years of tradition, specializing in beverages, sweets, baked goods, and delicatessen products. The company operates multiple production sites in Austria and emphasizes quality, sustainability, and customer-specific private label solutions. Their website reflects a professional and comprehensive digital presence targeting B2B customers, job seekers, and sustainability-conscious consumers. Technically, the site is built on WordPress with common plugins and libraries, offering good mobile optimization and SEO features. However, the absence of a valid SSL/TLS certificate and missing DNS records represent significant security and technical weaknesses. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the business credibility is strong, but the security posture requires urgent improvement to protect user data and enhance trust.