Security Directory

The Kammerorchester Arpeggione Hohenems is a small, non-profit cultural organization dedicated to classical and contemporary chamber music performances, primarily serving a regional Austrian audience. The website provides detailed event information, organizational background, and sponsorship acknowledgments, reflecting a well-established local cultural entity with a 35-year history. Technically, the site is built on the Jimdo CMS platform, hosted on Austrian infrastructure, and uses standard web technologies including JavaScript and CSS. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. While cookie consent mechanisms and privacy policies are present and GDPR compliant, the absence of visible contact emails, phone numbers, and security policies limits transparency and trust. Overall, the website is functional and informative but requires critical security improvements to enhance user trust and data protection.

Elekta is a global enterprise specializing in precision radiation medicine and cancer care solutions. Their website showcases a comprehensive portfolio of products including radiation therapy machines, stereotactic radiosurgery, oncology software, brachytherapy, and neurosurgery systems. The company targets clinicians, healthcare providers, and patients seeking advanced cancer treatment technologies. Elekta maintains a strong market position as a leader in healthcare technology with a professional and consistent brand presence. Technically, the website is hosted on AWS infrastructure using modern web technologies and includes advanced tracking and marketing tools such as Matomo and Pardot. However, the security posture is weakened by an invalid SSL certificate and disabled TLS protocols, which are critical issues that must be addressed to ensure secure communications. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the website is professional, trustworthy, and content-rich but requires urgent SSL/TLS remediation to improve security and user trust.

The website ae-net.info represents a small independent consulting business operated by Torsten A�, offering services in project management, marketing, coaching, and business consulting primarily targeting German-speaking clients. The business has a mature domain with 20 years of registration, consistent with the claimed experience and service offerings. The website content is static, primarily informational, and presented in German, with no interactive forms or contact details explicitly provided on the homepage. Technically, the site is hosted on Apache via IONOS SE, uses outdated HTML standards, and lacks modern web technologies or CMS platforms. Performance is slow, and mobile optimization is poor. Security posture is weak due to the absence of HTTPS and security headers, exposing visitors to potential risks. No privacy or cookie policies are present, indicating poor privacy compliance. Overall, the site reflects a basic digital presence with limited technical and security maturity.

NEVEON Holding GmbH is a large, leading integrated foam manufacturer specializing in polyurethane flexible and composite foams with a broad portfolio serving comfort, mobility, and specialty sectors. The company operates globally with 44 locations across 13 countries and is part of the Greiner Group. The website is professionally designed using TYPO3 CMS and hosted behind Cloudflare, offering good mobile optimization and accessibility. However, the absence of a valid SSL certificate and HTTPS significantly weakens the security posture. Security headers are partially implemented, but critical SSL/TLS configurations are missing, exposing the site to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies, and contact information is readily available. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

M

Maschinenring Schweiz

maschinenring.ch

26

Maschinenring Schweiz is a Swiss umbrella organization dedicated to fostering inter-company collaboration in agriculture. It connects members, organizes purchasing cooperatives, and offers various services to support agricultural businesses. The website is professionally designed using TYPO3 CMS and hosted on Hostpoint, with a clear structure and multilingual support. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. Privacy and cookie policies are well implemented with consent mechanisms, and social media presence is established on Facebook and Instagram. Overall, the site reflects a medium-sized, established non-profit entity with a strong community focus but requires urgent security improvements.

O

OBLIN Rechtsanwälte GmbH

oblin.at

26

OBLIN Rechtsanwälte GmbH is a specialized international law firm focusing on arbitration, litigation, and dispute resolution based in Austria and Germany. The firm targets businesses engaged in cross-border disputes and white collar crime matters, positioning itself as a leading boutique legal service provider with a strong international network and multiple awards. The website reflects a professional and consistent brand image with comprehensive content about their expertise and team. Technically, the website is built on TYPO3 CMS and served via Apache, with good mobile optimization and SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Security headers are partially implemented, but modern TLS protocols and HSTS are missing. Privacy compliance is partially met with a privacy policy present but no cookie consent mechanism. Overall, the site demonstrates good business credibility but requires urgent security improvements.

U

Under The Milky Way

underthemilkyway.com

38

Under The Milky Way is a well-established global digital film distribution company with a strong market presence and partnerships with major VoD platforms. Their website reflects a professional business focused on digital distribution and marketing services, supported by a proprietary software solution for revenue optimization. Technically, the site is built on Squarespace with modern web technologies and includes basic SEO and mobile optimization. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy compliance is partially addressed with a cookie banner and privacy policy, but lacks comprehensive GDPR indicators and terms of service. Overall, the business appears legitimate and credible, but security posture requires urgent improvement.

The Lucille Werner Foundation is a small Dutch non-profit organization dedicated to improving the visibility and inclusion of people with disabilities through media, events, and labor market initiatives. The website reflects this mission with clear content and navigation but lacks critical compliance elements such as privacy and cookie policies. Technically, the site is built on the JouwWeb CMS platform and hosted on Google Cloud infrastructure, but it suffers from an invalid SSL certificate, resulting in no proper HTTPS security. Security headers are partially implemented, and minimal user tracking is done via Plausible Analytics, indicating some privacy awareness. Overall, the security posture is weak due to missing HTTPS and lack of advanced security configurations. The domain registration data aligns well with the business claims, supporting legitimacy. Strategic improvements in SSL configuration, privacy compliance, and contact transparency are recommended to enhance trust and security.

G

Georg Fritzmeier GmbH & Co. KG

fritzmeier.com

30

The Fritzmeier Group is a large German manufacturing company specializing in driver cabs, composite parts, tooling, and environmental technology solutions primarily serving the Off-Highway and On-Highway industries. Their diversified business model includes multiple subsidiaries focused on specialized product areas such as cabs, composites, technology, and environmental solutions. The company maintains a strong market position with approximately 2,200 employees and a presence at major industry events. Technically, the website is built on TYPO3 CMS and served via Apache, with a moderate performance profile and good mobile optimization. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, despite the presence of security headers and a content security policy. Privacy compliance is good with a comprehensive privacy policy and terms of service, but lacks a cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

N

NovaTaste Austria GmbH

wiberg.eu

40

WIBERG, operated by NovaTaste Austria GmbH, is a well-established international spice and culinary product supplier targeting professional chefs, gastronomy, and catering sectors. The company offers a comprehensive range of high-quality products, supported by a professional and content-rich website that includes detailed product information, recipes, and sustainability commitments. Technically, the website is built on modern frameworks such as Next.js and React, hosted likely on Microsoft Azure, and demonstrates good design and user experience. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. While several security headers are implemented, the lack of HTTPS undermines these protections. Privacy compliance is good with a comprehensive privacy policy, but no explicit cookie consent mechanism was detected. Overall, the website is credible and professional but requires urgent security improvements to protect user data and enhance trust.

S

Stork

stork.com

40

Stork is an established industrial services company focused on asset management, maintenance, and consultancy primarily in the energy and process industries. Recently acquired by Bilfinger, Stork operates under its umbrella in several key countries including Belgium, the Netherlands, Germany, and the USA. The website presents a comprehensive overview of their services and global presence, targeting industrial clients seeking lifecycle asset support. Technically, the site uses modern React technology but suffers from slow load times and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear cookie and privacy policies including consent mechanisms. However, explicit contact details like emails and phone numbers are not readily available, relying mainly on contact forms. Overall, the site is professional and trustworthy but would benefit from improved security configurations and performance optimizations.

D

Dr. Andreas Riedler Facharzt für HNO, Kopf- und Halschirurgie

der-hno-arzt.at

40

Dr. Andreas Riedler operates a specialized ENT medical practice based in Wels, Austria, providing comprehensive ear, nose, and throat healthcare services including examinations, therapies, and surgeries. The website targets local patients seeking trusted medical care and emphasizes personalized patient relationships and appointment scheduling. Technically, the website is built on a CMS platform (ZMS) with standard web technologies and integrates Matomo analytics for user behavior tracking with privacy opt-out features. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security weaknesses that undermine user trust and data protection. Privacy and cookie policies are present but basic, and no terms of service or incident response policies are published. Overall, the website is functional and professionally presented but requires urgent security improvements to meet modern standards.

S

SonnenMoor

sonnenmoor.at

40

SonnenMoor is an established Austrian family-owned business specializing in natural health products and remedies, operating since 1972. The company leverages a Shopify-based e-commerce platform to serve both retail consumers and business partners, with a strong focus on natural, herbal, and moor-based products. The website is professionally designed, content-rich, and provides comprehensive contact and support information, including personal consultation services. Technically, the site uses modern e-commerce technologies and integrates multiple marketing and analytics tools with GDPR-compliant consent mechanisms. However, a critical security issue is the lack of a valid SSL certificate and disabled TLS protocols, which significantly impacts the security posture and user trust. The domain registration data aligns well with the business claims, indicating legitimacy and consistency. Strategic improvements in SSL/TLS configuration are essential to enhance security and trust.

L

Lidl Österreich

lidl.at

40

Lidl Österreich operates a comprehensive retail website offering a wide range of products including food, household items, garden supplies, fashion, and more. The site features extensive promotional content, including weekly offers and loyalty programs such as Lidl Plus. The company holds a strong market position in Austria as a leading discount supermarket chain, supported by a consistent and professional brand presence. Technically, the website employs modern technologies like Vue.js and is hosted on a robust infrastructure with Akamai DNS services. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Despite this, the site implements several security headers and content security policies, indicating a focus on security best practices. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, the site is professional and trustworthy but must urgently address the SSL deficiency to ensure secure user interactions.

B

Breitenfeld Edelstahl AG

breitenfeld.at

40

Breitenfeld Edelstahl AG is a well-established Austrian manufacturer specializing in high-quality stainless steel and forged products, serving metal processing companies primarily in the manufacturing, energy, and transportation sectors. The company emphasizes environmentally friendly steel production using electric steelmaking processes and holds recognized certifications such as EN 9100, ISO 9001, and ISO 14001. Their digital presence is built on the HubSpot CMS platform, leveraging Cloudflare for hosting and content delivery. While the website is professionally designed with good content quality and navigation, there is a critical security gap due to the absence of a valid SSL certificate and HTTPS enforcement, which poses risks to user data confidentiality and trust. Privacy compliance is basic, with no visible cookie consent mechanisms or detailed privacy policies on the main site. Overall, the business credibility is high, supported by certifications and a consistent brand presence, but technical and security improvements are necessary to enhance trust and compliance.

S

Studio Snap

studiosnap.ca

38

Studio Snap is a small photography service business with a website built on the GoDaddy Website Builder platform. The site presents a simple business description emphasizing timeless photography and friendly service, targeting local photography clients. The technical infrastructure relies on GoDaddy hosting and includes Google reCAPTCHA for form protection. However, the website lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. No privacy policy or terms of service pages are present, and contact information is limited to a contact form without direct emails or phone numbers. The site performance is slow, and security headers are absent, indicating a basic security posture. Overall, the business appears legitimate but is in an early stage with room for significant improvements in security and compliance.

N

Nameshift.com

racon.co.uk

31

The website racon.co.uk is a domain sales landing page operated by Nameshift.com, a small technology business based in the Netherlands specializing in domain name transfers and escrow services. The business model focuses on providing a safe, fast, and fee-free domain transfer experience for buyers, with the seller paying commissions. The site content is minimal and primarily serves as a transactional interface for domain purchase via Nameshift.com. Technically, the site uses modern frameworks such as SvelteKit and is hosted by Hosting Concepts B.V., but suffers from poor performance and incomplete content presentation. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, alongside malformed DNS CAA records and lack of domain protection locks. Privacy compliance is minimal, with no visible privacy or cookie policies, and no contact emails or phone numbers provided. Overall, the site presents moderate trustworthiness but requires significant improvements in security and privacy to meet professional standards.

D

Deutsche Lufthansa AG

ltt.aero

40

Lufthansa Technical Training (LTT) is a well-established aviation technical training provider affiliated with Deutsche Lufthansa AG. The company offers a broad range of training services including vocational, basic, and type training for aviation professionals worldwide. Their business model targets both individual trainees and corporate clients, leveraging customized training solutions to meet specific needs. The website reflects a professional and consistent brand image with comprehensive content and strong trust indicators such as EASA certification and Lufthansa Group affiliation. Technically, the site is built on the Scrivito CMS platform and hosted on Amazon S3 with CloudFront CDN, but suffers from a critical lack of HTTPS due to an invalid or missing SSL certificate, which severely impacts security posture. Privacy and cookie policies are well implemented and GDPR compliant, with moderate user tracking via Google Analytics and marketing tools like Intercom and Usercentrics. Overall, the website provides a good user experience and clear navigation but requires urgent security improvements to enable HTTPS and strengthen SSL/TLS configurations.

E

EOX IT Services GmbH

eox.at

27

EOX IT Services GmbH is a specialized technology company focused on Earth observation data services and software solutions. Their offerings include satellite data visualization, cloudless mapping, and data catalog services targeting researchers and professionals in geospatial and environmental fields. The company maintains a professional web presence with a clear focus on open data and cloud-native solutions. Technically, the website is built on VuePress and modern JavaScript frameworks, providing a good user experience and mobile optimization. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security gap. Security headers are partially implemented, but the absence of TLS protocols and cipher suites severely impacts the security posture. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Contact information is minimal, with no explicit emails or phone numbers on the site, though social media presence is strong. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

D

Dr. Isabella Eberl

notarin-eberl.at

35

The website represents a small professional notary office led by Dr. Isabella Eberl located in Taxenbach, Salzburg-Land, Austria. It offers a broad range of notarial services including testament and inheritance law, real estate transactions, family law, and corporate legal services. The site is well-structured with clear service descriptions and contact information, targeting private individuals and businesses in the local region. Technically, the site uses a Mono CMS platform with various external scripts for fonts, tracking, and consent management. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. Privacy and cookie policies are present with a consent mechanism, but no terms of service or explicit security policies are found. The site uses Google Analytics and Herold Tracker for analytics and marketing purposes. Overall, the site is professional but requires urgent security improvements to protect user data and enhance trust.

E

Endress+Hauser AG

endress.com

40

Endress+Hauser AG is a global leader in industrial measurement instrumentation and automation solutions, serving diverse sectors including energy, chemical, life sciences, water treatment, and oil & gas. The company offers a comprehensive portfolio of products and services, including flow, level, liquid analysis, optical analysis, pressure, and temperature measurement devices, alongside software and system products. Their website reflects a mature digital presence with extensive product information, customer support, and training resources, targeting industrial process engineers and related professionals worldwide. Technically, the website employs modern web technologies such as JavaScript, CSS, JSON-LD structured data, and utilizes Tealium for analytics and tag management. The site is hosted on reliable infrastructure, likely Amazon AWS, and demonstrates good mobile optimization, accessibility, and SEO practices. However, performance metrics indicate slow loading times, which may impact user experience. From a security perspective, the site has critical deficiencies: it lacks a valid SSL certificate and does not enable HTTPS or modern TLS protocols, severely impacting its security posture. While some security headers are present, the absence of proper SSL/TLS configuration is a major risk. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is clearly provided, enhancing trust. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS and modern TLS versions, and enhancing security headers and session management. These steps will significantly improve the site's security score and user confidence.

V

VARIOTHERM HEIZSYSTEME GMBH

variotherm.com

21

Variotherm Heizsysteme GmbH is an established Austrian company specializing in surface heating and cooling systems for floors, walls, and ceilings, leveraging over 30 years of expertise. Their product portfolio targets contractors, installers, architects, and end customers seeking efficient heating and cooling solutions. The company maintains a professional online presence with multilingual support and a comprehensive product and service offering. Technically, the website is built on TYPO3 CMS served by Apache, with integrated analytics via Matomo and Google Tag Manager. However, the absence of HTTPS and a valid SSL certificate significantly undermines the security posture. While cookie consent mechanisms and privacy policies are in place, the lack of advanced security headers and incident response information indicates room for improvement. Overall, the website is functional and professional but requires urgent security enhancements to protect user data and improve trust.

T

Triumph Intertrade AG

triumph.com

38

Triumph Intertrade AG operates a mature and well-established e-commerce platform specializing in lingerie and related apparel, primarily targeting the German market. The website demonstrates a high level of professionalism, rich content, and strong brand consistency, supported by a comprehensive customer loyalty program and active social media presence. The technical infrastructure leverages modern e-commerce technologies including Salesforce Commerce Cloud and Cloudflare for hosting and delivery, with integrated marketing and analytics tools such as Google Tag Manager and CQuotient. However, the absence of a valid SSL/TLS certificate on the main domain significantly undermines the site's security posture, exposing users to potential risks. Additionally, a subdomain takeover vulnerability on blog.triumph.com presents a notable security concern. Privacy and cookie policies are present and indicate GDPR compliance, with clear contact information and incident response channels available. Overall, the site is functional and credible but requires urgent security improvements to protect user data and maintain trust.

G

Gerhard Trittenwein

bindertrittenwein.com

37

Gerhard Trittenwein operates a specialized IT consulting and project management business focused on complex IT, change management, and digital transformation projects. The company emphasizes lean and agile methodologies to deliver early and visible results, targeting organizations facing challenging IT projects. The website presents a professional image with clear service offerings and contact information, supported by over 30 years of experience. Technically, the site uses Mono CMS with external CDNs and integrates Google Analytics and ConsentManager for tracking and cookie consent. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw, exposing visitors to risks and undermining trust. Privacy policies and cookie consent mechanisms are in place, indicating GDPR awareness, but no security policy or incident response information is provided. Overall, the business appears legitimate and consistent with its domain registration and DNS records, but urgent improvements in security posture are needed.

Docolution GmbH is a specialized Austrian company providing tailored document management and output management solutions, focusing on quality assurance, accessibility, and customer communication. Their business model targets organizations requiring professional document handling and communication services, supported by consulting and software development. The website reflects a professional presence with clear service offerings and contact information, but lacks some standard compliance documents such as privacy policy and terms of service. Technically, the site uses modern web technologies including JavaScript, jQuery, and Google Analytics, and is mobile optimized with good accessibility features. However, the absence of HTTPS and a valid SSL certificate is a critical security shortfall, exposing users to risks and undermining trust. Security headers are minimal, and no advanced security policies or incident response contacts are published. Overall, the site is functional and credible but requires urgent improvements in security and privacy compliance to meet modern standards.

P

Paris Lodron Universität Salzburg

uni-salzburg.at

35

Paris Lodron Universität Salzburg is a large, well-established public university in Austria, founded in 1622. It offers a broad range of academic programs across six faculties and serves approximately 18,000 students. The university maintains a strong regional and international research presence and provides extensive student services and community engagement. The website reflects a mature digital presence with comprehensive content, clear navigation, and consistent branding. Technically, the site is built on WordPress with common web technologies such as jQuery and CSS. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, exposing users to potential risks. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. The university demonstrates trustworthiness through certifications and active social media engagement.

The website 'mmmmm.org.uk' represents a small personal or artistic portfolio associated with Adrian Fisher and Luna Montenegro under the name 'montenegrofisher'. It primarily showcases artistic works, films, and CV information, targeting art enthusiasts and collaborators. The business model is portfolio-based with a niche market presence in the UK. Technically, the site is basic, built with static HTML, CSS, and JavaScript, hosted by Pickaweb, and uses Google Analytics for visitor tracking. However, the site suffers from slow load times and lacks mobile optimization and accessibility features. Security posture is weak due to the absence of HTTPS, no security headers, and no advanced security configurations. Privacy compliance is poor with no privacy or cookie policies present. WHOIS data indicates a legitimate UK registration consistent with the website's nature. Overall, the site is functional but requires significant improvements in security, privacy, and technical performance to enhance trust and professionalism.

K

K&K Provitrum GmbH

kkprovitrum.at

39

K&K Provitrum GmbH is a specialized machinery and material dealer serving the glass industry in Central, Eastern, and Southeastern Europe. The company offers a comprehensive portfolio of glass processing machines, tools, and consumables, targeting a range of customers from small workshops to large industrial enterprises. Their website reflects a professional and consistent brand presence with clear business and contact information. Technically, the website is built on an Apache server with custom CMS elements and uses modern web technologies, but suffers from slow performance and lacks a valid SSL certificate, which is a significant security concern. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols exposes the site to risks. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. Overall, the website scores moderately on content quality and business credibility but is penalized heavily for security shortcomings.

W

wunderweiss

wunderweiss.com

40

Wunderweiss is a specialized agency based in Austria focusing on software and design development, with a strong emphasis on AI applications integrated into CMS systems, UI/UX consulting, and corporate branding. The company targets businesses seeking innovative technology and design solutions, positioning itself as an expert in user-oriented design and AI-driven application development. The website presents a professional and consistent brand image with detailed project showcases and clear service offerings. Technically, the website employs modern web technologies including jQuery, Django Framework, and Wagtail CMS, hosted behind Cloudflare. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no proper HTTPS support. This significantly impacts the security posture and user trust. Performance metrics are not available, but the site shows good mobile optimization and basic accessibility features. Security-wise, the site implements several important HTTP security headers such as X-Frame-Options and Referrer-Policy, but lacks a valid SSL certificate, OCSP stapling, and session resumption. There is no visible incident response or vulnerability disclosure information. Privacy compliance is partially addressed with a comprehensive privacy policy, but no cookie consent mechanism is present. Overall, the website is professionally designed and credible from a business perspective but requires urgent remediation of its SSL configuration to improve security and trust. Strategic recommendations include fixing HTTPS, implementing cookie consent, and adding security and incident response policies.

Ookla, LLC is a well-established enterprise in the telecommunications and technology sector, known for its network intelligence and performance measurement solutions. The website indicates that Mosaik was acquired by Ookla in 2018, integrating its wireless network intelligence and mapping products into Ookla's portfolio. The company targets enterprise customers including network operators, regulators, and hardware manufacturers, offering a broad suite of products such as Speedtest, Downdetector, and Ekahau. The market position is strong, supported by a large enterprise size and backing by parent company Ziff Davis. Technically, the website is built using the Eleventy static site generator and leverages modern JavaScript and CSS technologies. Hosting is on AWS infrastructure, and the site integrates multiple marketing and analytics tools including Google Tag Manager, HubSpot, and LinkedIn Insight Tag. The site is mobile optimized with good SEO practices, though accessibility features are basic. From a security perspective, the site implements several important HTTP security headers such as X-Frame-Options and Content Security Policy. However, the absence of a valid SSL certificate and lack of HTTPS enforcement are critical vulnerabilities that significantly reduce the security posture. No cookie consent mechanism was detected despite the use of tracking scripts, indicating partial privacy compliance. Overall, the website is professional and trustworthy in content and business credibility but requires urgent improvements in SSL/TLS configuration and privacy compliance to enhance security and user trust.

B

BUWOG GROUP GMBH

buwog.at

40

BUWOG Group GmbH operates as a leading full-service provider in the Austrian residential real estate market, offering property search and management services. The website reflects a professional and consistent brand presence, targeting Austrian customers interested in housing solutions. Technically, the site is built on the Ibexa DXP CMS platform, leveraging modern JavaScript libraries and CDN services for content delivery and performance monitoring. However, the critical security weakness is the lack of a valid SSL certificate, resulting in no HTTPS support despite the presence of security headers like HSTS. This exposes users to potential risks and undermines trust. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Overall, the site is functional and professional but requires urgent remediation of SSL issues to improve security posture and user trust.

E

ECE Projektmanagement G.m.b.H. und Co. KG

ece.de

34

ECE Projektmanagement G.m.b.H. und Co. KG operates a professional and comprehensive website focused on real estate development and management, particularly shopping centers, work & live spaces, and residential projects. The company positions itself as a large player in the German real estate market with a strong portfolio and innovative projects. The website is built on TYPO3 CMS and includes rich content, a contact form, social media integration, and a cookie consent mechanism compliant with GDPR. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security flaw. Security headers are partially implemented but the SSL/TLS configuration is severely lacking, exposing the site to risks. The WHOIS data is consistent with the business claims, showing no privacy protection or suspicious registrations. Overall, the site is professional and trustworthy from a business perspective but requires urgent security improvements to protect user data and enhance trust.

P

POLOPLAST GmbH & Co KG

poloplast.com

40

POLOPLAST GmbH & Co KG is a well-established Austrian manufacturer specializing in plastic pipe systems with a strong presence across Europe. The company emphasizes sustainability, innovation, and quality, offering a broad range of products including multilayer pipe systems, building drainage, and wastewater disposal solutions. Their market position is that of a technology leader with a large operational scale and a parent company affiliation with Wietersdorfer. The website reflects a professional business with clear contact information and comprehensive privacy and cookie policies, supporting GDPR compliance. Technically, the website is built on TYPO3 CMS and uses modern web technologies including Bootstrap for responsive design. However, the site suffers from slow performance and lacks HTTPS support, which is a critical security concern. The absence of SSL/TLS encryption and security headers exposes the site to potential risks and undermines user trust. Analytics and tracking tools such as Google Analytics and LeadFeeder are used with appropriate cookie consent mechanisms. Security posture is weak due to the lack of HTTPS and security headers, though no active vulnerabilities or malware were detected. Privacy compliance is strong with clear policies and consent banners. Business credibility is high given the detailed company information and social media presence. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate implementation of a valid SSL certificate, addition of security headers, performance optimization, and enhancement of incident response information to strengthen security culture and compliance.

A

Active Solution

activesolution.at

36

Active Solution GmbH is a medium-sized Austrian technology and engineering company specializing in IT and engineering consulting, project execution, and recruitment services. With 17 years of experience and a portfolio of reputable clients, the company positions itself as a dedicated and passionate service provider for IT professionals and engineers. The website reflects a professional and consistent brand image targeting IT and engineering talent and clients. Technically, the site is built on TYPO3 CMS and uses modern JavaScript and CSS, but lacks HTTPS, which is a critical security gap. The presence of cookie consent and Google Analytics indicates some privacy awareness, though no explicit security or incident response policies are published. Overall, the company demonstrates moderate digital maturity but requires urgent improvements in security infrastructure to protect user data and enhance trust.

G

GEA Group Aktiengesellschaft

gea.com

40

GEA Group Aktiengesellschaft is a leading global supplier of systems and components primarily serving the food, beverage, and pharmaceutical industries. Founded in 1881 and headquartered in Germany, GEA offers a comprehensive portfolio including machinery, plants, advanced process technology, components, and services. The company is publicly listed and recognized for its sustainability efforts, being part of major sustainability indices. Technically, the website is built on modern frameworks such as Next.js and hosted on Microsoft Azure, with a Sitecore CMS backend, providing a rich and well-structured user experience across multiple languages. However, the security posture is currently weak due to the absence of a valid SSL/TLS certificate and lack of HTTPS support, which poses significant risks to data integrity and user trust. Privacy and cookie policies are well implemented and GDPR compliant, reflecting a strong commitment to data protection. Overall, the website demonstrates high professionalism and business credibility but requires urgent improvements in its security infrastructure to align with best practices and protect its users.

IMC-Austria operates as a small non-profit meditation center focused on Vipassana meditation in the Theravada Buddhist tradition. The website provides informational content about meditation courses, the tradition of Sayagyi U Ba Khin, and links to related international centers. The target audience includes individuals interested in meditation and spiritual growth. Technically, the website is basic and static, using JavaScript, CSS, and Google services such as Analytics and Custom Search. However, the site suffers from slow load times and lacks modern web technologies or CMS platforms. Security posture is weak due to the absence of HTTPS, no valid SSL certificate, and missing security headers, exposing visitors to potential risks. Privacy compliance is poor, with no privacy or cookie policies and no consent mechanisms for tracking. Business credibility is moderate based on consistent WHOIS data and clear organizational identity but is weakened by lack of contact information and security best practices. Overall, the website requires significant improvements in security, privacy compliance, and technical modernization to enhance trust and user experience.

C

Cyberhouse GmbH

cyberhouse.at

38

Cyberhouse GmbH is a well-established digital agency based in Austria, specializing in web design, development, consulting, and SEO services primarily using TYPO3 and Storyblok CMS platforms. The company holds reputable certifications such as TYPO3 Gold Member and is a certified Storyblok partner, positioning itself strongly in the regional technology market. Their business model focuses on delivering full-service digital experiences to businesses seeking professional online presence solutions. Technically, the website employs modern JavaScript modules, lazy loading, and integrates bot protection for forms, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. The site includes standard privacy and terms of service pages, but lacks a cookie consent mechanism. Overall, the website is professionally designed with clear navigation and strong branding, but requires urgent security improvements to protect user data and enhance trust.

E

Erste Digital GmbH

s-itsolutions.com

39

Erste Digital GmbH is the digital and IT services arm of Erste Group, the largest banking group in Central and Eastern Europe. The company focuses on delivering best-in-class IT solutions and digital transformation services to banking entities across the region, supporting both operational and innovation activities. The website reflects a professional and modern digital presence with rich content describing the business and its mission to enhance financial health for millions of customers. Technically, the site uses modern web technologies including JavaScript modules, service workers, and ElasticSearch for search functionality, hosted behind Amazon CloudFront CDN for performance and reliability. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which significantly impacts the security posture and trustworthiness. Privacy and cookie policies are present and appear comprehensive, indicating good compliance with GDPR requirements. Contact information such as emails and phone numbers are not explicitly provided on the homepage, which may affect user engagement. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent security improvements to enable HTTPS and strengthen its security framework.

D

dm Slovensko

dm-drogeriemarkt.sk

40

dm Slovensko operates a well-branded online drugstore e-commerce platform targeting Slovak consumers with a broad range of personal care and health products. The website leverages a modern JavaScript and CSS technology stack with integrations from multiple third-party services for analytics, marketing, and user consent management. The technical infrastructure is hosted on Google Cloud, indicating a scalable and reliable hosting environment. However, the website currently lacks a valid SSL/TLS certificate, resulting in no HTTPS availability, which is a critical security concern. Security headers are mostly well implemented, but the disabled X-XSS-Protection header and malformed DNS CAA records indicate areas for improvement. Privacy and cookie policies are not detected in the provided content, representing a compliance gap with GDPR and related regulations. Overall, the website is functional and professionally designed but requires urgent security and compliance enhancements to protect user data and build trust.

KrankenhausExperte is a small German healthcare information website offering a searchable database of over 2,000 hospitals in Germany, along with health-related articles. The platform targets patients and individuals seeking hospital information and facilitates hospital contact and appointment scheduling. Technically, the site uses basic web technologies such as nginx, JavaScript, CSS, and HTML5 but lacks modern CMS or frameworks. Performance and mobile optimization are basic, and no analytics or tracking tools are detected. Security posture is weak due to the absence of HTTPS, SSL certificates, and security headers, exposing users to potential risks. Compliance is poor with no privacy, cookie, or terms of service policies present. Overall, the site is functional but lacks professionalism and trust indicators, limiting its credibility and user confidence.

Electrolux is a globally recognized leader in household appliances, offering a wide range of products including cooking, cooling, laundry, vacuum cleaners, and small kitchen appliances. The website targets Finnish consumers, providing comprehensive product information, promotions, and support services. The digital infrastructure is built on modern technologies such as Next.js, ensuring a responsive and user-friendly experience. While the site employs multiple analytics and marketing tools for personalization and tracking, it maintains good privacy compliance with clear cookie and privacy policies. Security headers are implemented, but the absence of a valid SSL certificate and some advanced security features reduces the overall security posture. The domain registration aligns well with the business identity, confirming legitimacy. Strategic improvements in SSL management and enhanced security practices are recommended to strengthen trust and compliance.

F

FRANZ OBERNDORFER GmbH & Co KG

oberndorfer.at

27

FRANZ OBERNDORFER GmbH & Co KG is Austria's largest precast concrete manufacturer with over 100 years of experience in planning, development, and production of concrete elements. The company holds a leading market position in Austria, offering a comprehensive product portfolio and full-service solutions including logistics and assembly. Their website reflects a mature digital presence built on Drupal 9, with good content quality and clear navigation targeting B2B customers in construction and real estate sectors. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap that undermines user trust and data protection. While cookie compliance and privacy policies are well implemented, the lack of explicit security policies and incident response information indicates room for improvement in security governance. Overall, the business is credible and professional, but urgent action is needed to secure the website infrastructure.

DHL-express.at is the Austrian localized website for DHL, the global leader in logistics and international shipping. The website offers comprehensive information about DHL's services including express document and package shipping, volume shipping for business customers, freight services, and supply chain logistics. The site targets both individual and business customers in Austria, providing tailored solutions and access to various DHL portals and services. Technically, the site is built on Adobe Experience Manager with integrations of Adobe Launch and other modern web technologies, indicating a mature digital infrastructure. However, a critical security gap exists as the site does not serve content over HTTPS, exposing users to potential risks. Security headers are well implemented, but the lack of SSL/TLS severely impacts the security posture. Privacy and cookie policies are present and GDPR compliant, reflecting good privacy practices. Overall, the site is professionally designed, content-rich, and trustworthy but urgently requires HTTPS implementation to meet modern security standards.

C

CeMM Research Center for Molecular Medicine of the Austrian Academy of Sciences

cemm.at

26

CeMM is a reputable interdisciplinary research center affiliated with the Austrian Academy of Sciences, focusing on molecular medicine and biomedical research. The website reflects a strong academic and scientific orientation, targeting researchers, students, and collaborators. The technical infrastructure is based on TYPO3 CMS with Apache hosting, and includes privacy-conscious analytics via Matomo. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. The site is well designed, mobile optimized, and rich in content, but security improvements are urgently needed to align with best practices and compliance requirements.

BRAUN Maschinenfabrik Gesellschaft m.b.H. is a well-established Austrian manufacturing company specializing in steel cutting and grinding machines, hydraulic steel structures, and decommissioning technologies. Founded in 1848, the company holds a strong market position as a technology leader with a global presence, serving industrial clients primarily in the energy and manufacturing sectors. Their product portfolio includes customized solutions for cutting, grinding, and dismantling applications, supported by in-house engineering and automation capabilities. The website reflects a professional business with clear branding and relevant content targeting industrial customers. Technically, the website runs on an Apache server and uses JavaScript libraries including Google Analytics and Google Maps API. However, the site lacks HTTPS encryption, which is a critical security shortfall. Performance metrics are not available, but the site shows basic mobile optimization and SEO practices. The hosting provider is identified via DNS as esys.at, an Austrian hosting service. From a security perspective, the absence of a valid SSL/TLS certificate and HTTPS is a major vulnerability, exposing users to potential data interception. No advanced security headers or policies are implemented, and there is no visible incident response or vulnerability disclosure information. Privacy compliance is minimal, with no cookie consent mechanism detected, although a basic privacy policy and terms of service are present. Overall, the website demonstrates moderate business credibility and content quality but suffers from significant security and privacy compliance gaps. Strategic improvements in SSL deployment, security headers, and privacy mechanisms are recommended to enhance trust and protect users.

L

Lomography

lomography.com

32

Lomography is a well-established analogue photography community and e-commerce platform founded in 1994, offering a wide range of analogue cameras, films, lenses, and educational content. The website demonstrates excellent content quality, user experience, and community engagement, targeting photography enthusiasts globally. Technically, the site uses a modern stack with nginx and Phusion Passenger, and employs Google Tag Manager for analytics and marketing. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, exposing users to potential interception risks. Privacy compliance is strong with clear policies and cookie consent mechanisms. Overall, the business credibility is high, but the security posture requires urgent improvement to protect users and maintain trust.

N

Nameshift.com

ibk.fr

26

The website ibk.fr is a domain sales landing page managed by Nameshift.com, a company specializing in domain name transfers and escrow services. The business model focuses on providing a safe, fast, and fee-free domain transfer experience for buyers, with the seller paying commissions. The site targets individuals and businesses looking to purchase domain names securely. Technically, the site uses modern frameworks such as SvelteKit and is hosted on a CDN associated with Nameshift.com. However, the website suffers from critical security shortcomings, including the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Additionally, privacy and cookie policies are missing, and DNS security configurations are incomplete or malformed. These factors reduce trust and compliance with data protection regulations. Overall, the site presents a basic but functional domain sales platform with room for significant security and compliance improvements.

W

Wienerberger AG

wienerberger.com

39

Wienerberger AG is a leading global manufacturer and supplier of building materials, specializing in bricks, clay roof tiles, pipe systems, and surface pavings. The company holds a strong market position as the world's largest brick producer and a market leader in Europe for clay roof tiles and infrastructure solutions. The website reflects a mature and professional digital presence with comprehensive content targeting investors, customers, and job seekers. Technically, the site is built on Adobe Experience Manager and uses modern web technologies, but critically lacks HTTPS/SSL encryption, exposing users to security risks. Security headers are partially implemented, but the absence of SSL/TLS significantly lowers the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high business credibility and content quality but requires urgent security improvements to protect user data and maintain trust.

F

FH Oberösterreich

fh-ooe.at

29

FH Oberösterreich (FH OÖ) is a leading university of applied sciences in Austria, offering a wide range of bachelor and master degree programs across multiple campuses. The institution emphasizes praxis-oriented education, personal consultation, and maintains strong international partnerships. The website reflects a mature digital presence with comprehensive content, clear navigation, and multilingual support. Technically, the site uses modern frameworks such as Vue.js and Craft CMS, and integrates various analytics and marketing tools with user consent mechanisms. However, the security posture is weakened by the absence of a valid SSL certificate and lack of security headers, exposing users to potential risks. Privacy compliance is well addressed with detailed policies and cookie consent. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure communications.

G

Getzner Textil AG

getzner.at

40

Getzner Textil AG is a well-established Austrian textile manufacturer with a history dating back to 1818. The company specializes in high-quality fashion fabrics, corporate fashion textiles, personal protective equipment, sports equipment textiles, and industrial textiles, emphasizing innovation and sustainability. Their market position is strong within Europe, serving a diverse clientele including fashion designers, garment makers, and industrial users. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design. Technically, the site uses modern JavaScript libraries, Google Tag Manager, and Matomo Analytics, hosted behind Fastly CDN and Varnish cache. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which severely impacts security posture. Privacy and cookie policies are well implemented with consent mechanisms, and the company maintains active social media channels. Overall, the domain registration and DNS data align with the company's claims, indicating legitimacy and trustworthiness.