Security Directory

F

Fraunhofer Austria Research GmbH

fraunhofer.at

40

Fraunhofer Austria Research GmbH is a well-established applied research partner for the Austrian industry, specializing in digital networking, automation, machine vision, artificial intelligence, factory planning, production management, supply chain management, and digital logistics. The company operates as part of the larger Fraunhofer-Gesellschaft, Europe's largest applied research organization, positioning itself as a key player in Industry 4.0 within Austria. Their business model focuses on applied research and development through industry collaborations and publicly funded projects. Technically, the website is built on an Apache server with Adobe Experience Manager CMS, utilizing RequireJS and standard web technologies. While the site is mobile-optimized and well-structured with good SEO practices, performance data is limited and suggests slow loading. Accessibility is basic but functional. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. Although some security headers like HSTS, X-Content-Type-Options, and X-XSS-Protection are present, the absence of HTTPS severely undermines the security posture. No incident response or vulnerability disclosure policies are evident, and cookie consent mechanisms are missing, indicating partial privacy compliance. Overall, the website is professional and credible with clear business information and social media presence. However, the critical lack of HTTPS and incomplete privacy mechanisms present significant risks. Strategic improvements in SSL deployment, security policies, and privacy compliance are recommended to enhance trust and security.

U

Usecon gmbh

usecon.com

28

Usecon gmbh is an established technology and consulting company based in Vienna, Austria, founded in 2001. The company specializes in digital transformation, development, and AI solutions with a strong focus on human-centered design. Their market position is solid with over 24 years of experience and more than 1000 projects completed, targeting businesses seeking digital innovation and consulting services. The website content is well-structured and professional, supporting their business credibility. Technically, the website uses modern frontend technologies such as JavaScript and Tailwind CSS, but suffers from slow load times and lacks HTTPS support due to an invalid or missing SSL certificate. This significantly impacts the security posture and user trust. No CMS or backend platform is explicitly detected. Mobile optimization is good, but accessibility and SEO optimizations are basic. From a security perspective, the absence of HTTPS and modern TLS protocols is a critical vulnerability. No security headers or incident response policies are present, and no vulnerability disclosure mechanisms are found. Privacy and cookie policies exist and appear GDPR compliant, supporting privacy compliance. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and professional but requires urgent security improvements, especially implementing a valid SSL certificate and enabling HTTPS. Performance optimization and enhanced security headers would further improve the security posture and user trust.

L

L3

l3design.eu

23

The website l3design.eu represents a small business focused on creative services including writing, designing, concept development, authoring, and program coordination. The content is minimal and primarily serves as a basic informational landing page with limited user engagement features. The business model appears to be service-oriented targeting clients needing creative and conceptual development support. Technical infrastructure is basic, relying on static HTML and CSS without modern frameworks or CMS platforms. Performance is poor with a high load time despite a small page size, and mobile optimization is lacking. Security posture is weak due to the absence of HTTPS and valid SSL certificates, no security headers, and no privacy or cookie policies, exposing users to potential risks and non-compliance with privacy regulations. Overall, the website demonstrates low digital maturity and limited trust indicators, which may impact business credibility and user confidence.

N

Nameshift.com

kontext.nl

35

Nameshift.com operates as a domain name brokerage and escrow service focused on providing safe, fast, and fee-free domain transfers for buyers. The business model centers on charging sellers a commission while offering buyers a secure and straightforward purchasing experience. The website content is minimal and primarily serves as a landing page to facilitate domain purchases via Nameshift.com. Technically, the site uses modern web technologies such as SvelteKit and is hosted on a Caddy server, but lacks proper SSL/TLS configuration, resulting in no HTTPS availability. This significantly impacts the security posture and user trust. Security headers are partially implemented, but critical vulnerabilities exist due to the absence of a valid SSL certificate and TLS protocols. Privacy and cookie policies are missing, and no contact emails or phone numbers are provided, limiting compliance and user support capabilities. Overall, the site demonstrates a basic digital presence with room for significant improvements in security, privacy, and content completeness.

T

Tetra Pak International S.A.

tetrapak.com

40

Tetra Pak International S.A. operates a comprehensive global website showcasing its leadership in food processing and packaging solutions. The company targets food and beverage industry professionals, offering a broad range of services including packaging, integrated equipment, product innovation, and digital automation. The website is well-structured, professionally designed, and optimized for SEO and accessibility, reflecting a mature digital presence. Technically, the site is built on Adobe Experience Manager and hosted on IBM PWS, leveraging modern web technologies and third-party tools for analytics and cookie consent. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which poses risks to data confidentiality and user trust. Privacy and cookie policies are present with consent mechanisms, indicating compliance with GDPR and related regulations. Contact information is primarily via web forms, with no direct emails or phone numbers publicly listed. Overall, the site demonstrates high business credibility and professionalism but requires urgent remediation of SSL and TLS issues to improve security and trust.

A

Arbonia AG

arbonia.com

34

Arbonia AG is a large Swiss manufacturing company specializing in interior architectural products such as doors, showers, and room partition systems. The company operates through 15 specialized subsidiaries producing in Central Europe and serves architects, interior designers, and construction industry professionals globally. The website is built on TYPO3 CMS and features a modern design with good navigation and mobile optimization. It includes a GDPR-compliant cookie consent mechanism and links to comprehensive privacy policies. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which significantly impacts its security posture. Security headers are well configured, but the absence of TLS protocols and OCSP stapling are notable vulnerabilities. Contact information is present but lacks direct emails or phone numbers on the site. Social media presence is active on YouTube, Instagram, and LinkedIn. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

B

BECOM Electronics GmbH

becom.at

40

BECOM Electronics GmbH is a medium-sized Austrian company specializing in electronic manufacturing services (EMS) and embedded solutions, serving industries such as automotive, medical technology, and industrial electronics. The company operates internationally with subsidiaries in Germany, Hungary, China, and the USA, positioning itself as a reliable partner for end-to-end electronic product development and production. Their website reflects a professional and comprehensive digital presence with detailed service offerings and strong branding consistency. Technically, the website is built on TYPO3 CMS and hosted likely via Kabelplus infrastructure. It features modern web design, good mobile optimization, and accessibility. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, despite the presence of some security headers and HSTS configuration. The site uses Google Analytics for user tracking and implements a cookie consent mechanism aligned with GDPR requirements. From a security perspective, the lack of HTTPS and TLS support significantly lowers the security posture, exposing users to potential risks. The DNS configuration is mostly sound but lacks DMARC and DNSSEC, which are recommended for enhanced email and DNS security. No explicit security or incident response policies are published, which could be improved to enhance trust and compliance. Overall, while the business and website demonstrate professionalism and strong market positioning, addressing the critical security issues and enhancing compliance documentation would improve trustworthiness and reduce risk exposure.

VOG AG is a well-established Austrian retail company founded in 1916, specializing in the distribution of food and non-food products across Central Europe and Asia. The company operates multiple subsidiaries and maintains a significant market presence with trusted brands and production facilities. The website reflects a professional business with clear corporate information and a focus on trade customers. Technically, the website runs on an Apache server with basic JavaScript and CSS, but lacks modern CMS or advanced frameworks. Performance data is missing, and mobile optimization is basic. Security posture is weak due to the absence of HTTPS and modern security headers, exposing the site to risks. Privacy compliance is strong with comprehensive policies and cookie consent mechanisms implemented. Overall, the site is functional and credible but requires urgent security improvements.

T

TopLab - Toplak Laboratory

toplab.at

19

TopLab - Toplak Laboratory is a small Austrian technology consulting and research business specializing in cybernetics, app creation, technology scouting, and contract research. The website presents a professional image with detailed descriptions of services and a focus on niche technological fields such as artificial intelligence, robotics, and neural modeling. The target audience includes investors, potential partners, and clients seeking specialized consulting and development services. Technically, the website is built using React and JavaScript but suffers from slow load times and basic mobile optimization. Security posture is weak due to the absence of HTTPS, lack of security headers, and no advanced DNS security features. Privacy compliance is poor with no visible privacy or cookie policies and no GDPR indicators. Contact information is minimal, relying on LinkedIn for direct communication. Overall, the site is functional but requires significant improvements in security and compliance to enhance trust and protect users.

R

Randstad Austria GmbH

randstad.at

40

Randstad Austria GmbH operates as a leading personnel service provider in Austria, offering staffing, recruitment, and HR solutions. The company is part of the global Randstad N.V. group and targets job seekers and companies within Austria. The website is professionally designed with comprehensive content, clear navigation, and strong branding consistency. Technically, the site uses Drupal CMS with React components, hosted on AWS infrastructure with CloudFront CDN. However, a critical security gap exists as the website lacks a valid SSL certificate and does not serve content over HTTPS, exposing users to potential risks. Security headers are well implemented, but the absence of HTTPS significantly lowers the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact and company registration information provided. Social media presence is robust, enhancing trust and engagement.

HypoVereinsbank by UniCredit Bank GmbH operates a professional and comprehensive banking website targeting private and corporate customers in Germany. The site offers a wide range of financial services including online banking, investment products, loans, and wealth management. It is well-positioned in the market, recognized by industry awards such as 'Bank of The Year 2024' and 'Fairste Filialbank 2024'. The website demonstrates strong branding consistency and trust indicators, with clear contact information and GDPR compliance. Technically, the site uses modern JavaScript libraries and is hosted via Akamai with Adobe Experience Manager as the CMS platform. However, performance is currently slow and SSL/TLS configuration is invalid, which poses security risks. Security headers are mostly present but the Content-Security-Policy is overly permissive. No WAF or blocking mechanisms are detected, allowing full content access. Privacy and cookie policies are implemented with consent mechanisms. Overall, the site is professional and trustworthy but requires urgent SSL fixes to improve security posture.

C

Cargill, Incorporated

delacon.com

23

Delacon.com is the online presence of Delacon, a global leader in phytogenic solutions for animal nutrition, operating under the parent company Cargill, Incorporated. The website offers comprehensive information about their products, research, and career opportunities, targeting professionals in the animal nutrition and agriculture sectors. The site is built on TYPO3 CMS and hosted on AWS infrastructure, featuring a professional design and good content quality. However, the absence of a valid SSL certificate and HTTPS significantly impacts the security posture. While security headers are partially implemented, critical improvements are needed to secure data transmission and user privacy. The site lacks explicit cookie consent mechanisms despite using Google Analytics and other tracking tools, indicating partial privacy compliance. Overall, the domain registration and WHOIS data align well with the business claims, supporting legitimacy and trustworthiness.

T

TROTEC LASER INC.

troteclaser.com

39

Trotec Laser GmbH is a well-established manufacturer of professional laser machines and materials, serving a global market including manufacturers, engravers, schools, and print shops. With over 25 years of experience, the company offers a comprehensive product portfolio including laser cutters, engravers, markers, software, and consumables, supported by a worldwide network and strong customer base. The website is professionally designed, content-rich, and supports multiple languages and regions, reflecting a mature digital presence. Technically, the site uses TYPO3 CMS and Nuxt.js, hosted behind Cloudflare CDN, but lacks a valid SSL certificate, which is a critical security gap. Security headers are partially implemented, but modern TLS protocols and HSTS are missing, reducing the overall security posture. Privacy compliance is moderate with a clear privacy policy and terms of service, but no cookie consent mechanism is detected. Contact information is comprehensive and clearly presented. Overall, the site demonstrates strong business credibility and user experience but requires urgent security improvements to protect users and maintain trust.

M

MBIT Solutions GmbH

mbit.at

33

MBIT Solutions GmbH is an established Austrian IT service provider specializing in tailored web and software solutions for medium to large enterprises and public organizations. Their offerings include enterprise-grade websites, web development, industry-specific solutions, and B2B e-commerce platforms. The company has a strong market position supported by over two decades of experience and a portfolio of reputable clients. Technically, the website is built on TYPO3 CMS, hosted on Apache servers, and integrates modern marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which undermines HTTPS security despite the presence of security headers and content security policies. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Overall, the website demonstrates high professionalism and trustworthiness but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

L

Ludwig Boltzmann Gesellschaft

rare-diseases.at

35

The Ludwig Boltzmann Institute for Rare and Undiagnosed Diseases (LBI-RUD) is a specialized Austrian research institute focused on investigating rare diseases, particularly those affecting the immune system, blood formation, and nervous system. The institute operated for seven years until March 2023, contributing valuable scientific insights and supporting patients through its research. The website serves as an informational platform targeting researchers, medical professionals, and affected patients, providing news, research areas, and organizational information. The business model is non-profit, funded by grants and public sources, and it operates under the Ludwig Boltzmann Gesellschaft umbrella. Technically, the website is built on WordPress and hosted on servers associated with domaindiscount24.net. While the site has a professional design with good navigation and mobile optimization, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. This exposes visitors to potential risks and undermines trust. The site uses Matomo analytics for user tracking and includes a cookie consent banner, indicating some level of privacy compliance, though GDPR compliance is not fully evident. Security posture is weak due to missing HTTPS, lack of security headers, and outdated SSL/TLS configurations. No incident response or security policies are publicly disclosed. Contact information is clearly provided, including phone, address, and an obfuscated email address. Social media presence is active across major platforms, enhancing outreach and trust. Overall, the website is functional and informative but requires urgent security improvements to protect users and enhance credibility. Strategic recommendations include implementing HTTPS, improving security headers, and enhancing privacy compliance documentation.

M

mehrwert.life

ihrmehrwert.at

22

The website ihrmehrwert.at represents a small Austrian consulting and coaching business focused on personal and business transformation for entrepreneurs. The company offers services to help clients develop new behaviors for improved life quality, operational stability, and business model innovation. The site is professionally designed with consistent branding and includes customer testimonials and LinkedIn profiles to build trust. Technically, the site uses the WebPlatform CMS hosted on Amazon AWS, with integrations such as Google Calendar and Google reCAPTCHA. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are minimal, and no incident response or security policies are published. Privacy and cookie policies exist but are hosted externally on Google Drive, with a cookie consent mechanism implemented. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

Waagner Biro is a large, established company specializing in bridge systems, stage systems, steel and glass constructions, and bridge services, primarily targeting industrial and infrastructure sectors. The website acts mainly as a portal linking to specialized subsidiaries, reflecting a segmented business model focused on engineering and manufacturing. Technically, the site is basic with minimal content and limited modern web features. It uses Apache server technology but lacks HTTPS, which is a critical security deficiency. The absence of privacy and cookie policies on the main domain, as well as no contact information, reduces user trust and compliance posture. Security posture is weak due to missing SSL/TLS, lack of security headers, and incomplete DNS/email security configurations. Overall, the site is functional but requires significant improvements in security and privacy compliance to meet modern standards.

BMW.at is the official website for BMW Austria, providing comprehensive information on premium vehicles, including electric and hybrid models, leasing and financing options, and after-sales services. The site targets automotive customers in Austria, emphasizing BMW's premium brand positioning and extensive product offerings. The website is built on a robust technical infrastructure leveraging Adobe Experience Manager and Akamai CDN, ensuring a modern and responsive user experience. Despite the advanced infrastructure, the site currently suffers from an invalid SSL certificate, which undermines its security posture. Security headers are partially implemented, but improvements are needed to fully secure user interactions and data. Privacy and cookie policies are well-presented and GDPR compliant, reflecting BMW's commitment to data protection. Overall, the site demonstrates high professionalism and trustworthiness, with strong brand consistency and extensive content relevant to its audience.

S

STRABAG SE

strabag.com

40

STRABAG SE is a leading European construction and technology company specializing in infrastructure, building construction, and specialized construction sectors. The company emphasizes innovation, sustainability, and quality, positioning itself as a market leader with a comprehensive portfolio of services including road construction, civil engineering, and tunneling. The website content reflects a mature enterprise with a strong focus on ESG principles and investor relations, targeting investors, clients, and partners in the construction and infrastructure sectors. Technically, the website employs standard web technologies such as jQuery and custom JavaScript, hosted on Microsoft Azure with DNS managed via AWS. While the site is content-rich and well-structured with good SEO and mobile optimization, it suffers from critical security shortcomings, notably the absence of a valid SSL/TLS certificate and HTTPS support, which severely impacts its security posture. Security analysis reveals a lack of essential security headers, no DNSSEC or CAA records, and no advanced SSL features like OCSP stapling or session resumption. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism, but incident response and vulnerability disclosure policies are not evident. Overall, STRABAG SE's website demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, enabling security headers, and adopting DNS security measures to align with best practices.

N

Nameshift.com

unterweger.eu

28

The website unterweger.eu is a domain sales and transfer service platform operated in partnership with Nameshift.com, a domain escrow and marketplace service. The business model focuses on providing a secure and simple way for buyers to purchase domain names with escrow protection, free assistance, and VAT invoicing. The target audience includes individuals and businesses seeking domain ownership with minimal risk. The website is built using modern web technologies such as SvelteKit and is hosted on a CDN associated with Nameshift.com. However, performance metrics are not available, and the site shows basic content quality with limited interactive elements. From a security perspective, the website lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability impacting user trust and data security. Although some security headers are present, the absence of TLS protocols and HSTS reduces the overall security posture significantly. No privacy or cookie policies are published, indicating poor privacy compliance. Contact information is limited to a physical address in the Netherlands, with no emails or phone numbers provided, which may affect user confidence. Overall, the website demonstrates a basic level of technical implementation and business credibility but suffers from critical security and privacy compliance gaps. Strategic improvements in SSL/TLS deployment, privacy policy publication, and contact transparency are essential to enhance trust and security. The domain registration data aligns well with the business claims, showing consistency and legitimacy without privacy protection, which is appropriate for this type of service.

RA Manuel Metz operates a small legal practice based in Germany, providing professional legal services with a focus on client engagement, reliability, and expertise. The website presents clear contact information and a straightforward description of services aimed at individuals seeking legal counsel. The business is positioned as a local/regional legal service provider with a simple, content-focused web presence. Technically, the website is built on a basic Apache server with static HTML and CSS, lacking modern CMS or frameworks. Performance data is minimal, indicating slow loading or unmeasured performance. The site is not optimized for mobile or accessibility beyond basic levels and lacks advanced SEO features. From a security perspective, the website does not implement HTTPS, exposing visitors to risks. There are no advanced security headers or mechanisms such as HSTS or CSP. Privacy compliance is minimal, with a basic privacy policy present but no cookie consent or GDPR compliance indicators. No incident response or security policy information is available, indicating a low security maturity level. Overall, the website is functional but has critical security shortcomings that reduce trustworthiness and user safety. Strategic improvements in SSL implementation, security headers, and privacy compliance are recommended to enhance the site's professionalism and protect users.

C

Continental AG

continental-corporation.com

40

Continental AG is a well-established multinational technology and manufacturing company specializing in sustainable and connected mobility solutions. Founded in 1871 and headquartered in Germany, the company offers a broad portfolio including automotive technologies, tires, and ContiTech products. The website reflects a mature digital presence with comprehensive corporate, investor, and sustainability information targeting investors, job seekers, and business partners. Technically, the site is built on TYPO3 CMS and hosted likely on AWS infrastructure, with modern JavaScript and CSS usage. However, a critical security weakness is the lack of a valid SSL certificate and disabled TLS protocols, which severely impacts the security posture. Security headers are mostly present but some, like X-XSS-Protection, are disabled. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but urgently needs to address HTTPS and SSL issues to ensure secure user interactions.

G

GoDaddy Operating Company, LLC

alliedpanels.com

38

The website alliedpanels.com is a domain aftermarket sales landing page hosted and operated under GoDaddy's platform. It offers the domain for sale with options to buy now, lease to own, or make an offer. The site targets domain investors and businesses seeking premium domain names, leveraging GoDaddy's trusted marketplace and brokerage services. The business model is focused on domain sales and brokerage within the e-commerce sector, supported by GoDaddy's large market presence and infrastructure. Technically, the site is built using modern JavaScript frameworks such as React and Next.js, hosted on AWS infrastructure. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. While the design and user experience are good and mobile optimized, the absence of HTTPS and security headers significantly weakens the security posture. Security evaluation reveals critical issues including no valid SSL certificate, no HSTS, and missing security headers, which expose users to potential risks. Privacy compliance is supported by comprehensive GoDaddy privacy and cookie policies, with GDPR compliance indicated. Contact information is limited but present via phone and contact form. Overall, the site is legitimate and consistent with domain aftermarket sales but requires urgent security improvements. Strategically, the site should prioritize obtaining and configuring a valid SSL certificate to enable HTTPS, implement security headers, and improve performance to enhance trust and user experience. These steps will strengthen the security posture and align with best practices for e-commerce platforms.

E

Efumo

efumo.lv

40

Efumo is a Latvian-based IT services company specializing in the development and maintenance of internet shops, websites, mobile applications, and IT systems. The company targets businesses seeking modern, responsive, and integrated digital solutions. Their market position is that of a small but established regional player with a portfolio of notable clients and a professional online presence. Technically, the website is built on WordPress with Yoast SEO, uses modern web technologies, and is moderately optimized for performance and mobile devices. Security posture is adequate with HTTPS, secure cookies, and several security headers, but lacks full HSTS enforcement and email security measures like DMARC. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is professional and trustworthy but could improve in privacy and security policy transparency.

I

Inbokss Ltd.

inbox.eu

40

Inbox.eu is a privacy and security oriented email and cloud storage service provider based in Latvia, operating since 2001. The company offers both business domain email solutions and personal email accounts with features such as spam filtering, data encryption, and synced contacts and calendar. With over 20 years of experience and processing over 21 million emails weekly, Inbox.eu positions itself as a trusted provider in the privacy-focused email market. The website is professionally designed, multilingual, and targets users seeking secure and private email services. Technically, the site uses standard web technologies including JavaScript, Google Tag Manager, and Facebook Pixel for analytics and marketing. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. DNS records are well configured with SPF and DMARC policies, but DNSSEC and CAA records are absent. Incident response contact is available via DMARC abuse email. Privacy and terms of service policies are present and appear comprehensive, but no cookie consent mechanism was detected. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in SSL/TLS security to protect user data and trust.

P

porkbun.shop

porkbun.shop

63

porkbun.shop is an e-commerce website currently in a 'Coming Soon' state, hosted on the Shopify platform. The site offers a newsletter signup form to notify visitors of upcoming promotions and product launches. The business model is typical of online retail stores leveraging Shopify's infrastructure. The website is password protected and lacks substantive content or business information at this time, indicating it is not yet operational. Technically, the site uses Shopify's Debut theme and standard JavaScript libraries, including CryptoJS and Shopify's own analytics and pixel tracking scripts. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support. This severely impacts the security posture and trustworthiness of the site. Performance is slow with a large page size and many resource requests, and SEO and accessibility optimizations are basic. Security-wise, the site has minimal protections beyond HSTS being enabled. There is no valid SSL certificate, no modern TLS protocols enabled, and no OCSP stapling or session resumption. No privacy, cookie, or terms of service policies are present, and no incident response or vulnerability disclosure information is available. The site collects email addresses via a newsletter form but lacks GDPR compliance indicators. Overall, the website is in an early stage of development with significant security and compliance gaps. The lack of HTTPS is a critical issue that must be addressed before launch. Strategic recommendations include obtaining a valid SSL certificate, implementing privacy and cookie policies, improving performance, and enhancing security headers and compliance measures.

M

Medarbejder- og Kompetencestyrelsen

medst.dk

40

Medarbejder- og Kompetencestyrelsen is a Danish government agency under the Ministry of Finance focused on labor agreements, HR education, and development activities within the public sector. The agency provides tools, advisory services, and regulatory information to state employers and HR professionals. The website serves as an authoritative platform for state HR matters, offering educational programs, circulars, and practical tools. Technically, the site is built on the Umbraco CMS platform, uses modern JavaScript libraries such as Swiper.js for UI components, and integrates Cookiebot for cookie consent management. However, the site suffers from a critical security issue due to an invalid or missing SSL certificate, which undermines secure HTTPS access. Other security best practices such as HSTS, DNSSEC, and security headers are absent, indicating room for improvement in security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent SSL remediation to ensure secure user interactions.

Ø

Økonomistyrelsen

oes.dk

40

Økonomistyrelsen is a Danish government agency focused on economic management, public procurement, and digital solutions for state institutions. It serves as a key authority supporting efficient public sector operations and financial governance. The website reflects a mature government entity with a clear focus on providing guidance, advisory services, and digital support to public institutions. The agency maintains a professional online presence with detailed content and official contact information. Technically, the site uses Umbraco CMS and integrates third-party tools like Cookiebot for consent management and Cludo for search functionality. Performance is moderate, and accessibility and SEO are well addressed. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Email authentication via SPF and DMARC is properly configured, enhancing email security. Overall, the site is trustworthy and compliant with GDPR, but urgent improvements in SSL/TLS implementation are necessary to enhance security posture and user trust.

Naalakkersuisut.gl is the official government website of Greenland, serving as the primary portal for government news, departmental information, and public resources. The site targets Greenlandic citizens, government officials, and media, providing authoritative and up-to-date information about governmental activities and services. The business model is public service oriented, with a focus on transparency and communication. Technically, the website employs standard web technologies including JavaScript and CSS, and uses Matomo for analytics. The site is moderately performant and mobile-optimized, but lacks modern security implementations such as HTTPS and security headers, which significantly impacts its security posture. From a security perspective, the absence of a valid SSL certificate and HTTPS support is a critical vulnerability, exposing users to potential data interception risks. No privacy or cookie policies were found, indicating gaps in compliance with GDPR and other privacy regulations. The site does not display any incident response or security policies, which could affect trust and readiness for security events. Overall, while the website fulfills its role as a government information portal with good content quality and user experience, the lack of fundamental security measures and privacy compliance lowers its trustworthiness and exposes it to risks. Strategic improvements in security infrastructure and privacy transparency are recommended to enhance user trust and regulatory compliance.

The website lovgivning.gl serves as an official Greenland government portal providing access to Greenlandic legislation and administrative regulations. It targets residents and legal professionals in Greenland, primarily Danish-speaking users, offering a searchable legal database and updates on recent laws. The site is operated under the Greenland Self-Government authority, with hosting and domain registration managed by Modulo ApS, a Danish registrar. The content is professionally presented with consistent branding and clear navigation, supporting a medium-sized government service model founded in 2008. Technically, the site uses modern frontend technologies including Vue.js and JavaScript, with a moderate performance profile and good mobile optimization. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall. The site lacks security headers, HSTS, and DNSSEC, which exposes it to potential risks. No analytics or tracking tools are detected, indicating minimal user tracking and a privacy-respecting approach, though no formal privacy or cookie policies are published. From a security perspective, the site’s lack of HTTPS and security best practices significantly lowers its security posture score. The domain is mature and consistent with official government use, enhancing trustworthiness. However, the absence of incident response contacts, security policies, and vulnerability disclosures suggests room for improvement in security governance. Overall, the site is functional and credible as a government resource but requires urgent security enhancements to protect user data and ensure trust. Strategic recommendations include immediate implementation of HTTPS with a valid SSL certificate, enabling security headers and DNSSEC, publishing privacy and cookie policies to comply with GDPR, and establishing clear incident response channels. These steps will improve security, compliance, and user trust, aligning the site with best practices for government digital services.

S

Statsministeriet

stm.dk

40

Statsministeriet.dk is the official website of the Danish Prime Minister's Office, serving as a primary information portal for government activities, press releases, speeches, and legislative programs. The site targets Danish citizens, government officials, media, and international visitors interested in Denmark's executive branch. It operates as a government public service entity with a large organizational footprint and a mature digital presence dating back over 30 years. Technically, the website uses modern web technologies including React and the Umbraco CMS, hosted via Sitnet infrastructure. The site demonstrates good content quality, clear navigation, and accessibility features, with moderate performance metrics. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall, exposing users to potential risks. From a security perspective, the site benefits from properly configured SPF and DMARC email policies, reducing spoofing risks. Yet, the lack of DNSSEC, security headers, HSTS, and TLS support significantly weakens its security posture. Privacy compliance is well addressed with accessible privacy and cookie policies, though no active cookie consent mechanism is present. Overall, the site is trustworthy and authoritative but requires urgent security improvements, especially regarding HTTPS implementation and enhanced transport security measures, to protect user data and maintain government digital trust.

N

Namminersorlutik Oqartussat

nalunaarutit.gl

64

The website 'nalunaarutit.gl' serves as the official Greenland government portal for legislative announcements and legal notifications. It provides access to government-issued legal documents and updates primarily targeted at Greenlandic citizens, legal professionals, and government officials. The site offers search functionality to locate specific legislative texts and maintains a consistent government branding with official logos and domain usage. Technically, the site is built using Vue.js and custom CSS, delivering a moderate performance experience with a load time of approximately 4.5 seconds. Mobile optimization is good, and the site supports Greenlandic and Danish languages. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. No advanced security headers or privacy policies are present, and no analytics or advertising tools are detected, indicating minimal user tracking. Contact information is clearly provided with an official government email and physical address. Overall, the site is credible as an official government resource but requires urgent security improvements to protect user data and enhance trust.

RHnet (Rannsókna og háskólanet Íslands hf.) is an Icelandic company founded in 2001 to provide high-speed network connectivity for universities and research institutions in Iceland. It connects these institutions to international research and education networks such as NORDUnet, facilitating academic collaboration and data exchange. The website primarily serves as an informational portal about RHnet's services, network status, and related academic events. The target audience includes academic and research organizations within Iceland. Technically, the website is a simple static HTML and CSS site with minimal resources and moderate load times. It lacks modern web technologies, CMS, or advanced frameworks. Mobile optimization and accessibility are basic, and SEO features are minimal. The site does not use HTTPS, which is a significant technical and security shortcoming. From a security perspective, the site has no valid SSL certificate, no HTTPS support, and lacks security headers such as HSTS or Content-Security-Policy. There are no detected vulnerabilities like Heartbleed or POODLE, but the absence of HTTPS and security headers exposes users to risks. No privacy or cookie policies are present, and no contact or incident response information is provided, indicating low privacy compliance and security maturity. Overall, RHnet's website provides essential information about the organization but falls short in security and privacy best practices. The lack of HTTPS and security policies are critical issues that should be addressed to improve trust and compliance. The domain registration data aligns well with the organization's profile, supporting legitimacy. Strategic improvements in security posture and privacy compliance are recommended to enhance the website's professionalism and user trust.

N

Norges geologiske undersøkelse (NGU)

ngu.no

61

Norges geologiske undersøkelse (NGU) is a Norwegian government agency specializing in geological surveying and dissemination of geological knowledge. The website serves as a portal for geologic maps, scientific publications, and news relevant to geology in Norway, targeting researchers, government bodies, and the public. The organization holds a strong national position as the authoritative source for geological data and services. Technically, the website is built on Drupal 10 with Matomo analytics integration, demonstrating a modern but self-hosted infrastructure. However, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts its security posture. While privacy and cookie policies are present, there is no explicit cookie consent mechanism, and no visible terms of service or security policies are published. Contact information is comprehensive and clearly presented, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent improvements in security and performance to meet modern standards.

3

3dids.com Agencia de Marketing

3dids.com

56

3dids.com Agencia de Marketing is a well-established digital marketing and ecommerce agency based in Spain, specializing in Shopify platform services and ecommerce internationalization. As part of the Publicis Group, it leverages extensive industry experience and a broad partner ecosystem to deliver comprehensive digital strategies, CRM activation, SEO, and AI-driven productivity enhancements. The website reflects a mature digital presence with rich content, client testimonials, and strong branding. Technically, the site is built on Shopify with Cloudflare hosting and uses modern JavaScript libraries and analytics tools. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which poses a critical risk. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by strong trust signals and transparent domain registration.

Roofer North London is a small local roofing service provider specializing in residential and commercial roofing solutions in North London and surrounding areas. Their services include roof repairs, new roof installations, chimney repairs, and maintenance. The website is built on WordPress and uses standard SEO tools but suffers from slow performance and lacks a valid SSL certificate, resulting in no HTTPS support. Contact information is clearly provided, including phone numbers, email, and a physical address. Social media presence is established on Instagram, Facebook, and Twitter. Security posture is weak due to missing SSL, lack of security headers, and absence of privacy and cookie policies. Overall, the website is professional in content and design but requires significant security improvements to protect users and enhance trust.

G

GoDaddy Operating Company, LLC

anytechnologies.com

35

The website anytechnologies.com is a domain sales landing page operated by Afternic, a GoDaddy company. It offers the domain for sale with options to buy outright or lease to own, supported by domain brokerage services. The site targets businesses or individuals seeking to acquire this specific domain name. The business model is focused on domain aftermarket sales and brokerage, leveraging GoDaddy's extensive domain management infrastructure. The site is branded consistently with GoDaddy and Afternic, including trust signals such as a high Trustpilot rating. Technically, the site uses modern JavaScript frameworks like Next.js and is hosted on AWS with Akamai CDN support. However, the site suffers from slow load times and lacks mobile optimization and accessibility features. Security posture is weak due to the absence of HTTPS, no valid SSL certificate, and missing security headers. Privacy compliance is minimal, relying on Afternic's general policies rather than domain-specific disclosures. Overall, the site is functional for its purpose but requires significant security and performance improvements to enhance trust and user experience.

K

Krystal Hosting Ltd

k.io

48

Krystal Hosting Ltd is a UK-based internet services company established in 2003, providing premium and sustainable web hosting, cloud infrastructure, VoIP, and email delivery services globally. The company emphasizes ethical business practices and environmental sustainability, holding certifications such as B Corp and participating in initiatives like 1% For The Planet. Their market position is that of an independent, premium provider with a strong focus on customer service and green technology. Technically, the website is built on modern frameworks like Next.js and uses a custom CMS, delivering a well-designed, mobile-optimized, and content-rich experience. However, the security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no email authentication policies, which poses significant risks. Privacy compliance is also lacking, with no visible privacy or cookie policies. Overall, the business credibility is strong, supported by consistent WHOIS data and active operations, but the security and privacy gaps require urgent attention.

Krystal Hosting Ltd is a UK-based internet services company founded in 2002, specializing in premium and sustainable web hosting, cloud services, VoIP, and email delivery solutions. The company positions itself as an independent, ethical provider with a strong commitment to environmental sustainability, evidenced by its B Corp certification and participation in 1% For The Planet. Their target audience includes businesses worldwide seeking high-quality, green internet solutions. Technically, the website is built using modern frameworks such as Next.js and React, with a CMS likely provided by Katapult. Performance is moderate with good mobile optimization and SEO practices. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical vulnerability. Privacy compliance is minimal, with no visible privacy or cookie policies, and no explicit contact information is provided on the site. Overall, the website is professional and trustworthy from a business perspective but requires urgent security improvements to protect users and data.

K

Krystal Hosting Ltd

sirportly.com

60

Sirportly is a customer support ticket system and help desk software offered as a SaaS product by Krystal Hosting Ltd, a UK-based technology company. The platform targets businesses seeking to improve customer support efficiency and satisfaction through a unified interface, automation, and integrations. The website presents a professional and consistent brand image with clear navigation and relevant content aimed at its target audience. Technically, the site is built likely on Ruby on Rails, hosted on Katapult's cloud platform, and uses Matomo for analytics. Performance is moderate with good mobile optimization but lacks advanced accessibility features. Security posture is weak due to the absence of a valid SSL certificate and missing security headers, which exposes users to risks and reduces trust. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Business credibility is supported by consistent WHOIS data, customer testimonials, and clear company information. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance trust.

C

Cryptex

cryptex.com

58

Cryptex is a cryptocurrency exchange platform offering secure and user-friendly services for buying, selling, and exchanging popular cryptocurrencies such as Bitcoin, Ethereum, and Ripple. The platform targets both beginners and professional traders, providing an intuitive interface and immediate account funding options. The website demonstrates a consistent branding approach and basic content quality, though it lacks comprehensive privacy and cookie policies. Technically, the site is built on modern technologies like React and uses Google Analytics for tracking, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The absence of essential security headers and incomplete privacy compliance further impact its security posture. Overall, while the business model and market positioning are clear, the platform requires significant improvements in security and privacy to enhance trust and compliance.

G

GIZ

diaspora2030.de

38

Diaspora2030 is a German-based non-profit platform supported by GIZ and BMZ that empowers people with migration backgrounds to contribute to sustainable development in their countries of origin. The platform facilitates diaspora professionals, organizations, entrepreneurs, and networks by providing support, co-financing, and knowledge exchange opportunities. The website is professionally designed, content-rich, and targets diaspora communities and development stakeholders. Technically, the site is built on TYPO3 CMS and hosted by kasserver.com, with moderate performance and good mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical issue. Privacy compliance is well addressed with a consent management platform and clear policies. Overall, the site is trustworthy but requires urgent security improvements.

C

Centrum für internationale Migration und Entwicklung (CIM)

cimonline.de

40

The Centrum für internationale Migration und Entwicklung (CIM) operates as a government-affiliated non-profit entity focused on facilitating international labor mobility by connecting specialized EU professionals with employers worldwide. The website reflects a clear mission and professional presentation, targeting both job seekers and employers in the international development sector. Technically, the site uses standard web technologies with moderate performance and good mobile optimization but lacks a CMS indication and advanced frameworks. Security posture is weak due to the absence of a valid SSL certificate and modern TLS protocols, exposing users to risks and undermining trust. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite active tracking scripts. Overall, the site is credible and trustworthy but requires urgent security improvements to protect users and enhance compliance.

The website italiateatrilatinoamerica.it functions as a cultural archive dedicated to showcasing Italy's theatrical presence in Latin America. It targets multilingual audiences primarily speaking Spanish, Italian, and Portuguese, offering archival and informational content related to Italian theater. The business model is that of a niche cultural platform with a small scale and recent establishment in 2023. Technically, the site employs basic web technologies including CSS, JavaScript, and Google Analytics for tracking. Hosting appears to be provided by Aruba, as indicated by DNS and SPF records. Performance is suboptimal with slow load times and basic mobile optimization. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS support, and missing security headers, exposing users to potential risks. Privacy compliance is poor, with no visible privacy or cookie policies and no GDPR compliance indicators. The domain registration is consistent and legitimate, but the lack of domain protection locks and SSL reduces trust. Overall, the site requires significant improvements in security, privacy, and technical performance to enhance user trust and compliance.

The Latin America IP SME Helpdesk is an official European Commission service providing free intellectual property assistance to SMEs from the EU and SMP-associated countries targeting the Latin American market. It offers confidential advice, training, and resources to improve global competitiveness. The website is professionally designed, content-rich, and well-structured, targeting SMEs seeking IP support in Latin America. Technically, the site is built on Drupal 10 and hosted by Level27 bv, with moderate performance and good mobile and accessibility features. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is strong with clear cookie and privacy policies, and contact information is transparent and institutional. Overall, the site is trustworthy but urgently needs to address its SSL/TLS configuration to improve security posture and user trust.

J

JSC Credit Information Bureau

manakreditvesture.lv

40

JSC Credit Information Bureau (KIB) operates the website manakreditvesture.lv, providing credit information and risk management services in Latvia. As part of the global Creditinfo Group and backed by major Latvian banks, it offers individuals and companies access to credit reports, credit scores, dispute management, and profile monitoring. The business model includes free and subscription-based services, targeting Latvian consumers and financial institutions. The website is built on a modern React and Gatsby stack, offering a good user experience and clear navigation, though performance is somewhat slow. Security posture is weak due to the absence of a valid SSL certificate and lack of security headers, which poses a significant risk. Privacy compliance is basic but present, with a privacy policy aligned with GDPR. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional but requires urgent security improvements to protect user data and build trust.

D

Duna Médiaszolgáltató Nonprofit Zrt.

mti.hu

58

The website mti.hu serves as the official portal for the Hungarian national news agency, Duna Médiaszolgáltató Nonprofit Zrt., established in 1881. It provides comprehensive news coverage, official announcements, and media content including photos and graphics, targeting both the general public and professional subscribers. The site integrates modern frontend technologies such as SvelteKit and is powered by a Drupal CMS backend, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which severely impacts the site's security posture. Privacy and cookie policies are well documented and GDPR compliant, with consent mechanisms in place. The site links to multiple affiliated media domains, reinforcing its position as a key national media entity.

ABCNEWS Store is a small-scale e-commerce website offering select ABC News programs and reports for purchase. The site targets consumers interested in news media content and operates under the ABC brand umbrella, with links to official Disney privacy and terms pages indicating corporate affiliation. The business model centers on retailing media content with direct email contact for customer inquiries. Technically, the website is hosted on Amazon S3 with CloudFront CDN, utilizing basic web technologies such as JavaScript, CSS, and Google Fonts. The site exhibits slow performance with minimal optimization for mobile and accessibility. The design is basic with limited content and navigation, lacking modern CMS or frameworks. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. No security headers or advanced protections are implemented, and no cookie or privacy consent mechanisms are present. These deficiencies significantly reduce the security posture and privacy compliance of the website. Overall, the website presents moderate business credibility due to brand association but suffers from critical security shortcomings. Strategic improvements in SSL deployment, security headers, and privacy compliance are essential to enhance trust and protect users.

M

M.M.Warburg & CO

warburg-bank.de

40

M.M.Warburg & CO operates a professional online banking platform targeting banking customers primarily in Germany. The website offers secure login mechanisms including electronic TAN authentication and provides clear customer support phone contacts. The technical infrastructure is based on AngularJS with custom JavaScript and CSS, delivering a good user experience and mobile optimization. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent critical security vulnerabilities that undermine trust and data protection. Security headers are well implemented, but the SSL/TLS configuration requires urgent remediation. Privacy compliance is strong with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the website is functional and professional but needs immediate security improvements to meet industry standards.

Soundcheck B.V. is a small Dutch rental company specializing in sound and lighting equipment for events such as theater productions, festivals, concerts, TV productions, weddings, and corporate events. The company has a mature domain registered since 2002, consistent with its stated business history. The website content is basic and primarily in Dutch, targeting local event organizers and production companies. Technically, the website uses legacy HTML and JavaScript without modern frameworks or CMS, resulting in slow load times and poor mobile optimization. Critically, the site lacks HTTPS support, exposing users to security risks. No privacy or cookie policies are present, and no contact information is explicitly provided on the homepage, which impacts trust and compliance. The DNS and MX records are properly configured, but security configurations such as DNSSEC, HSTS, and security headers are missing. Overall, the website demonstrates a low security posture and basic digital maturity, requiring significant improvements to meet modern security and privacy standards.