Security Directory

I

Istmobil

istmobil.at

35

Istmobil.at is an independent informational website focused on providing detailed reviews, guides, and affiliate referrals related to mobile casinos and online gambling targeted at Austrian players. The site offers comprehensive content on casino apps, bonuses, payment methods, and gaming options, positioning itself as a niche media player in the online gambling affiliate space. Technically, the site is hosted behind Cloudflare and uses standard web technologies including HTML5, CSS3, and JavaScript, with Google Fonts for typography. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. This significantly impacts the site's security posture and user trust. Privacy compliance is minimal, with no visible cookie consent mechanism and only basic privacy and terms of service pages linked in the footer. The site uses Matomo analytics and affiliate marketing links to partner casino domains. Overall, while content quality and business credibility are moderate to good, the lack of HTTPS and modern security practices present a major risk. Strategic improvements in security and privacy compliance are essential to enhance trust and protect users.

P

PXP Financial

pxpfinancial.com

40

PXP Financial is a UK-based payment technology company offering a unified commerce platform that simplifies global payments and commerce operations. The company targets a broad range of industries including retail, hospitality, gaming, and travel, providing services such as point of sale, eCommerce, acquiring, and cross-border payments. Their platform emphasizes intelligent payment routing, real-time business intelligence, and self-service capabilities, positioning them as a modern and innovative player in the payment solutions market. Technically, the website is built on HubSpot CMS with integrations of popular marketing and analytics tools such as Google Analytics, Hotjar, and Cookiebot for privacy compliance. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which is a critical issue for a financial services provider. The domain registration is consistent and mature, registered with a reputable UK registrar, and the business is FCA authorized, enhancing credibility. Overall, the website is professional and content-rich but requires urgent improvements in SSL/TLS security to meet industry standards and protect user data.

R

Rosenfelt & West Engineering A/S

rwe.dk

36

Rosenfelt & West Engineering A/S is a Danish engineering company specializing in railway safety systems, including automatic secured level crossings and marshalling yard safety installations. The company offers comprehensive services such as equipment renovation, training courses, and career opportunities within the railway safety sector. Their market position is supported by certifications in environmental management, quality management, and railway safety standards, reflecting a commitment to reliability and compliance. Technically, the website is built on WordPress with common plugins and hosted on a LiteSpeed server, but lacks a valid SSL certificate, which is a significant security concern. The absence of HTTPS and related security headers exposes the site and its visitors to potential risks. Privacy compliance is partial, with a privacy policy present but no cookie policy or consent mechanism detected. Contact information is limited to a phone number and contact page link, with no email addresses or social media profiles found. Overall, the website is professional and content-rich but requires urgent security improvements to protect users and enhance trust.

S

Stefanel

stefanel.com

38

Stefanel is a European retail and e-commerce brand specializing in women's fashion, operating a multi-country website with localized country selectors. The business targets European consumers seeking stylish women's clothing. The website is built on the Salesforce Commerce Cloud (Demandware) platform and uses various marketing and analytics tools including Google Tag Manager, CQuotient, and LiveStory. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security flaw. Privacy compliance is partially addressed with a OneTrust cookie consent mechanism, but no privacy policy or terms of service are found on the splash page. Contact information is also absent, limiting user trust and support options.

Stellantis NV operates a comprehensive global website representing one of the world's largest automotive groups with a portfolio of 14 iconic brands and mobility services. The site targets industry stakeholders, investors, customers, and the general public, providing rich content including press releases, investor relations, sustainability initiatives, and innovation highlights. The technical infrastructure leverages Adobe Experience Manager CMS, modern JavaScript libraries like jQuery, and performance monitoring tools such as Boomerang, hosted on Microsoft Azure with Akamai CDN integration. While the website demonstrates excellent design quality, mobile optimization, and SEO practices, it critically lacks a valid SSL certificate and HTTPS support, severely impacting its security posture. Security headers are partially implemented but insufficient without TLS encryption. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is strong with consistent branding and comprehensive content. Overall, the site scores moderately due to the critical absence of HTTPS, which should be prioritized to protect user data and maintain trust.

A

automate-it

a-it.cc

32

automate-it is an Austrian software and services company specializing in datacenter automation and hybrid cloud management through its LEON platform. The company has established a solid market presence with active customers in EMEA and partnerships with notable firms such as BMC Software. The website reflects a professional business focus with comprehensive content describing their automation and SecOps solutions. Technically, the website is built on WordPress with modern plugins and SEO optimizations but lacks HTTPS support, which is a critical security deficiency. Security headers are well configured, but the absence of SSL/TLS and HSTS significantly lowers the security posture. Privacy and cookie policies are present and GDPR compliant, though no explicit security or incident response policies are published. Overall, the website is functional and professional but requires urgent security improvements to enhance trust and compliance.

A

AdWords Agentur GmbH

adwordsagentur.at

38

AdWords Agentur GmbH is a specialized Google AdWords agency based in Vienna, Austria, focusing on delivering measurable and cost-efficient search engine advertising services. The company offers comprehensive campaign analysis, management, and optimization services, emphasizing conversion tracking and ROI maximization. Their market position is supported by over 100 partners and detailed case studies showcasing significant client success. Technically, the website is built on WordPress with modern plugins and technologies, though it suffers from critical SSL/TLS misconfiguration, impacting security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business demonstrates professionalism and trustworthiness but must urgently address its HTTPS implementation to improve security and user trust.

P

Party and Be Married

partyandbemarried.com

37

Party and Be Married is a small, specialized event planning and coordination company focused on weddings, lifestyle, and business events primarily serving California and beyond. The company emphasizes a personalized, artistic approach to creating unique client experiences. The website is hosted on Squarespace and uses standard web technologies including JavaScript, FontAwesome, and Google Fonts. While the site design is professional and content is relevant, the technical infrastructure shows weaknesses such as lack of a valid SSL certificate and disabled HTTPS, which severely impacts security posture. No privacy or cookie policies are present, indicating poor privacy compliance. Contact information is limited to an email and contact form, with no phone or physical address listed. Social media presence is active, supporting marketing efforts. Overall, the website is functional but requires significant improvements in security and compliance to meet modern standards.

S

Smaply GmbH

morethanmetrics.com

37

Smaply GmbH operates a professional SaaS platform focused on customer journey mapping and experience management. The company targets enterprise and professional users such as UX designers, product managers, and service designers. Their market position is supported by strong trust indicators including ISO 27001 and SOC-2 certifications, GDPR compliance, and customer testimonials. The website content is rich, well-structured, and professionally designed, reflecting a mature digital presence. Technically, the site is built on Webflow with integrations for analytics and marketing automation, hosted on Cloudflare and AWS infrastructure. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate and serves content over HTTP only, severely impacting security posture and trust. Privacy compliance is well addressed with cookie consent mechanisms and comprehensive policies. Overall, the business appears legitimate and trustworthy, but the lack of HTTPS is a major risk that should be remediated immediately.

A

American International School Vienna

ais.at

40

The American International School Vienna (AIS Vienna) is a well-established international educational institution located in Vienna, Austria. The website presents a comprehensive overview of the school's offerings, including early childhood through high school education, student life, admissions, and community engagement. The school holds multiple international accreditations, reinforcing its credibility and commitment to quality education. The website is professionally designed using the Squarespace platform, featuring clear navigation, active social media integration, and basic privacy compliance mechanisms such as a cookie consent banner. Technically, the site leverages modern web technologies including jQuery, Google Fonts, and Google Analytics for tracking. However, a critical security shortfall is the absence of a valid SSL certificate, resulting in no HTTPS encryption and disabled modern TLS protocols. This significantly impacts the site's security posture and user trust. Security headers are partially implemented but could be enhanced. Privacy compliance is basic, with a privacy policy present but lacking explicit GDPR compliance indicators. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include installing a valid SSL certificate, enabling HSTS, and improving security policies and incident response readiness.

S

Sphera Solutions, Inc.

thinkstep.com

33

Sphera Solutions, Inc. is a leading provider of enterprise sustainability management software, data, and consulting services, targeting large enterprises across multiple industries globally. The company offers a comprehensive platform, SpheraCloud, that integrates sustainability, operational risk, and EHS management to help organizations meet regulatory and strategic goals. The website demonstrates a high level of digital maturity with modern technologies, multilingual support, and rich content including case studies, events, and resources. However, a critical security issue is the invalid SSL certificate, which undermines secure communications and trust. The presence of strong privacy and cookie policies with consent mechanisms indicates good compliance posture. Overall, the company is well-positioned in the market with strong branding and trust indicators but should urgently address SSL and related security configurations.

D

Dialogschmiede

dialogschmiede.com

35

Dialogschmiede is an Austrian marketing agency specializing in marketing automation, data-driven campaigning, and dialog marketing services. The website positions the company as a leading dialog agency in Austria, targeting businesses seeking advanced marketing automation solutions. The technical infrastructure is based on WordPress with Elementor and several plugins, hosted on Microsoft Online infrastructure. However, the website suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Additionally, the site lacks essential privacy and cookie policies, as well as contact information, which affects compliance and user trust. Performance is poor with a very slow load time and a large page size, indicating potential optimization needs.

Analog Devices, Inc. is a global leader specializing in the design and manufacturing of analog, mixed signal, and digital signal processing integrated circuits. The company serves a broad range of industries including aerospace, automotive, communications, consumer electronics, energy, industrial automation, and healthcare. Their website reflects a mature enterprise with a comprehensive portfolio aimed at engineers and technical professionals. The site is well-structured, mobile-optimized, and rich in multimedia content, demonstrating a high level of digital maturity and professional branding consistency. Technically, the website leverages modern web technologies such as JavaScript frameworks, Adobe Dynamic Tag Manager, and is hosted on Akamai's CDN, ensuring good performance and scalability. The use of structured data (JSON-LD) enhances SEO and provides clear business information. However, the SSL/TLS configuration is critically flawed with an invalid or missing certificate and no support for modern TLS protocols, which significantly undermines the site's security posture. Security headers are properly implemented, including HSTS and Content Security Policy, but the lack of a valid SSL certificate and absence of OCSP stapling and session resumption mechanisms indicate areas needing urgent remediation. Privacy compliance is weak, with no visible privacy or cookie policies and no explicit GDPR compliance indicators. Contact information such as emails and phone numbers are not explicitly provided in the analyzed content, which may affect user trust and compliance. Overall, the website presents a professional and trustworthy business front but requires immediate attention to its SSL/TLS security configuration and privacy compliance to mitigate risks and enhance user trust. Strategic improvements in these areas will strengthen the company's digital security posture and regulatory adherence.

S

Semantic Web Company

semantic-web.at

39

Semantic Web Company is a technology provider specializing in semantic AI solutions, headquartered in Austria with subsidiaries in the US and UK. They offer the PoolParty Semantic Suite, a leading graph-based platform for text mining, recommender systems, and data fabric solutions, targeting enterprises seeking advanced AI-driven knowledge management. The website is professionally designed with comprehensive content and clear navigation, reflecting a mature digital presence. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security shortfall that undermines trust and data protection. The technical stack is modern, leveraging WordPress with Elementor and various JavaScript libraries, but performance data is lacking, indicating potential optimization opportunities. Privacy compliance is addressed with visible cookie consent and a detailed privacy policy, though analytics tracking is minimally configured. Overall, the business credibility is strong, supported by consistent branding and active social media engagement, but security posture requires urgent improvement to meet industry standards.

The website dondusang.net represents the official French public blood service, Etablissement français du sang (EFS). It provides comprehensive information and services related to blood, plasma, and platelet donations across France. The site is well-branded, content-rich, and targets donors, associations, and the general public with clear calls to action and partner engagement. Technically, the site is built on Drupal CMS, uses modern tracking and analytics tools, and integrates multiple partner domains. However, it lacks HTTPS support, which is a critical security flaw exposing users to risks. Security headers are well configured but cannot compensate for the absence of SSL/TLS. Privacy policies and cookie consent mechanisms are present and GDPR compliant. Overall, the site demonstrates a high level of professionalism and trustworthiness but requires urgent security improvements.

C

CTI Meeting Technology

ctimeetingtech.com

40

CTI Meeting Technology is a mature and established provider of comprehensive meeting management software solutions, serving the STEM meeting industry for over 40 years. Their all-in-one platform supports virtual, hybrid, and in-person events with a wide range of modules including abstract management, presentation management, program management, and more. The company targets meeting organizers, associations, PCOs, and other stakeholders involved in event planning and execution. Technically, the website is built on WordPress with Elementor and integrates various modern tools such as Calendly and Microsoft Clarity. However, the absence of a valid SSL certificate and HTTPS significantly impacts the security posture. While security headers are present, the lack of encryption is a critical vulnerability. The website demonstrates good privacy compliance with clear policies and contact information. Overall, the business is credible and well-positioned in its market, but it must address critical security issues to improve trust and compliance.

E

Evangelical Free Church of America

efca.org

37

The Evangelical Free Church of America (EFCA) operates as a large non-profit religious association focused on uniting and supporting approximately 1,600 evangelical congregations across the United States. Their website serves as a central hub for ministry resources, church networking, events, and informational content aimed at their faith community and interested individuals. The organization maintains a strong market position within the evangelical sector, supported by trust indicators such as ECFA accreditation and active social media engagement. Technically, the website leverages modern frontend frameworks including Vue.js and Nuxt.js, delivering a visually appealing and accessible user experience. However, the site suffers from slow load times and lacks a content delivery optimization strategy. Hosting is provided by DreamHost, and the site integrates third-party services such as Mailchimp for newsletter subscriptions and Vimeo for video content. From a security perspective, the site exhibits critical vulnerabilities, most notably the absence of a valid SSL/TLS certificate, resulting in no HTTPS support. This severely undermines user trust and data security. Additionally, the lack of security headers, HSTS, and other best practices further exposes the site to potential risks. Privacy compliance is limited, with no cookie consent mechanism detected and only a basic privacy policy present. Overall, while the EFCA website is professionally designed and content-rich, its security posture is weak and requires urgent remediation to protect users and maintain organizational credibility. Strategic improvements in SSL implementation, security headers, and privacy compliance will significantly enhance the site's trustworthiness and resilience.

G

Gronda

gronda.eu

38

Gronda operates as a leading culinary community platform connecting chefs worldwide to share recipes, culinary creations, and educational content. The business targets professional and aspiring chefs and culinary enthusiasts, offering a mobile app and subscription-based PRO services. The platform is positioned as a top community in its niche with a strong digital presence and active social media engagement. Technically, the website is built on modern web technologies including Webflow CMS, AWS CloudFront CDN, and integrates Google Tag Manager and Weglot for analytics and multilingual support. However, performance data is missing, and inferred loading speed is slow. Security posture is weak due to the absence of a valid SSL certificate and incomplete HTTPS implementation, which poses risks to user data and trust. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site is professional and credible but requires urgent security improvements to protect users and enhance trust.

A

alt-lichtenberg.de

alt-lichtenberg.de

21

The website alt-lichtenberg.de appears to represent a small local or community-oriented entity based in Germany, as indicated by the German language and domain registration details. The site is built on WordPress 5.2.3 with an Apache server running PHP 7.2.34, which is outdated and may pose security risks. The content is minimal with no visible business description, contact information, or terms of service, limiting its professional appeal and user engagement. A cookie consent banner is present, indicating some awareness of privacy compliance, but the privacy policy is only linked and not detailed on the homepage. The site lacks HTTPS, which is a critical security deficiency, exposing visitors to potential risks. Social media presence is limited to a Facebook page link. Overall, the digital maturity of the site is low, with basic mobile optimization and minimal SEO or accessibility features.

I

Informa Connect Australia

informa.com.au

40

Informa Connect Australia is a leading event organiser specializing in conferences, exhibitions, and corporate training services primarily targeting business professionals in Australia. As part of the global Informa PLC group, it holds a strong market position with a large-scale operational footprint. The website reflects a professional business model focused on event management and corporate learning, supported by a consistent brand presence and trust indicators such as testimonials and social media engagement. Technically, the site is built on WordPress with WooCommerce and uses modern web technologies and frameworks, although performance metrics are unavailable. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, despite the presence of some security headers and Cloudflare protection. Privacy compliance is moderate with clear privacy and cookie policies and consent mechanisms, but lacks explicit GDPR compliance indicators or security policies. Overall, the site is functional and credible but requires urgent improvements in security infrastructure to protect user data and enhance trust.

G

Graz-Köflacher Bahn und Busbetrieb GmbH

gkb.at

23

Graz-Köflacher Bahn und Busbetrieb GmbH (GKB) is a regional transportation company based in Austria, providing rail and bus services primarily in the West Styria region. The company has a long history dating back to 1935 and focuses on sustainable mobility solutions including electrification of rail lines and regional bus services. Their website serves as an information portal for passengers, offering schedules, fare information, and service updates. The company maintains an active social media presence and provides comprehensive privacy and cookie policies in compliance with GDPR. Technically, the website is built on Joomla CMS with common web technologies such as jQuery and Bootstrap, but lacks a valid SSL certificate, which is a critical security shortfall. The absence of HTTPS and modern TLS protocols exposes users to potential risks. Despite this, the site is well-structured, mobile-optimized, and provides clear contact information. Overall, the business is credible and well-established, but the website's security posture requires urgent improvement to protect user data and maintain trust.

A

acccoi partners GmbH

acccoi.com

27

acccoi partners GmbH is a small technology-focused company based in Austria specializing in enabling corporate business development through startup collaboration, corporate accelerators, and co-innovation programs. Established since 2012, the company targets large corporates and startups seeking innovation partnerships. The website is built on WordPress using Elementor and several plugins for SEO and marketing, but lacks HTTPS which is a critical security shortfall. The site includes standard legal pages and contact mechanisms, including a contact form and social media links. However, Google Analytics is installed but not configured, and performance metrics are unavailable. Security posture is weak due to missing SSL/TLS and security headers, exposing the site to risks. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

A

ADRESYS Adaptive Regelsysteme Gesellschaft m.b.H.

adresys.com

24

ADRESYS Adaptive Regelsysteme Gesellschaft m.b.H. is a small Austrian company specializing in innovative safety solutions for lone workers, including emergency call systems and smart textile technologies. Operating as a subsidiary of OMICRON electronics GmbH, a global leader in energy technology testing, ADRESYS leverages advanced technology to enhance workplace safety. The website is professionally designed, multilingual, and provides comprehensive information about products and services, targeting industrial safety managers and workers. Technically, the site runs on WordPress with modern plugins for multilingual support, cookie consent, and analytics. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with detailed policies and consent mechanisms. Overall, the business presents a credible and professional digital presence but must urgently address its SSL/TLS configuration to improve security posture.

N

Nussbaumer

nussbaumer.be

27

Nussbaumer is a Belgian-based company specializing in electrical materials for low, medium, and high voltage applications. The company operates a B2B e-commerce platform powered by Sana Commerce, offering a wide range of products and training services targeted at electrical installers and industrial clients. The website is professionally designed with clear navigation and multilingual support, primarily in Dutch and French. Technically, the site runs on Microsoft IIS 10.0 and integrates Google Tag Manager for analytics and marketing purposes. However, the absence of a valid SSL certificate and HTTPS implementation significantly weakens the security posture. While security headers are partially implemented, critical SSL/TLS configurations are missing, exposing the site to potential risks. Privacy compliance is addressed with GDPR and cookie policies, including a consent mechanism. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

K

Kraftwerk Living Technologies GmbH

kraftwerk.at

36

Kraftwerk Living Technologies GmbH is a specialist provider of integrated media technology solutions, delivering innovative and customized concepts for sectors including entertainment, industry, science, museums, exhibitions, corporate, and architectural solutions. The company operates globally with offices in Austria, China, UAE, Saudi Arabia, and South Africa, targeting businesses seeking advanced AV systems integration and media-based attractions. Their website reflects a professional and content-rich digital presence, leveraging WordPress with SEO enhancements and Google Tag Manager for analytics. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of HTTPS, which poses significant risks to user trust and data protection. Privacy policies and GDPR compliance are well addressed, but incident response and security policy disclosures are missing. Overall, the business appears legitimate and well-positioned in its niche, but urgent improvements in security infrastructure are recommended.

R

Ricoh USA, Inc.

ricoh-usa.com

40

Ricoh USA, Inc. is a leading enterprise providing digital business services and printing solutions primarily targeting businesses, government agencies, and educational institutions in the United States. The company offers a comprehensive portfolio including managed print services, cloud and IT infrastructure, cybersecurity, and business process automation. Their market position is reinforced by industry recognitions such as being named a leader in cloud print services by Quocirca and IDC MarketScape. Technically, the website is built on modern frameworks like React and Next.js, managed via Contentful CMS, and hosted with Cloudflare DNS services. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is readily available through multiple channels. Overall, the website demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

T

TicketLens GmbH

ulmon.com

37

TicketLens GmbH operates a travel-focused media and ticket comparison platform primarily targeting travelers seeking tickets, tours, and activities worldwide. The website provides travel app reviews and curated travel content to support its audience. The business model centers on affiliate marketing and price comparison, positioning TicketLens as a niche player in the travel media sector. Technically, the site is built on WordPress with common SEO and performance plugins, hosted on WP Engine, and uses privacy-conscious analytics via Plausible. However, the absence of a valid SSL certificate and HTTPS support represents a critical security gap, exposing users to potential risks. Privacy compliance is basic, with privacy and terms pages present but lacking explicit GDPR compliance indicators or cookie consent mechanisms. Contact information is limited to email and social media, with no phone or physical address provided. Overall, the website is functional and content-rich but requires urgent security improvements to protect user data and enhance trust.

W

Webroot

webroot.com

40

Webroot, a subsidiary of Open Text Corporation, is a well-established cybersecurity company founded in 2004, providing multi-vector protection solutions for endpoints, networks, and identity protection. The company targets both home users and businesses, offering a broad portfolio of products including antivirus, identity protection, cloud backup, VPN, and threat intelligence services. The website reflects a mature enterprise with consistent branding, comprehensive content, and strong market positioning supported by industry awards and customer testimonials. Technically, the website is built on a Concrete5 CMS platform, leveraging Apache server technology, jQuery, Google Fonts, and is delivered via Imperva CDN. While the site is mobile-optimized and accessible with good SEO practices, performance data is limited and suggests moderate speed. The site uses modern marketing and analytics tools such as Google Tag Manager and Sitespect for tracking and optimization. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS or modern TLS protocols, which is a critical vulnerability exposing users to potential interception and attacks. Security headers are partially implemented but key protections like HSTS and OCSP stapling are missing. No explicit security policy or incident response information is provided, which could be improved to enhance trust and compliance. Overall, the website demonstrates high business credibility and content quality but suffers from significant security configuration issues that must be addressed to protect users and maintain compliance. Strategic improvements in SSL/TLS deployment and security best practices are recommended to elevate the security posture and user trust.

L

Ledinek Engineering d.o.o.

ledinek.com

37

Ledinek Engineering d.o.o. is a Slovenia-based manufacturing company specializing in solid wood processing machinery and turnkey solutions for engineered wood products. The company holds a strong global market position with representatives in 25 countries and a broad client base exceeding 1395 customers. Their key offerings include planing profiling machines, finger jointing lines, engineered timber production lines, and automation solutions tailored for the woodworking industry. The website reflects a professional B2B business model targeting industrial clients and woodworking professionals worldwide. Technically, the website is built on an nginx server with Laravel backend and uses jQuery and Google Fonts for frontend enhancements. However, the site lacks a valid SSL certificate, serving content over HTTP only, which is a critical security shortfall. Security headers are minimal, and no advanced security policies or incident response information is publicly available. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

M

MCI Group

mci-group.com

40

MCI Group is a well-established global marketing communications collective with over 35 years of experience, operating across 62 offices worldwide. The company offers a broad range of services including engagement and events, strategic communications, social media content, creative technology, data research, and community management. Their target audience includes brands and organizations seeking to enhance influence and impact through strategic marketing and communications. Technically, the website is built on WordPress with modern plugins like Yoast SEO and video.js, hosted on Microsoft Azure. However, performance data is missing, and the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. Privacy and cookie policies are present and indicate GDPR compliance, but no direct contact emails or phone numbers are published, relying instead on a contact form. Security posture is weak due to missing HTTPS and security headers, though no known vulnerabilities or malware are detected. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

555photography is a small professional photography business specializing in wedding, family, engagement, and event photography. The business leverages the SmugMug platform to showcase its portfolio and manage client galleries, positioning itself as a niche service provider in the media sector. The website content is relevant and well-structured, targeting individuals and families seeking professional photography services. The business model relies on online presence and client engagement through SmugMug's infrastructure. Technically, the website is hosted on SmugMug's infrastructure using nginx and Amazon CloudFront CDN, with modern JavaScript frameworks and responsive design ensuring good mobile optimization and user experience. However, performance metrics are limited, and some technical debt is evident in the use of older YUI libraries alongside modern modules. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data protection. While some security headers are present, the absence of HTTPS and other advanced security features significantly lowers the security posture. Privacy policies and terms of service are available on the SmugMug domain, indicating compliance with GDPR and cookie consent mechanisms, but no explicit security or incident response policies are found. Overall, the website presents a moderate risk profile primarily due to missing HTTPS and limited direct business contact information. Strategic improvements in SSL implementation, security policy publication, and direct contact channels would enhance trust and compliance.

R

R-Biopharm AG

r-biopharm.com

35

R-Biopharm AG is a well-established German company specializing in clinical diagnostics, food and feed analysis, and nutrition care solutions. With over 35 years of experience and a presence in more than 120 countries, the company offers a broad portfolio of innovative products and services targeting healthcare professionals and the food industry. Their website reflects a professional and content-rich digital presence, supporting multiple languages and providing comprehensive information about their divisions and corporate responsibility initiatives. Technically, the site is built on WordPress with modern SEO and marketing tools, though performance could be improved. Security posture is currently weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical risk that should be addressed immediately. Privacy compliance is strong, with clear policies and cookie consent mechanisms in place. Overall, the company demonstrates high business credibility and trustworthiness, but must prioritize securing their web infrastructure to protect users and maintain reputation.

M

Moodsonic Services Ltd

moodsonic.com

40

Moodsonic Services Ltd operates a professional website focused on intelligent soundscaping solutions for workplaces and healthcare environments. The company leverages generative sound technology and biophilic design principles to enhance occupant well-being and productivity. Their market position is supported by notable clients such as HSBC, GSK, SAP, and Microsoft, and they provide technology, training, and consultancy services primarily targeting commercial and healthcare sectors. The website is well-designed, content-rich, and professionally branded, reflecting a small but focused technology business based in the UK. Technically, the site is built on the Webflow CMS platform, uses Cloudflare for DNS and CDN services, and integrates marketing and analytics tools such as Google Tag Manager, HubSpot, and Apollo.io. The site is mobile-optimized and SEO-friendly but lacks performance metrics data. Security-wise, the site has critical issues including the absence of a valid SSL certificate and no HTTPS enforcement despite having some security headers configured. This significantly lowers the security posture score and poses risks to user data confidentiality. Privacy compliance is partial; a comprehensive privacy policy is present and GDPR compliant, but no cookie policy or consent mechanism is detected. Contact information is limited to forms without direct emails or phone numbers, which may affect user trust and accessibility. Overall, the website is professional and credible but requires urgent security improvements to protect visitors and enhance trust. Strategic recommendations include obtaining and properly configuring SSL/TLS certificates, implementing cookie consent mechanisms, and enhancing contact transparency. These steps will improve security, privacy compliance, and user trust, supporting Moodsonic's growth and reputation in the soundscape technology market.

L

Loredo Muebles y Equipos

loredomuebles.com

19

Loredo Muebles y Equipos is a Mexican manufacturing company specializing in office, school, medical, stainless steel, and hospitality furniture. The company operates a WordPress-based website using the Divi theme and Yoast SEO plugin, targeting regional business and institutional customers. The website provides clear contact information and displays relevant certifications, indicating a legitimate and socially responsible business. However, the technical infrastructure lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. The absence of privacy and cookie policies also indicates compliance gaps. Overall, the website is functional with good content quality but requires urgent security improvements to protect user data and enhance trust.

S

Siblik Elektrik GmbH & Co. KG

siblik.com

39

Siblik Elektrik GmbH & Co. KG is a medium-sized Austrian company specializing in electrical and building technology solutions, including smart home products and professional training. The company maintains a professional and content-rich website powered by TYPO3 CMS, targeting electrical contractors and end customers in Austria. Their market position is supported by multiple physical locations and a consistent brand presence. Technically, the website uses modern web technologies and integrates analytics and marketing tools, but lacks HTTPS security, which is a critical vulnerability. The security posture is weak due to the absence of SSL/TLS and related security headers, exposing users to potential risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

A

ACN Opportunity, LLC

myacn.com

40

ACN Opportunity, LLC operates a mature and established website offering essential services such as internet, energy, and wireless, combined with a home-based business opportunity model. The company targets individuals interested in essential services and entrepreneurial ventures, positioning itself as a trusted provider with strong industry memberships and a broad social media presence. Technically, the website leverages modern frontend technologies including Joomla CMS, Bootstrap, jQuery, and Swiper.js, hosted on AWS infrastructure with CloudFront CDN. The site is mobile optimized and SEO friendly, though performance metrics are unavailable. Security posture is weak due to the absence of a valid SSL certificate and HTTPS enforcement, despite the presence of several security headers. Privacy compliance is strong with comprehensive policies and a OneTrust cookie consent mechanism. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and enhance trust.

C

CompaxDigital Software Development GmbH

compax.at

36

CompaxDigital Software Development GmbH is a technology company specializing in cloud-native Business Support Systems (BSS) and Operations Support Systems (OSS) software for telecommunications and related industries. The company offers a SaaS platform with agile delivery and operational support, targeting telecom service providers, MVNOs, ISPs, and enterprises requiring digital transformation solutions. Their market position is supported by partnerships with major telecom operators and industry memberships such as TM Forum. The website is professionally designed with rich content, customer logos, and whitepapers, reflecting a mature digital presence. Technically, the website is built on WordPress using the Divi theme and several plugins for enhanced functionality, hosted on WP Engine with Cloudflare CDN. However, performance is slow, and accessibility is basic. SEO is adequately implemented with proper meta tags and structured data. Mobile optimization is good. Security posture is weak due to the absence of a valid SSL certificate and HTTPS enforcement, lack of modern TLS protocols, and missing security headers like HSTS. No cookie consent mechanism is present despite the use of tracking scripts such as Google Analytics and HubSpot. No explicit security policies or incident response contacts are found. Overall, the website demonstrates strong business credibility and content quality but suffers from critical security shortcomings that should be addressed promptly to protect user data and improve trustworthiness.

N

Novellini S.p.A

novellini.com

28

Novellini S.p.A is a well-established Italian manufacturer specializing in bathroom products such as shower cubicles, whirlpool baths, and shower trays. The company maintains a strong international presence with localized websites for many countries, targeting consumers and businesses in the bathroom fixtures market. The website is professionally designed using Adobe Experience Manager CMS and includes modern JavaScript libraries and Google Tag Manager for analytics. However, the site lacks HTTPS, which is a critical security vulnerability, and does not provide visible privacy or cookie policies, impacting privacy compliance. Social media presence is active and official, enhancing brand trust. Overall, the website demonstrates good business credibility but requires urgent security improvements.

S

Skyliner Automatisering B.V.

skyliner.nl

36

Skyliner Automatisering B.V. is a mature Dutch ICT service provider established in 1999, offering a broad range of ICT solutions including system management, cloud services, VoIP, software development, and security services. The company targets businesses and organizations in the Netherlands seeking reliable and comprehensive ICT support. Their market position is supported by long domain tenure, recognized certifications, and positive customer testimonials. Technically, the website is built on WordPress with modern plugins and scripts, but suffers from a lack of proper SSL/TLS configuration, impacting security posture. The site is well structured with good SEO and mobile optimization, though performance metrics indicate slow loading. Security-wise, the absence of HTTPS and security headers are critical issues, though no active vulnerabilities or WAF blocking were detected. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the website reflects a credible and professional ICT business but requires urgent improvements in SSL security to enhance trust and compliance.

I

iService d.o.o.

iservice.hr

20

iService d.o.o. operates the website iservice.hr, providing fast and professional repair services for smartphones, tablets, Mac computers, and Apple devices, alongside retail sales of related accessories. The company targets both individual consumers and businesses, offering services such as quick repairs, free diagnostics, and warranty-backed parts. The business is well-positioned in the Croatian market with a strong reputation supported by certifications like Apple IRP and a 15-year operational history. Technically, the website uses a standard Apache server with modern marketing integrations including Google Analytics and Facebook Pixel, but lacks a valid SSL certificate, which is a significant security concern. The site is mobile-optimized with good SEO and user experience, though performance metrics indicate slow loading times. Security posture is weak due to missing HTTPS, lack of modern TLS protocols, and absence of key security headers. Privacy compliance is addressed with visible policies and cookie consent mechanisms, but no explicit security or incident response policies are found. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

P

Post & Co

post-co.com

28

Post & Co is an independent provider specializing in marine liability and logistics insurance, serving a broad range of clients in the maritime and logistics sectors including ship owners, charterers, terminal and transport operators, and port authorities. The company emphasizes quality service, innovation, and market focus, with a presence in Rotterdam, Antwerp, and Frankfurt. Their website reflects a professional business with multilingual support and clear contact channels. Technically, the site is built on WordPress using common plugins and frameworks but lacks a valid SSL certificate, which significantly impacts security posture. The site uses Google Analytics and has cookie consent mechanisms in place, indicating some privacy compliance. However, the absence of HTTPS and modern TLS protocols presents a critical security risk. Overall, the business appears legitimate and established, but the website requires urgent security improvements to protect user data and enhance trust.

M

MARTIN NEUHAUS

martinneuhaus.de

34

The website martinneuhaus.de serves as a personal portfolio and professional presentation platform for Martin Neuhaus, an actor based in Schwerin, Germany. The site primarily targets German-speaking audiences interested in theater and acting, offering access to showreels and professional contact via email and social media. The business model is focused on personal branding and professional networking within the media industry. The website is small scale and individual in nature, with consistent branding and basic content quality. Technically, the site is built on WordPress 6.8.1 using the Mesmerize Pro theme and several common plugins such as Contact Form 7 and CoBlocks. It is hosted likely on GoDaddy infrastructure, inferred from DNS and mail server data. The site suffers from slow performance with a load time exceeding 20 seconds, but it is mobile optimized and has good SEO metadata implemented. Accessibility is basic but present. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. No security headers or advanced TLS protocols are enabled, and no incident response or vulnerability disclosure policies are found. Privacy compliance is minimal with no privacy or cookie policies detected. The domain registration is consistent and legitimate, with no privacy protection or suspicious red flags, but domain protection locks are not enabled. Overall, the site presents moderate business credibility but poor security and privacy posture. Strategic improvements should focus on enabling HTTPS, implementing security headers, adding privacy and cookie policies, and improving site performance to enhance trust and compliance.

S

SmartStream Technologies ltd.

smartstream-stp.com

40

SmartStream Technologies ltd. is a well-established leader in financial data solutions, serving banks, capital markets, buy-side firms, and corporations. Their offerings focus on operational control, cost reduction, risk mitigation, regulatory compliance, and new revenue streams. The company maintains a strong market position with a comprehensive portfolio of services including data transformation, regulatory alignment, managed services, and innovation labs. The website reflects a professional and consistent brand image targeting financial institutions and related sectors. Technically, the website is built on WordPress using Elementor and Slider Revolution, hosted behind Cloudflare for security and performance. It integrates multiple marketing and analytics tools such as Google Analytics 4, Google Tag Manager, Pardot, LinkedIn Insight Tag, and various media embedding services. Mobile optimization and SEO practices are good, though accessibility is basic. Security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS enforcement, despite Cloudflare protection and Wordfence plugin usage. Security headers are present but could be enhanced with HSTS and OCSP stapling. Privacy compliance is strong with clear GDPR-aligned policies, cookie consent mechanisms, and a data protection officer contact. Overall, the website presents a credible and professional front for SmartStream Technologies but requires urgent SSL/TLS remediation to improve security and trustworthiness. Strategic recommendations include SSL installation, enhanced security headers, and continuous monitoring of third-party integrations.

Q

Quantum Momentum Services

quantummomentum.net

39

Quantum Momentum Services is a small Australian-based business specializing in personal mentoring, coaching, spiritual healing, and business consulting services. The company offers individual mentoring, virtual assistance, and business consulting, targeting individuals and businesses seeking personal development and holistic support. The website is built on the GoDaddy Website Builder platform and integrates PayPal for payment processing. While the site presents relevant and well-structured content with clear contact information and social media presence, it lacks a valid SSL certificate, which significantly impacts its security posture. Basic privacy and terms of service documents are available, but cookie consent mechanisms and security policies are minimal or absent. Overall, the business appears legitimate and consistent with its domain registration data, but improvements in security and privacy compliance are recommended.

Y

yandree GmbH

yandree.com

36

yandree GmbH is a small Austrian IT services company specializing in IT documentation and data migration with over 20 years of experience. The company serves clients primarily in the energy, insurance, hosting, and IT sectors worldwide. Their website is built on Joomla CMS with a modern UI framework and includes comprehensive business and legal information. However, the site lacks HTTPS encryption, which is a critical security shortfall. Cookie consent mechanisms are implemented with a privacy-first approach, denying analytics and advertising cookies by default. The company demonstrates moderate digital maturity but should prioritize securing their website with SSL/TLS and enhancing security policies. Overall, yandree GmbH presents a professional and trustworthy business presence with room for technical and security improvements.

B

Bohmann Druck und Verlag GmbH

bohmann.at

21

Bohmann Druck und Verlag GmbH is a well-established Austrian media company with an 80-year history, specializing in official and municipal publications such as the Amtsblatt der Stadt Wien and the Österreichische Gemeinde Zeitung. The company targets municipal decision makers and businesses, positioning itself as one of Austria's largest private communication firms. Their business model centers on publishing and communication services with a medium-sized operational scale. Technically, the website is built on an Apache server, likely using TYPO3 CMS with Bootstrap and jQuery for frontend components. Hosting is provided by A1 Telekom Austria. The site includes Google Fonts and uses Matomo and Google Analytics for visitor tracking, with a cookie consent mechanism in place. However, performance metrics are unavailable, and mobile optimization is basic. From a security perspective, the website lacks HTTPS, which is a critical vulnerability. No SSL certificate is installed, and no modern security headers are present. While no known SSL vulnerabilities or exposed sensitive data were detected, the absence of HTTPS severely impacts the security posture. Privacy and cookie policies exist and appear GDPR compliant, but no incident response or security policies are publicly disclosed. Overall, the website is functional with good content relevance and moderate trustworthiness but requires urgent security improvements, especially the implementation of HTTPS and enhanced security headers, to protect user data and improve compliance.

Titan Machinery is a large, established full-service dealer specializing in agriculture and construction equipment, operating over 100 dealerships across multiple countries. The company offers new and used equipment sales, rentals, parts, service, and financing solutions, representing major CNH Industrial brands. The website is professionally designed using modern technologies such as ASP.NET and Vue.js, hosted behind Cloudflare for performance and security. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. Privacy and cookie policies are present but basic, and no direct contact information is visible on the homepage. Social media presence is strong, supporting brand trust. The domain is mature and well-protected, indicating a legitimate business. Overall, the website demonstrates good business credibility and technical implementation but requires urgent security improvements.

A

Agentur XY GmbH

xy.de

21

Agentur XY GmbH is a creative agency and production house based in Berlin, Germany, founded in 2018. The company specializes in delivering bold advertising campaigns and production services for global brands, including notable clients such as Netflix, Stepstone, and Playmobil. The website reflects a professional and consistent brand image with rich multimedia content and active social media presence. Technically, the site is built on WordPress with modern libraries and SEO optimizations, but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are partially implemented, but the absence of TLS protocols and domain security features like DNSSEC and DMARC reduce the overall security posture. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or detailed GDPR compliance indicators. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

E

EVN

evn.at

40

EVN is a large Austrian energy provider specializing in electricity, gas, heating, water, photovoltaic solutions, and e-mobility services. The website targets private customers, businesses, agriculture, and municipalities, offering a comprehensive range of energy-related products and services. The company maintains a professional and consistent online presence with clear navigation and rich content. Technically, the site uses Kentico CMS, Cloudflare CDN, and integrates analytics tools like eTracker and Microsoft Application Insights. However, the security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, which critically impacts secure communications. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented. Overall, the site is trustworthy and professional but requires urgent improvements in SSL/TLS configuration to ensure user security.

T

TCI Consult GmbH

tciconsult.eu

38

TCI Consult GmbH is a specialized consulting firm with over 30 years of experience focusing on corporate management, banking control, business intelligence, and cybersecurity. The company operates primarily in Austria and Germany, targeting sectors such as finance, public services, telecommunications, and manufacturing. Their services include data warehousing consulting, cybersecurity assessments, and compliance support for EU regulations like NIS 2 and DORA. Technically, the website employs modern JavaScript libraries and frameworks such as jQuery and Foundation, with analytics powered by Google Analytics and Piwik/Matomo. However, the site suffers from a critical security flaw due to an invalid SSL certificate, resulting in no HTTPS protection. This significantly impacts the security posture and trustworthiness of the site. Privacy compliance is partially addressed through Cookiebot consent mechanisms and a privacy policy located on the impressum page, but lacks comprehensive GDPR indicators. Overall, the website presents professional content and consistent branding but requires urgent security improvements to meet modern standards.