Security Directory

G

GoDaddy, LLC

unternehmertum-vc.de

40

The domain unternehmertum-vc.de is currently a parked domain managed by GoDaddy, with no active business content or services hosted. The site primarily serves as a placeholder offering the domain for sale. The technical infrastructure is basic, relying on standard JavaScript and CSS with embedded third-party widgets for cookie consent (TrustArc) and customer reviews (Trustpilot). The site lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. No security headers or advanced domain security configurations such as DMARC, DNSSEC, or CAA records are present. Privacy compliance is minimal but includes a cookie consent mechanism via TrustArc. Overall, the website quality is poor with slow load times and minimal content, reflecting its parked status rather than an operational business site.

H

Hochschule Ruhr West

hs-ruhrwest.de

40

Hochschule Ruhr West is a public university of applied sciences located in the Ruhr region of Germany, with campuses in Mülheim an der Ruhr and Bottrop. The institution offers a broad range of degree programs including bachelor, master, part-time, and dual studies, alongside active research and transfer activities. The website reflects a well-established regional educational institution with a clear focus on accessibility, student services, and cooperation with industry and society. The target audience includes prospective and current students, academic staff, and business partners. Technically, the website employs modern web technologies including JavaScript, CSS, and Cookiebot for cookie consent management, and integrates Google Tag Manager for analytics and marketing. The content management system appears to be Ibexa, supporting a structured and navigable site architecture. Performance is moderate with a page load time of approximately 6 seconds and a page size of about 335 KB. The site is mobile-optimized and accessible with good SEO practices. From a security perspective, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical vulnerability impacting user trust and data protection. No modern TLS protocols or security headers are detected, and HSTS is not enabled. DNS records show proper SPF and DMARC configurations, which help mitigate email spoofing risks. Cookie consent is implemented comprehensively, supporting GDPR compliance. However, no explicit security policy or incident response information is found. Overall, the website is professionally designed and content-rich but suffers from significant security shortcomings due to the absence of HTTPS. Strategic improvements in SSL deployment, security headers, and incident response transparency are recommended to enhance trust and compliance.

Z

ZENIT GmbH (Konsortialführerin), NRW.BANK (Konsortialpartnerin), NRW.Global Business GmbH, IHK NRW e.V.

nrweuropa.de

35

NRW.Europa is a regional representation of the Enterprise Europe Network in North Rhine-Westphalia, Germany, providing comprehensive support for internationalization, innovation, and funding to SMEs and research institutions. The website is built on TYPO3 CMS and features professional design, clear navigation, and multilingual support. However, the site lacks a valid SSL certificate and modern TLS protocols, which significantly impacts its security posture. While privacy compliance is well addressed through a cookie consent mechanism and a comprehensive privacy policy, the absence of HTTPS and other security headers poses risks. The site maintains active content with news and event calendars, reinforcing its credibility and engagement with its audience. Strategic improvements in SSL deployment and security configurations are critical to enhance trust and compliance.

B

Bundesverband betriebliche Weiterbildung - Wuppertaler Kreis e.V.

wkr-ev.de

40

The Wuppertaler Kreis e.V. is a German non-profit association representing 52 leading institutes in the business education and continuing professional development sector. Founded in 1955, it serves as a national umbrella organization advocating for workplace learning, qualification, and workforce development. The website reflects a well-structured and content-rich platform targeting business leaders and education providers, offering news, events, and member information. Technically, the site is built on TYPO3 CMS and hosted on a German provider, but suffers from critical security shortcomings due to the absence of HTTPS and a valid SSL certificate. This significantly undermines the security posture despite good content and business credibility. No cookie consent mechanism or advanced privacy compliance features are present, though a privacy policy and terms of service are available. Overall, the site is professional but requires urgent security upgrades to protect user data and improve trust.

D

DIHK Service GmbH

dihk-service-gmbh.de

40

DIHK Service GmbH is a project company affiliated with the German Chambers of Industry and Commerce (DIHK), serving as a key partner for IHKs, AHKs, and member companies. The organization focuses on developing and implementing projects that strengthen businesses and provide societal benefits, including workforce development, education, environmental protection, and sustainable business locations. The website reflects a medium-sized government/non-profit entity with a clear business model centered on state-funded projects and partnerships. Technically, the site uses standard web technologies and etracker analytics but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. However, the absence of HTTPS and security headers significantly weakens the security posture. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

I

Insany Design

insanydesign.com

54

Insany Design is a Brazilian design, technology, and innovation studio established in 2016, specializing in enhancing digital presence for brands through web development, e-commerce, and digital product solutions. The company positions itself as a creative and technical partner for businesses seeking to transform their digital experiences. The website reflects a professional and consistent brand image with extensive case studies and client logos, targeting businesses looking for innovative digital solutions. Technically, the site is built on modern frameworks such as Next.js and hosted on Vercel, utilizing React and other contemporary technologies. However, the site suffers from a critical security issue due to an invalid SSL certificate and lack of modern TLS protocol support, which undermines user trust and security. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. Overall, the site is content-rich and professionally designed but requires urgent security and privacy improvements to meet industry standards.

U

UnternehmerTUM GmbH

unternehmertum.com

51

UnternehmerTUM GmbH is Europe's largest center for innovation and entrepreneurship, based in Germany, founded in 2002. It supports startups, founders, and companies by providing acceleration, incubation, corporate venturing, and networking services. The website is rich in content, professionally designed, and targets startups, researchers, and innovative companies. Technically, the site uses modern JavaScript frameworks, consent management tools, and analytics but suffers from a critical lack of HTTPS due to an invalid or missing SSL certificate, which severely impacts its security posture. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. Business credibility is high with clear contact information, social media presence, and structured data. Overall, the site is professional and trustworthy but urgently needs to fix its SSL/TLS configuration to improve security and user trust.

N

net-maxX GmbH

net-maxx.de

40

net-maxX GmbH operates a virtual platform designed for fan communities, leveraging interactive virtual worlds to connect users. The company is a small technology startup based in Germany, founded in 2023, and collaborates with partners such as Telemaxx and agenturserver.de. The website is built on the Ghost CMS platform and demonstrates good content quality and user experience with moderate performance. Security posture is adequate with HTTPS and SPF configured, but lacks advanced TLS features and email security enhancements like DMARC. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professional and trustworthy but could improve in security and privacy areas.

I

IHK Saarland

ihksaarland.de

40

IHK Saarland operates as a regional chamber of commerce and industry serving the Saarland region in Germany. The organization provides a broad range of services including business consulting, education and training, legal and regulatory guidance, and digital services to support local enterprises, founders, and various business stakeholders. The website reflects a well-structured and professional digital presence with comprehensive content tailored to its target audience of businesses and professionals in the region. Technically, the site uses a traditional JavaScript and CSS stack with jQuery libraries and is hosted via epag.net DNS infrastructure. While the site supports modern TLS protocols ensuring secure HTTPS connections, it lacks advanced security headers and DNS security features, indicating room for improvement in its security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and accessible privacy policies. The website is not blocked by any WAF or security challenge, allowing full content access. Overall, the site scores well in business credibility and privacy compliance but could enhance technical and security aspects to improve performance and resilience.

D

DIN

din.one

40

DIN.ONE is a German-based community platform powered by Atlassian Confluence, designed to facilitate expert collaboration on standardization and norming projects. The platform hosts thematic communities, events, and news, targeting professionals engaged in these sectors. Technically, the site leverages Confluence 8.5.21 with a Refined theme, hosted likely on Google Cloud infrastructure. While the site uses HTTPS with modern TLS protocols, it lacks advanced security headers and mechanisms such as HSTS and OCSP stapling, which could enhance its security posture. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the website provides good content quality and business credibility but suffers from slow performance and basic technical implementation.

D

DIN Solutions GmbH

dinsolutions.de

40

DIN Solutions GmbH is a medium-sized technology company operating within the DIN group, specializing in the development and operation of software, platforms, and databases for norming and standardization. The company serves DIN, DIN Media, and their customers and partners by delivering tailored technical solutions and engaging in innovative research and development, including artificial intelligence applications. Their market position is strong within the German norming ecosystem, supported by ISO 9001 certification and partnerships with recognized entities such as TÜV Rheinland. Technically, the website employs modern technologies including MarkLogic NoSQL database, X-Swift framework, and Swift programming language for transformation processes. The site is well-designed, mobile-optimized, and uses etracker for analytics. Performance is moderate with a page load time of about 3 seconds. However, the SSL certificate is nearing expiration, and security headers are minimal, indicating room for improvement in security hardening. Security posture is adequate with HTTPS, SPF, and DMARC configured, but lacks HSTS, DNSSEC, and advanced security headers. No vulnerabilities or malware were detected, but urgent SSL renewal is needed to maintain trust and secure communications. Privacy compliance is good with a comprehensive privacy policy and GDPR adherence, though no cookie consent mechanism was found. Overall, the website is professional and trustworthy with strong business credibility. Strategic recommendations include immediate SSL renewal, enhancing security headers, implementing DNSSEC and CAA, and adding cookie consent mechanisms to improve privacy compliance and security posture.

N

news aktuell

zimpel.de

40

Zimpel.de is a German PR software and media database platform operated as a product of news aktuell, a subsidiary of the German Press Agency (dpa). The website targets PR professionals and media relations specialists by providing tools for managing journalist contacts and media distribution lists. The business model is SaaS-oriented, focusing on the media and public relations sector within Germany. The site content is minimal and primarily driven by JavaScript, with no visible contact or policy pages on the main HTML content. Technically, the site uses nginx as the web server and employs modern TLS protocols (TLS 1.2 and 1.3) with a valid SSL certificate. DNS hosting is managed by Colt, and email services are routed through news aktuell mail servers. Security headers are present but some are misconfigured or only in report-only mode, such as the Content Security Policy and X-XSS-Protection header. No DMARC record is configured, which is a gap in email security. No privacy or cookie policies are found, indicating low privacy compliance. Overall, the site demonstrates a moderate security posture but lacks transparency and completeness in privacy and contact information.

C

CERTQUA GmbH

certqua.de

40

CERTQUA GmbH is a medium-sized German certification body specializing in certifications and accreditations for education and labor market organizations, including ISO 9001, ISO 21001, and AZAV. Founded in 1994, it holds accreditations under ISO 17021 and ISO 17065 and offers a comprehensive range of services including certification, training seminars, and a digital service center platform. The website is professionally designed, content-rich, and well-structured, targeting education providers and related stakeholders. Technically, the site uses modern web technologies and is hosted on Hetzner, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS and valid certificates but lacks some best practices such as HSTS, OCSP stapling, DMARC, and DNSSEC. Privacy compliance is well addressed with clear cookie consent and privacy policies. Contact information and social media presence enhance business credibility. Overall, the site reflects a mature digital presence with room for security improvements.

O

on-geo GmbH

lora.de

40

on-geo GmbH operates a suite of geospatial data service portals including LORA and Geoport, targeting professional users in real estate and related sectors primarily in Germany. The website serves as a secure login gateway for multiple branded services, providing access to geospatial data, consulting, and training. The technical infrastructure is based on Microsoft technologies with ADFS for authentication, delivering a fast and functional user experience with basic mobile optimization. Security posture is strong with HTTPS, modern TLS protocols, and multiple security headers, though improvements are recommended in HSTS configuration and email domain security. Privacy compliance is partial with a privacy policy present but lacking cookie consent mechanisms. Overall, the site demonstrates good business credibility and technical maturity with room for enhancements in privacy and security best practices.

I

iF Design

ifdesign.com

71

iF Design is a globally recognized organization that hosts the prestigious iF DESIGN AWARD, established in 1953. The company operates a comprehensive digital platform showcasing award winners, design trends, and community engagement for designers, architects, and companies worldwide. Their market position is strong within the design industry, offering key services such as design competitions, trend reports, and networking opportunities. Technically, the website is built on modern React and Gatsby frameworks, hosted on Microsoft Azure, with a valid SSL certificate and standard security configurations. However, performance is somewhat slow, and security headers could be enhanced. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates a professional and trustworthy presence with moderate tracking and marketing tools integrated.

P

Página inacessível

apprbs.com.br

30

The website apprbs.com.br currently serves a minimal 'Página inacessível' (Page inaccessible) message with no accessible business content or user interaction features. The DNS configuration shows hosting on Google Cloud infrastructure and email services via Google Workspace with SPF records including Elastic Email. However, the site lacks a valid SSL certificate and does not support HTTPS, representing a critical security vulnerability. No privacy, cookie, or terms of service policies are present, and no contact information or forms are available, indicating the site is either down, under maintenance, or improperly configured. From a technical perspective, the site uses basic HTML5 and CSS with JSON-LD structured data indicating the domain name but no further business details. Performance is moderate but limited by minimal content. SEO is poor due to a malformed robots meta tag set to noindex and lack of metadata. Accessibility and mobile optimization are basic at best. Security posture is weak with no HTTPS, no security headers, no HSTS, and a DMARC policy set to none, exposing the domain to email spoofing risks. No WAF or security challenge was detected, but the site is effectively inaccessible to users. Overall, the site scores very low on content quality, technical implementation, security, privacy compliance, and business credibility. Strategic recommendations include immediate installation of a valid SSL certificate, enabling HTTPS, improving security headers and policies, publishing privacy and cookie policies, and restoring accessible business content to improve trust and compliance.

S

Secure Mailgate

secure-mailgate.com

67

Secure Mailgate operates as a specialized provider of secure email gateway services, focusing on secure login and email domain management primarily targeting business users requiring secure email access. The website is functional and accessible, featuring a login form and multilingual support but lacks comprehensive public-facing content such as privacy policies, terms of service, or contact information. Technically, the site uses standard web technologies including JavaScript and CSS, hosted on infrastructure associated with Cloudpit. Performance is moderate with a relatively small page size and acceptable load times. From a security perspective, the site enforces HTTPS with modern TLS protocols (1.3 and 1.2) and a valid wildcard SSL certificate, but lacks advanced security features such as HSTS, OCSP stapling, DNSSEC, and DMARC records. No security headers are detected, and no vulnerability disclosures or incident response contacts are publicly available. This indicates a basic security posture with room for significant improvement to enhance email domain protection and overall site security. Overall, the website presents a basic but functional digital presence with limited transparency on privacy and security policies. The lack of contact information and policy documents may impact user trust and compliance with data protection regulations. Strategic improvements in security configuration, policy publication, and user communication are recommended to strengthen the company's market position and compliance posture.

H

Hund

hundstat.us

50

Hund.io operates a status page at hundstat.us providing real-time and historical operational status for its services including website, DNS, GitLab, and platform components. The site targets users and customers who require transparency on service availability and performance. The business model centers on operational monitoring and status reporting, positioning Hund.io as a technology service provider in the monitoring niche. The website content is professional and consistent with the brand, but lacks comprehensive business and compliance information. Technically, the site is hosted on AWS infrastructure with DNS managed partly by AWS and Hurricane Electric. The technology stack includes standard web technologies with Google Analytics and Google Tag Manager for tracking. However, the site suffers from slow performance and lacks modern optimizations such as full mobile responsiveness and accessibility features. From a security perspective, the site has critical weaknesses including an invalid or missing SSL certificate, absence of HTTPS, no security headers, and no DNSSEC or CAA records. These issues significantly reduce the security posture and expose users to risks. Additionally, there is no evidence of privacy compliance, incident response policies, or contact information for security matters. Overall, the site presents moderate business credibility but requires urgent improvements in security and privacy compliance to reduce risk and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling HTTPS, implementing security headers, and publishing privacy and security policies.

P

ProSiebenSat.1 Welt

prosiebensat1welt.de

40

ProSiebenSat.1 Welt was a German Pay TV channel operated under the ProSiebenSat.1 media group, offering entertainment content including TV programs, films, and series. The channel ceased operations at the end of 2023 after nearly two decades. The website serves primarily as an informational and redirect portal to partner channels and provides compliance and legal information. Technically, the site is built using modern web technologies including Next.js and React, hosted likely on AWS infrastructure, and uses Contentful as a CMS. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support, which severely impacts security posture and user trust. No advanced security headers or TLS protocols are enabled, and DNSSEC is not configured. Privacy compliance is addressed with a privacy policy and cookie consent mechanism, but no direct contact information or incident response details are provided. Overall, the site is functional and professionally designed but requires urgent security improvements to protect users and maintain credibility.

S

Ströer

plakate-buchen.de

57

Plakate-Buchen.de is an online advertising booking platform operated by Ströer, focusing on poster and campaign advertising across Germany. The platform offers access to over 300,000 advertising locations with daily updated availability and convenient online payment options, targeting businesses seeking to promote their stores or campaigns locally. The website is primarily in German and provides a phone contact for customer inquiries but lacks visible email contacts or terms of service. Technically, the site runs on an Apache server with modern TLS protocols (TLS 1.3 and 1.2) and uses Google Tag Manager for analytics and tracking. Security headers such as Strict-Transport-Security and X-Content-Type-Options are present, but improvements are needed in HSTS configuration, OCSP stapling, DMARC, DNSSEC, and certificate transparency compliance. The site implements cookie consent with express consent type, aligning with basic GDPR requirements but lacks comprehensive privacy and security policies. Overall, the platform demonstrates a moderate security posture with room for enhancement in email security and transport layer protections.

P

ProSiebenSat.1 Media SE

commerceandventures.com

48

Commerce & Ventures is the investment business of ProSiebenSat.1 Media SE, focusing on supporting consumer-oriented start-ups and growth companies through a combination of media-for-equity, media-for-revenue, minority, and majority investments. The company leverages the extensive media reach of the ProSiebenSat.1 Group to build brand awareness and accelerate growth for its portfolio companies. Technically, the website is built on modern frameworks such as Next.js and React, hosted on AWS, and integrates marketing and tracking tools like Google Tag Manager. Security posture is adequate with support for TLS 1.2 and 1.3 and no major vulnerabilities detected, but lacks some best practices like HSTS and OCSP stapling. Overall, the site is professional, well-branded, and provides comprehensive information about its investment activities and portfolio. However, direct contact information and explicit security policies are not prominently available, which could be improved to enhance trust and compliance.

S

SevenVentures

sevenventures.de

52

SevenVentures is a strategic media investment arm of ProSiebenSat.1 Media SE, specializing in minority equity investments and media cooperations for established digital B2C companies. Their business model leverages media assets to accelerate growth and brand awareness in the German and Austrian markets. The website demonstrates a mature digital infrastructure using modern web technologies such as Next.js and integrates marketing and tracking tools like Google Tag Manager and trkkn.com. Security posture is solid with TLS 1.3 support and valid SPF records, though improvements such as enabling HSTS, DNSSEC, and DMARC would enhance protection. Overall, SevenVentures presents a professional and trustworthy online presence aligned with its market position as a leading media investor.

E

Elo Criativo

elocriativo.com.br

56

Elo Criativo is a small Brazilian design and web strategy agency specializing in branding, web design, and graphic design services. The company targets businesses seeking to improve their digital presence through well-crafted design and web solutions. Their market position is that of a niche service provider with a portfolio showcasing diverse projects. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, Foundation, and various JavaScript libraries. The hosting is managed via Cloudez nameservers. Performance is moderate with a page load time of approximately 5.8 seconds and a page size of about 200KB. Security posture shows a valid SSL certificate but lacks advanced configurations such as HSTS, DNSSEC, and security headers. SPF and DMARC records are configured but with a relaxed DMARC policy. Analytics usage includes Google Analytics, Google Tag Manager, and RD Station, indicating moderate user tracking but no visible privacy or cookie policies, which is a compliance gap. Overall, the website is professional and functional but could improve security and privacy compliance to enhance trust and reduce risk.

N

norisbank GmbH

norisbank.de

57

norisbank GmbH is a direct bank subsidiary of Deutsche Bank Gruppe, headquartered in Bonn, Germany. The company offers a range of financial products including credit, checking accounts (Girokonto), savings accounts (Tagesgeld), credit cards, and securities depot services. The website demonstrates a strong market position with multiple awards and certifications, targeting private customers, business clients, students, and youth. The business model focuses on digital banking services with an emphasis on online and mobile banking platforms. Technically, the website is built on Adobe Experience Manager with integrations for Adobe Analytics and Usercentrics for consent management, reflecting a mature digital infrastructure. However, the website currently lacks a valid SSL/TLS certificate, which is a critical security vulnerability. Email security is well configured with SPF and DMARC policies. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is professional, trustworthy, and well-optimized for SEO and accessibility, but requires urgent improvements in SSL security to protect user data and maintain trust.

S

Saulės spektras, UAB

turizmas.lt

44

Turizmas.lt is a Lithuanian tourism portal operated by Saulės spektras, UAB, providing a comprehensive directory of travel-related services including accommodation, rural tourism, travel agencies, and leisure activities. The platform targets both local and international tourists seeking detailed information and booking options within Lithuania. The website demonstrates a solid market position as a national tourism information hub with a medium-sized business model based on listings and advertising revenue. Technically, the site uses a modern but somewhat traditional tech stack including Google Analytics, Bootstrap, and CKEditor, hosted by Hostex.lt. Performance is moderate with good mobile optimization and SEO practices. Security-wise, the site employs a valid SSL certificate with strong cipher suites but lacks advanced DNS security features such as DNSSEC and CAA records. Cookie and privacy policies are comprehensive and GDPR compliant, with a consent mechanism implemented. However, there is no visible terms of service or incident response policy. Overall, the site is professional, trustworthy, and well-branded, but could improve security posture and transparency in some areas.

G

group.one

jobs.one

62

group.one is a large technology company operating primarily in the DACH region, providing a broad range of IT services including domain registration, web hosting, cloud servers, digital marketing, and SaaS solutions. The company supports over 1,300 employees and serves more than one million customers through multiple brands. Their market position is strong with a diversified portfolio of partner brands and a focus on customer success and team development. Technically, the website uses modern web technologies including a Teamtailor recruitment widget and a consent management platform, but lacks a valid SSL certificate and several security best practices, which impacts the overall security posture. The cookie consent mechanism and privacy notice indicate good GDPR compliance, but the absence of security policies and incident response information suggests room for improvement in security governance. Overall, the website is professionally designed with good user experience and trust indicators, but the technical security gaps present a moderate risk that should be addressed.

P

PwC-Stiftung

galerie-pwc-stiftung.de

61

The PwC-Stiftung website galerie-pwc-stiftung.de serves as a digital gallery and archive showcasing 20 years of cultural and educational projects and programs supported by the PwC-Stiftung foundation in Germany. The foundation focuses on promoting cultural education and youth engagement through funding and running various initiatives. The website is professionally designed with good content relevance and navigation, targeting educational institutions, cultural organizations, and youth audiences. Technically, the site uses modern web technologies with deferred JavaScript and CSS, hosted on a provider identified as netzhaut. Security posture is moderate with valid TLS protocols but lacks advanced security features such as HSTS, DNSSEC, and DMARC, which are recommended for improvement. Privacy policy is present and GDPR compliant, but no cookie consent mechanism or terms of service are found. Overall, the site is trustworthy and well-positioned as a non-profit educational foundation's digital presence.

H

Hostinger

hostinger.com.br

63

Hostinger is a well-established global web hosting and domain registration provider founded in 2004, serving over 3 million users worldwide. The company offers a comprehensive suite of services including shared hosting, VPS, cloud hosting, WordPress optimized hosting, domain registration, and AI-powered website builders. Their market position is strong, supported by numerous trust indicators such as WordPress.org recommendation, Trustpilot reviews, and a 30-day refund policy. Technically, Hostinger employs modern web technologies including Nuxt.js and Vue.js, with integrations for Google Tag Manager, Microsoft Clarity, and Bing Ads, indicating a mature digital infrastructure. Security measures include valid SSL certificates, SPF and DMARC records with strict policies, though improvements can be made by enabling HSTS and DNSSEC. Overall, Hostinger demonstrates a solid security posture with no evident vulnerabilities and a good compliance level. The website is professionally designed, optimized for mobile, and provides a seamless user experience with clear navigation and comprehensive content. Strategic recommendations include enhancing security headers, implementing DNSSEC, and maintaining regular audits of third-party scripts to further strengthen security and trust.

H

Hi, I'm Tobias. | rixx.de

rixx.de

47

The website rixx.de serves as a personal hub for Tobias, an open source software author, conference speaker, and community organizer primarily in the technology sector. The site highlights his projects, blog posts, and involvement in events such as Chaos Communication Congress and DjangoCon Europe. The business model centers on personal branding and community engagement rather than commercial transactions. Technically, the site is built with standard web technologies including HTML, CSS, and JavaScript, with hosting provided by INWX. Performance is moderate, and SEO is well addressed through metadata, but mobile optimization and accessibility are basic. Security posture is weak due to the absence of a valid SSL certificate, lack of TLS support, missing security headers, and no DNSSEC. SPF is configured correctly, but other email authentication and security mechanisms are minimal. No privacy, cookie, or terms policies are published, and no contact information is explicitly provided on the site. Overall, the site is trustworthy for its niche audience but requires significant security and compliance improvements to enhance user trust and data protection.

B

Berenberg

berenberg.de

65

Berenberg is a historic private bank and financial services provider founded in 1590 in Hamburg, Germany. It offers wealth management, asset management, corporate banking, and investment banking services to a diverse clientele including wealthy private clients, corporations, and institutional investors. The bank maintains a strong market position in Europe and the US with multiple offices and a broad service portfolio. Technically, the website employs modern web technologies with good performance and mobile optimization, supported by a robust SSL configuration and DNS setup. Security practices include SPF and DMARC email protections, OCSP stapling, and strong cipher suites, though improvements such as enabling HSTS and DNSSEC could enhance security further. Overall, Berenberg demonstrates a mature digital presence with strong trust indicators and compliance with GDPR and cookie consent regulations.

A

Afternic (GoDaddy Operating Company, LLC)

zenkod.com

53

The website zenkod.com is a domain sales landing page operated under the Afternic marketplace, a GoDaddy branded platform. It offers domain purchase services including price inquiries and buy now options, targeting individuals and businesses seeking premium domain names. The platform leverages modern web technologies such as React and Next.js, hosted on AWS infrastructure, with basic performance and accessibility optimizations. Security posture is weak due to lack of valid SSL certificates and missing security headers, although form protection via Google reCAPTCHA is implemented. The site integrates with trusted partners like Afternic and GoDaddy for domain transactions and payment processing. Overall, the site serves as a professional domain sales interface but requires significant security improvements to enhance trust and compliance.

I

interneX GmbH

internex.de

45

interneX GmbH is a small German company with a basic online presence primarily providing legal and contact information on its website. The company’s market position and detailed business services are not explicitly described, indicating a limited digital footprint. The website is minimalistic, with no advanced content or interactive features, targeting a general audience likely within Germany. Technically, the site is hosted on kasserver.com using Apache with HTTP/2 support and basic CSS styling. Performance is fast, but mobile optimization and accessibility are basic. Security posture shows support for modern TLS protocols without known vulnerabilities, but lacks advanced security headers such as HSTS and OCSP stapling. DNSSEC and DMARC are not implemented, which could expose the domain to DNS and email spoofing risks. Overall, the security score is moderate with room for improvement in compliance and best practices. The website does not include privacy or cookie consent mechanisms, which may impact GDPR compliance. Contact information is clearly provided, but no email addresses or social media links are present. Strategic recommendations include enhancing HTTPS security, implementing DNS and email protections, publishing a vulnerability disclosure policy, and improving privacy compliance to build trust and reduce risk.

P

PricewaterhouseCoopers

pwcplus.de

67

PwC Plus is a specialized knowledge and research platform operated by PricewaterhouseCoopers, targeting primarily financial services professionals with additional focus on healthcare and public services sectors. The platform offers subscription-based access to quality-assured, daily updated content including legal norms monitoring, regulatory insights, and sector-specific modules. The website demonstrates a mature digital presence with multilingual support, user account management, and integration of professional content from trusted partners such as the IFRS Foundation. Technically, the site is hosted on Colt's infrastructure, uses modern TLS protocols, and employs Piwik PRO for analytics with a compliant cookie consent mechanism. Security posture is solid with DMARC enforcement and no critical SSL vulnerabilities, though improvements like enabling HSTS, DNSSEC, and CAA records could enhance security further. No explicit security or incident response policies are published, indicating an area for maturity growth. Overall, PwC Plus presents a professional, trustworthy, and content-rich platform aligned with PwC's global brand standards.

C

Capgo, Inc.

capgo.app

70

Capgo, Inc. is a technology company specializing in providing live Over-the-Air (OTA) update solutions for Capacitor-based mobile applications. Their platform enables developers to push instant updates, fixes, and new features directly to users without the delays associated with app store approvals. Positioned as an innovative and secure solution, Capgo offers both cloud-hosted and self-hosted options, with a strong emphasis on end-to-end encryption and real-time analytics. The company targets development teams seeking efficient app update workflows and enhanced user experience. Their business model includes SaaS offerings, consulting services, and CI/CD pipeline integrations, supported by a transparent trust center and open source code availability.

T

TÜH Staatliche Technische Überwachung Hessen

tueh.de

58

TÜH Staatliche Technische Überwachung Hessen operates as a regional governmental authority providing digital tachograph cards and related services to individuals and businesses in Hessen, Germany. The website serves as an informational and transactional portal offering application forms and guidance for driver cards, company cards, and workshop cards. The organization positions itself as a trusted public service entity within the transportation sector, focusing on compliance and regulatory oversight. Technically, the website is built on TYPO3 CMS, hosted behind Cloudflare DNS and CDN services, and employs standard web technologies including Bootstrap and FontAwesome. Performance is moderate with good mobile optimization and basic accessibility. Security posture is adequate with a valid SSL certificate and cookie consent mechanisms; however, improvements are recommended such as enabling HSTS, DNSSEC, and security headers. No explicit terms of service or vulnerability disclosure policies are present, and contact information is limited to a contact form without direct emails or phone numbers. Analytics usage includes etracker and Google marketing cookies with user consent. Overall, the website demonstrates a professional and trustworthy presence aligned with its public service mission.

S

Sebastian Gepperth

rash.codes

47

The website rash.codes represents a personal brand and portfolio of Sebastian Gepperth, a software developer and designer specializing in open source projects and freelance coding services. The site targets developers and potential clients interested in modern web technologies and open source contributions. The business model revolves around personal branding and showcasing expertise to attract freelance opportunities. Technically, the site uses a modern frontend stack including Vue.js and Vitepress, hosted on a Hetzner server. However, the site lacks a valid SSL certificate and does not implement HTTPS, which is a significant security concern. DNS records show partial email security with SPF and DMARC configured, including an abuse contact email for incident reporting. Overall, the security posture is weak due to missing TLS, HSTS, and DNSSEC, exposing the site to potential interception and spoofing risks. Strategic improvements in SSL deployment and security policies are recommended to enhance trust and compliance.

微

微博

weibo.com

55

Weibo is a leading Chinese social media platform offering real-time information sharing, social interaction, and content discovery services. It holds a strong market position in China as a major media platform with a large user base and extensive content offerings including video and trending topics. The platform targets Chinese internet users, content creators, and social media enthusiasts, operating primarily on an advertising-driven business model. Technically, the site uses modern web technologies such as Vue.js and ECharts but suffers from slow load times and lacks a valid SSL certificate, impacting user trust and security. Security posture is moderate with proper SPF and DMARC DNS records but missing critical SSL/TLS configurations and security headers. Overall, the platform demonstrates good content quality and user experience but requires significant improvements in security and performance to enhance trust and compliance.

J

Johann Oberauer GmbH

campaigngermany.de

49

Campaign Germany is a well-established German media service focused on delivering daily industry news and insights for the advertising, marketing, and media sectors. The website offers subscription services, newsletters, job listings, and advertising opportunities, targeting professionals within the German media industry. The company operates under Johann Oberauer GmbH and maintains a consistent brand presence with a good quality content offering. Technically, the site is built on the Newsroom CMS and uses technologies such as nginx, Google Tag Manager, and Google Publisher Tags for advertising. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. While privacy policies and terms of service are present and GDPR compliant, there is no cookie consent mechanism implemented. The site uses standard security headers but misses advanced protections like HSTS and DNSSEC. Overall, the website demonstrates moderate trustworthiness and professionalism but requires urgent security improvements to protect user data and enhance compliance.

C

Clay Paky s.r.l.

e-assist.tech

54

Clay Paky s.r.l. operates the e-assist.tech website, providing an entertainment after sales service information support tool primarily targeting professionals in the entertainment industry. The platform offers user login capabilities and data request forms to facilitate after sales support. The company positions itself as a niche service provider within the entertainment technology sector, with a medium-sized business footprint based in Italy. The website content is basic but functional, with legal and privacy links present, though lacking advanced user engagement or marketing features. Technically, the site uses UIkit and standard web technologies but suffers from slow load times and lacks modern CMS or platform integrations. Security posture is weak, with no valid SSL certificate, no DNSSEC, and minimal security headers, exposing users to potential risks. There is no visible incident response or vulnerability disclosure policy, and GDPR compliance mechanisms are minimal. Overall, the site requires significant improvements in security and performance to meet modern standards and build user trust.

TÜV PROFiCERT, operated by TÜV Hessen, is a well-established certification and conformity assessment provider specializing in quality management, environmental and energy management, occupational safety, information security, healthcare, and validation services. The company leverages its TÜV brand reputation and accredited certification procedures to serve businesses seeking recognized certifications in Germany and potentially beyond. The website is built on TYPO3 CMS, hosted behind Cloudflare, and employs a professional design with clear navigation and multilingual support. While the SSL certificate is valid and HSTS is enabled with preload, the absence of modern TLS protocols (TLS 1.2 or 1.3) is a notable security gap. The site implements a comprehensive cookie consent mechanism and uses etracker for analytics, reflecting a moderate level of user tracking with good privacy compliance. Contact information is clearly presented, but no explicit incident response or vulnerability disclosure policies are found. Overall, the site demonstrates a solid security posture with room for improvement in modern protocol support and security header implementation.

E

Equals

equals.com

67

Equals is a technology company specializing in providing an all-in-one GTM analytics platform that integrates with Salesforce, HubSpot, Stripe, and SQL databases to deliver real-time insights on pipeline and ARR. Positioned as a trusted solution for RevOps, founders, and finance teams, Equals emphasizes clarity and actionable revenue insights to drive business growth. The company maintains a professional online presence with consistent branding and customer testimonials, reinforcing its market position in the SaaS analytics space. Technically, the website is hosted on Netlify and leverages modern JavaScript technologies, Google Tag Manager, and Intercom for analytics and customer engagement. While the site demonstrates good performance and mobile optimization, it lacks some advanced security configurations such as modern TLS protocols and DNSSEC. Security headers are properly implemented, and the SSL certificate is valid, but the absence of a cookie policy and explicit security or incident response policies indicates room for improvement. Overall, Equals exhibits a solid digital maturity with a focus on user experience and trust, though enhancements in security posture and compliance transparency would strengthen its risk management and customer confidence.

V

Volkswagen Financial Services

volkswagen-versicherungsdienst.de

65

Volkswagen Financial Services AG operates the volkswagen-versicherungsdienst.de website, providing a comprehensive portfolio of automotive insurance products including liability, partial and full coverage, warranty extensions, leasing rate insurance, credit protection, and travel insurance. The site targets primarily German private and business customers, leveraging the strong Volkswagen brand and integrated financial services ecosystem. The website is built on Adobe Experience Manager with extensive use of modern web technologies and content delivery networks, ensuring excellent performance and user experience. However, the SSL configuration is critically flawed with a self-signed certificate and no enabled TLS protocols, which undermines secure communications. Security headers are well implemented, but the absence of a cookie consent mechanism and explicit security or incident response policies indicates gaps in compliance and transparency. The site integrates multiple marketing and analytics tools, including Adobe Analytics, Google Tag Manager, and UserZoom, reflecting extensive user tracking. Overall, the site is professional, content-rich, and trustworthy from a business perspective but requires urgent security improvements to protect user data and comply with best practices.

S

SuranceBay LLC

surancebay.com

75

SuranceBay LLC operates a leading SaaS platform focused on insurance agent onboarding and compliance, positioning itself as the industry's number one solution in this niche. Their platform, SureLC, streamlines and automates insurance distribution processes, serving carriers, agencies, producers, and third-party administrators. The company demonstrates a solid market presence with a medium-sized operation based in the United States. Technically, the website is well-structured with modern web technologies, good SEO, and mobile optimization. The hosting infrastructure is based on Amazon AWS, and the site employs Google Tag Manager for analytics. Security-wise, the site benefits from a valid SSL certificate issued by Go Daddy and robust HTTP security headers including HSTS with preload, X-Frame-Options, and Content Security Policy. However, the absence of enabled TLS protocols is a critical security gap that should be addressed promptly. The company maintains comprehensive legal documentation including privacy policy and terms of service, but lacks visible cookie consent mechanisms and vulnerability disclosure policies. Overall, SuranceBay presents a professional and trustworthy digital presence with room for security enhancements.

深

深圳市顺友跨境物流股份有限公司

sypost.com

56

深圳市顺友跨境物流股份有限公司是一家成立于2008年的中国大型跨境电商物流服务商，专注于为跨境电商卖家提供国际快递、全球邮政专线、海外仓储及订单处理等综合物流解决方案。公司拥有丰富的行业经验和广泛的服务网络，日均处理包裹量超过10万件，服务超过2万家跨境电商企业，市场地位稳固。技术基础包括使用nginx服务器和jQuery等前端技术，网站性能表现良好，具备基本的移动优化和SEO策略。安全方面，网站使用有效的SSL证书，但未启用现代TLS协议和安全强化头，存在改进空间。网站实现了Cookie政策和用户同意机制，但缺乏公开的安全政策和事件响应流程。整体网站设计专业，内容丰富，导航清晰，体现出较高的用户信任度。

The website 'Connect Pro' presents a minimalistic landing page with no visible business descriptive content, contact information, or user interaction elements. The company behind the domain is not identifiable from the site content or metadata. The technical infrastructure is hosted on Amazon AWS with a valid SSL certificate; however, the SSL configuration lacks modern TLS protocol support, which is a security concern. The site does not implement common security and privacy policies, nor does it provide any GDPR compliance indicators or consent mechanisms. Overall, the digital maturity appears low with limited content and technical sophistication. Security posture is basic with some good practices like HSTS enabled but lacks critical improvements such as DNSSEC, CAA, and modern TLS protocols. The absence of privacy and cookie policies, contact details, and analytics tools suggests a low level of transparency and user engagement. Strategic recommendations include enhancing security protocols, publishing comprehensive privacy and cookie policies, enabling DNS security features, and improving content and user experience to build trust and compliance.

E

Essilor

essilor.com

77

Essilor is a global leader in the healthcare sector specializing in prescription lenses and vision care products. The company offers a wide range of innovative lenses designed to correct, protect, and enhance vision, targeting consumers seeking high-quality vision solutions. Their website demonstrates a strong market position with comprehensive product offerings, digital tools for lens personalization, and a store locator for partnered opticians. Technically, the site is built on modern frameworks such as React and Next.js, hosted likely on Microsoft Azure, and optimized for fast performance and excellent mobile experience. Security posture is strong with robust HTTP security headers and a valid SSL certificate, although the absence of enabled TLS protocols and DNS security features are notable gaps. Privacy policies and terms of service are present and comprehensive, but cookie consent mechanisms and vulnerability disclosure policies are lacking. Overall, the website reflects a mature digital presence with room for security enhancements and improved transparency in user consent.

A

Angelbird Technologies GmbH

angelbird.com

71

Angelbird Technologies GmbH operates a professional e-commerce platform specializing in high-performance storage media such as memory cards, SSDs, and custom media solutions tailored for camera and audio professionals. The company positions itself as a niche market leader with a focus on quality and innovation, serving a global audience with a strong presence in Austria. The website demonstrates a solid digital infrastructure with modern web technologies, fast performance, and good mobile optimization. Security posture is generally good with valid SSL certificates, secure cookie practices, and HSTS enabled, though the lack of modern TLS protocols and absence of a cookie consent mechanism indicate areas for improvement. The company maintains active social media channels and provides comprehensive privacy and terms of service documentation, supporting trust and compliance. Overall, Angelbird shows a mature digital presence with room to enhance security and privacy transparency further.

E

EssilorLuxottica

essilorluxottica.com

77

EssilorLuxottica is a global integrated leader in the eyecare and eyewear industry, offering a comprehensive portfolio of products and services including eyewear brands, eyecare solutions, and direct-to-consumer retail. The company targets consumers, investors, and partners with a strong emphasis on innovation, sustainability, and governance. Their digital presence is built on modern technologies such as React and Next.js, hosted on Microsoft Azure, and managed via CoreMedia CMS, reflecting a mature and scalable technical infrastructure. Security posture is strong with multiple security headers and a valid SSL certificate, although the absence of enabled TLS protocols and lack of a public vulnerability disclosure policy indicate areas for improvement. Overall, the website demonstrates high professionalism, excellent user experience, and consistent branding, supporting the company's market position and trustworthiness.

E

EssilorLuxottica

luxottica.com

77

EssilorLuxottica is a global leader in the eyecare and eyewear industry, integrating manufacturing, retail, and innovation to deliver comprehensive vision care solutions. The company operates a sophisticated digital presence with a modern tech stack including React and Next.js, hosted on Akamai and managed via CoreMedia CMS. The website demonstrates excellent design, user experience, and content quality, targeting consumers, investors, and partners worldwide. Security posture is strong with valid SSL certificates and robust security headers, although the lack of modern TLS protocols and absence of a vulnerability disclosure page indicate areas for improvement. Privacy and compliance policies are comprehensive and GDPR compliant, but cookie consent mechanisms could be enhanced. Overall, the site reflects a mature digital infrastructure supporting a large enterprise with a global footprint.

テ

テレシー(TELECY) - 運用型テレビCMを軸として総合コミュニケーションサービスを提供

telecy.tv

56

Telecy.tv is a Japanese media company specializing in operational television commercial (TVCM) services and integrated communication strategies. The company offers end-to-end marketing communication solutions centered on TV advertising, including strategy planning, creative development, media execution, and performance analysis. Positioned as a medium-sized enterprise, Telecy operates under the parent company CARTA HOLDINGS and partners with major advertising firms such as Dentsu. The website reflects a professional and consistent brand image targeting marketing professionals and advertisers in Japan. Technically, the site is built on WordPress, uses Cloudflare for hosting and caching, and integrates modern marketing tools like Google Tag Manager and a chatbot service. However, the SSL configuration lacks modern TLS protocol support, and there is no visible cookie consent mechanism, which may impact compliance.