Security Directory

E

esarom gmbh

esarom.com

40

esarom gmbh is a medium-sized manufacturing company based in Austria specializing in the development of compounds, flavours, extracts, and ingredients for the beverage and food industries. The company positions itself as a global partner in taste, serving a broad international market with a strong export rate exceeding 80%. Their business model focuses on B2B partnerships, providing tailored flavour solutions and full-service support to manufacturers worldwide. The website reflects a professional and well-branded presence with multilingual support and detailed partner network information. Technically, the website is built on WordPress using Elementor and several modern plugins for SEO, multilingual support, and user experience enhancements. However, the site suffers from a critical security misconfiguration: it lacks a valid SSL certificate and does not properly support HTTPS, which significantly undermines its security posture. Despite this, the site implements several security headers and content policies that indicate an awareness of security best practices. From a security perspective, the absence of HTTPS and TLS protocols is a major vulnerability, exposing users to potential interception and undermining trust. The site lacks explicit incident response or vulnerability disclosure policies, and no cookie consent mechanism was detected, which may impact privacy compliance. The presence of certifications such as halal, kosher, and organic, along with transparent contact information and a global partner network, enhance business credibility. Overall, while the business and content quality are strong, the technical and security shortcomings, especially the missing SSL certificate, pose significant risks. Strategic improvements in SSL deployment, privacy mechanisms, and incident response transparency are recommended to elevate the site's trustworthiness and compliance.

H

Hackabu Growth Consulting

hackabu.com

40

Hackabu Growth Consulting is a specialized digital marketing and growth consulting firm based in Austria, serving both B2C and B2B clients. The company offers a broad range of services including online marketing, marketing automation, performance marketing, programmatic advertising, social recruiting, AI consulting, and workshops. Their market position is that of a leading online marketing and growth consultancy with a strong focus on data-driven strategies and innovative technologies. The website is professionally designed, content-rich, and targets businesses seeking growth through digital channels. Technically, the site is built on WordPress with Elementor and uses various modern web technologies and optimization tools. However, a critical security issue is the absence of a valid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, the business credibility is high, supported by clear contact information, social media presence, and client logos. Strategic recommendations include immediate SSL implementation and enhancement of security configurations to protect user data and improve trust.

Greiner AG is a well-established Austrian enterprise specializing in manufacturing plastic and foam solutions with a global market presence. The company operates through three main subsidiaries: Greiner Bio-One, Greiner Packaging, and NEVEON, serving diverse industries including packaging, medical technology, automotive, and furniture. The website reflects a professional and comprehensive digital presence with detailed business descriptions, press releases, and social media integration. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries, but suffers from a critical lack of HTTPS due to an invalid or missing SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and enhance trust.

B

BAUR GmbH

baur.at

29

BAUR GmbH is a well-established Austrian company specializing in high-precision testing and measurement technology for electrical energy distribution systems, with a strong market position as a leader in cable fault location, cable testing, and insulating oil testing. The company operates internationally with multiple subsidiaries across Europe, the Americas, and Africa, offering products, services, and training to ensure reliable energy supply. Technically, the website is built on a modern JavaScript stack with RequireJS, jQuery, and various UI libraries, hosted on an Apache server. However, the primary domain baur.at lacks HTTPS, which is a significant security concern, although the main content is served securely on baur.eu. Security headers are partially implemented, but the absence of SSL/TLS and modern protocols reduces the security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website demonstrates good business credibility and technical maturity but requires urgent security improvements to protect user data and enhance trust.

Axians ICT Austria GmbH is a medium-sized ICT company based in Austria, operating under the VINCI Energies group. The company offers a broad portfolio of IT infrastructure, cloud solutions, data analytics, security, and collaboration services. The website reflects a professional and well-structured digital presence with comprehensive content and strong branding consistency. Technically, the site is built on WordPress with modern libraries and SEO tools, but suffers from critical security issues due to the lack of a valid SSL certificate and HTTPS support. Privacy compliance is well addressed with clear cookie and privacy policies and user consent mechanisms. Overall, the company demonstrates a strong market position in the Austrian ICT sector but should urgently address its security posture to protect user data and maintain trust.

D

Diageo

diageo.com

40

Diageo is a global leader in premium spirits and beer, operating in nearly 180 countries with a portfolio of over 200 brands. The website reflects a mature digital presence with comprehensive content targeting investors, consumers, and job seekers. The technical infrastructure leverages modern JavaScript frameworks and is hosted behind Cloudflare, indicating a robust platform. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. The site employs extensive analytics and marketing tools with consent mechanisms, but lacks explicit privacy and terms of service pages in the provided content. Overall, the business credibility and content quality are high, but security improvements are urgently needed.

V

Venionaire Capital AG

worldventureforum.info

43

World Venture Forum 2025 is a well-established international event focused on fostering global relations in the venture capital, crypto, family office, corporate innovation, and impact investing sectors. The event is held in Kitzbühel, Austria, and features a comprehensive program with multiple unique mountain chalet venues, keynote speakers, workshops, and networking opportunities. The business model revolves around event organization, ticket sales, and sponsorship packages, targeting investors, entrepreneurs, and industry leaders. The website is professionally designed with rich content, clear navigation, and strong branding consistency. Technically, the website is built on WordPress using Elementor and several event-related plugins. It integrates Google Analytics for tracking and uses Borlabs Cookie for cookie consent management. However, the site lacks HTTPS, which is a critical security flaw, and does not implement important security headers or modern TLS protocols. Performance is moderate to slow, and while mobile optimization and accessibility are good, the absence of SSL significantly impacts the security posture. Security-wise, the site has no SSL/TLS encryption, no HSTS, no OCSP stapling, and no secure cipher suites, exposing users to potential risks. There is no visible security policy or incident response information. Privacy compliance is good with a comprehensive privacy policy and cookie consent mechanism. Business credibility is supported by detailed company information, multiple contact methods, and trust indicators such as testimonials and partner listings. Overall, the site presents a strong business and content profile but requires urgent security improvements to protect users and enhance trust. Strategic recommendations include immediate SSL implementation, adding security headers, and enhancing incident response transparency.

C

CHONGQING JIANGJI DISTILLERY CO., LTD.

jiangjidistillery.com

30

Jiangji Distillery is a Chinese company specializing in the production and promotion of traditional Chinese baijiu and plum liqueur. The website presents a well-structured brand presence with detailed product categories, educational content about baijiu, and a focus on cultural heritage. The business targets consumers interested in authentic Chinese spirits and related cultural experiences. Technically, the website is built on WordPress with common plugins and uses Cloudflare as a CDN, but lacks a valid SSL certificate, which is a significant security concern. The site includes standard contact forms and social media integration, enhancing user engagement and brand reach. Security posture is weak due to missing HTTPS and incomplete security headers, while privacy compliance is minimal with only a basic privacy policy mention and no cookie consent mechanism. Overall, the website is functional and professional but requires urgent improvements in security and privacy compliance to build trust and protect users.

S

St. Gilgen International School

stgis.at

40

St. Gilgen International School is a private international educational institution located in Austria, offering the International Baccalaureate curriculum with a focus on personalized education and a nurturing environment. The school targets families seeking high-quality international education in a scenic Alpine setting. Technically, the website is built on WordPress with Elementor and various plugins, hosted on WP Engine and protected by Cloudflare. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap. Privacy and cookie policies are well implemented, and the site includes multiple contact methods and trust indicators such as accreditations and certifications. Overall, the website is professionally designed and content-rich but requires urgent security improvements to protect user data and enhance trust.

A

Aldine ISD

aldineisd.org

37

Aldine ISD is a large, mature public school district based in Houston, Texas, providing a wide range of educational services and resources to students, parents, employees, and the community. The website is professionally designed with clear navigation, comprehensive content, and strong branding consistency. It serves as a central hub for district news, academic programs, employment opportunities, and community engagement. Technically, the site is built on WordPress with modern libraries and plugins, hosted on a reputable platform (WP Engine) and uses Cloudflare for CDN and caching. However, the absence of a valid SSL certificate and HTTPS support is a critical security concern that significantly impacts the site's security posture. Privacy compliance is basic, with a privacy policy present but no visible cookie consent mechanism. Overall, the site is trustworthy and authoritative but requires urgent security improvements.

M

MD / MEDIADESIGNERIN e.U.

mediadesignerin.com

21

MD / MEDIADESIGNERIN e.U. is a small Austrian online marketing agency with over 22 years of experience, specializing in Google Ads, Facebook Ads, and YouTube Ads. The company holds a Google Partner certification and offers comprehensive online marketing consultancy, campaign management, and strategy development services primarily targeting small and medium-sized enterprises. The website is professionally designed using WordPress and Elementor, featuring rich content, client references, and clear contact information. However, the absence of a valid SSL certificate and HTTPS support represents a critical security vulnerability that undermines user trust and data protection. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. The technical infrastructure leverages modern web technologies but shows room for improvement in performance metrics and security headers. Overall, the business is credible and well-positioned in its niche, but urgent security enhancements are recommended to safeguard client interactions and improve trust.

T

teamecho

teamecho.at

31

teamecho is a specialized technology company providing a scientifically validated employee sentiment barometer platform designed to replace traditional employee surveys. The platform offers real-time feedback, AI-driven comment analysis, and actionable insights to improve employee satisfaction and reduce turnover. The website is professionally designed using WordPress and Elementor, targeting companies and management teams seeking continuous employee feedback solutions. The technical infrastructure includes modern web technologies and integrations with major analytics and marketing tools. However, a critical security issue is the lack of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. The site implements strong security headers and GDPR-compliant cookie consent mechanisms, reflecting good privacy compliance. Overall, the domain registration is consistent and legitimate, supporting the business's credibility.

E

Energie AG

energieag.at

40

Energie AG is a well-established regional energy provider in Upper Austria, offering a broad range of services including electricity, gas, internet, photovoltaic solutions, and electromobility products. The company positions itself as a modern and reliable energy supplier with a strong focus on customer service and sustainability. Their website reflects a mature digital presence with comprehensive content and professional design, targeting both private and business customers. Technically, the site uses a modern technology stack with various JavaScript libraries and integrates multiple analytics and marketing tools. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Despite this, the site implements several security headers and privacy policies that comply with GDPR requirements. Overall, the business appears legitimate and trustworthy, but urgent improvements in SSL/TLS configuration are necessary to enhance security and user trust.

U

Universalmuseum Joanneum GmbH

museum-joanneum.at

40

The Universalmuseum Joanneum is Austria's oldest and second largest museum institution, operating 20 museums and one zoo across 14 locations in the Steiermark region. Founded in 1811, it offers a rich cultural, historical, and natural heritage experience to a broad audience including families, schools, and art enthusiasts. The website reflects a professional and comprehensive digital presence with excellent content quality and user experience, supported by a mature TYPO3 CMS platform. However, the technical infrastructure shows significant security weaknesses, notably the absence of a valid SSL certificate and lack of HTTPS support, which critically impacts the site's security posture. Privacy and cookie policies are well implemented and GDPR compliant, but incident response and security policy information are absent. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

G

GrECo

greco.services

40

GrECo is a well-established insurance and risk management specialist with a strong presence in Central and Eastern Europe, operating since 1925. The company offers a broad range of services including risk consulting, cyber insurance, health and benefits, and international insurance programs. The website reflects a mature digital presence with professional design, multilingual support, and structured data for SEO. However, the technical infrastructure shows critical security weaknesses, notably the absence of a valid SSL certificate and lack of HTTPS support, which undermines user trust and data security. Privacy policies are present and GDPR compliant, but cookie consent mechanisms are minimal. Overall, the site is content-rich and credible but requires urgent security improvements to align with best practices.

B

Base-IT GmbH

baseit.at

22

Base-IT GmbH is an Austrian IT service provider specializing in consulting, planning, installation, and maintenance of IT systems, with a strong focus on cybersecurity and managed services for small and medium enterprises (KMU). The company holds recognized ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications, underscoring its commitment to information security and data privacy. Their market position is supported by a portfolio of diverse IT services and a visible client base, including references and social media presence. Technically, the website is built on a SilverStripe CMS platform with modern JavaScript libraries such as jQuery, MDBootstrap, Owl Carousel, and Swiper. The hosting appears to be provided by Hetzner. While the site is mobile-optimized and well-structured with good SEO practices, performance data is lacking, and accessibility is basic. The site uses a cookie consent mechanism compliant with GDPR and integrates Google Analytics for performance and user tracking. From a security perspective, the absence of HTTPS and a valid SSL/TLS certificate is a critical vulnerability, severely impacting the overall security posture. Other security best practices such as HSTS, OCSP stapling, and security headers are missing. The company demonstrates good security governance through certifications but lacks visible incident response or vulnerability disclosure policies on the website. Overall, the website is professional and content-rich but requires urgent security improvements to enable HTTPS and enhance security headers. Strategic recommendations include implementing SSL/TLS, publishing incident response policies, and enhancing security controls to improve trust and compliance.

B

Bombardier Recreational Products

brp.com

40

Bombardier Recreational Products (BRP) is a global leader in the manufacturing and retail of recreational vehicles including snowmobiles, all-terrain vehicles, 3-wheel motorcycles, and personal watercraft. The company maintains a strong market position with multiple well-known brands such as Ski-Doo, Lynx, Sea-Doo, and Can-Am. The website reflects a professional and comprehensive digital presence targeting consumers and enthusiasts in the powersports industry. Technically, the site leverages modern technologies including Adobe Experience Manager, Google Tag Manager, and Dynatrace monitoring, indicating a mature digital infrastructure. However, a critical security weakness is the absence of a valid SSL certificate, which undermines the security posture and user trust. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the site is content-rich and professionally designed but requires urgent remediation of SSL issues to ensure secure user interactions.

S

Smelt by Polaria

smeltbypolaria.no

50

Smelt by Polaria is a Norwegian e-commerce retailer specializing in sustainable, locally sourced interior and lifestyle products. The company targets environmentally conscious consumers in Norway, offering a broad product range from Nordic and European suppliers. Their business model focuses on online sales with additional services like click-and-collect and flexible payment options. The website demonstrates good content quality, clear navigation, and consistent branding, supported by trust signals such as certifications and customer reviews. Technically, the site uses modern JavaScript libraries and frameworks but suffers from a critical lack of HTTPS due to an invalid SSL certificate, which severely impacts security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and build trust.

A

Almirall, S.A.

almirall.com

40

Almirall, S.A. is a well-established pharmaceutical company focused on research and development of medicines for patients worldwide. The company has a mature online presence with a domain age of 25 years and a comprehensive website targeting patients, healthcare professionals, investors, and media professionals. The website provides extensive information about the company's purpose, expertise, sustainability efforts, and corporate governance, reflecting a strong business model and market position in the healthcare sector. Technically, the website is built on the Liferay CMS platform, hosted on Azure DNS, and utilizes modern JavaScript libraries and analytics tools such as Google Analytics, Google Tag Manager, New Relic, and OneTrust for cookie consent management. Accessibility features are implemented via EqualWeb, enhancing usability for diverse users. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL/TLS configuration to ensure secure communications.

A

Amstar Holdings Limited

oplata.info

69

Oplata.info is a mature website operated by Amstar Holdings Limited, providing services related to purchase management, promo codes, and gift cards. The platform targets consumers who have made payments and wish to access or manage their purchase history and promotional offers. The business model appears to be an online service platform with a niche focus, supported by a domain registered since 2004 and consistent WHOIS data indicating legitimacy. Technically, the website uses a combination of legacy and modern web technologies including jQuery 1.10.2 and TLS 1.3 for secure communications. Performance is moderate with basic mobile optimization and accessibility features. The site includes a cookie consent mechanism compliant with GDPR requirements but lacks a formal privacy policy and terms of service, which are critical for full compliance. From a security perspective, the site benefits from HTTPS with OCSP stapling and no known SSL vulnerabilities. However, it lacks important security headers and stronger cipher suite configurations. There are no visible vulnerabilities or exposed sensitive data, but the absence of security policies and incident response contacts indicates room for improvement in security maturity. Overall, the website scores moderately in content quality, technical implementation, security posture, privacy compliance, and business credibility. Strategic improvements in privacy documentation, security headers, and contact transparency would enhance trust and compliance.

C

Conferenza Italia America Latina e Caraibi

conferenzaitaliaamericalatina.it

26

The website 'Conferenza Italia America Latina e Caraibi' serves as an informational platform for a conference focused on Italy, Latin America, and the Caribbean. It targets delegates and stakeholders interested in regional cooperation and provides conference details and a reserved area for delegates. The site is built on WordPress using the Elementor page builder, indicating a moderate level of digital maturity. However, the website suffers from slow performance and lacks advanced SEO and accessibility features. Security posture is weak due to the absence of a valid SSL certificate, missing security headers, and lack of email authentication records. Privacy compliance is minimal with no visible privacy or cookie policies. Overall, the site is functional but requires significant improvements in security and compliance to enhance trust and protect user data.

F

Fondazione Unicampus San Pellegrino

ssmlitalia.it

36

Fondazione Unicampus San Pellegrino is an educational and research institution accredited by the Italian Ministry of University and Research (MUR), specializing in linguistic mediation, translation, and intercultural communication. The foundation operates multiple campuses in Italy and offers a range of academic programs including bachelor's degrees, master's degrees, executive masters, and certification courses. The website reflects a well-structured and professionally designed platform targeting students and professionals in the linguistic and translation fields. Technically, the site is built on WordPress with modern plugins and LMS integration, but it lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the business credibility is strong, but the security posture requires urgent improvement to protect user data and enhance trust.

M

MECAL MACHINERY S.r.l

mecal.com

40

Mecal Machinery S.r.l is an Italian manufacturing company specializing in the production of machines and systems for processing aluminum, PVC, and light alloys. The company targets industrial clients requiring advanced machinery solutions and maintains a multilingual website to serve an international audience. Their business model focuses on manufacturing, technical support, and product distribution. The website demonstrates a good level of professionalism and content quality, with clear navigation and multilingual support. Technically, the site is built on WordPress with modern JavaScript libraries and CSS frameworks, but lacks HTTPS, which is a critical security gap. Privacy compliance is well managed through Iubenda, including cookie consent mechanisms. Contact information is comprehensive, enhancing business credibility.

F

Fondazione Unicampus San Pellegrino

fusp.it

40

Fondazione Unicampus San Pellegrino is a mature and established educational institution in Italy specializing in linguistic mediation, translation, and intercultural communication. It operates multiple campuses and offers a broad range of academic programs including bachelor's and master's degrees, executive masters, language certifications, and specialized courses. The foundation is accredited by the Italian Ministry of University and Research (MUR) and maintains active research centers, positioning itself as a key player in its niche educational market. The website reflects a professional and consistent brand image with comprehensive content tailored to students and professionals in the linguistic field. Technically, the website is built on a modern WordPress stack with Elementor, WooCommerce, and TutorLMS plugins, supporting e-learning and e-commerce functionalities. The site is mobile-optimized and SEO-friendly, though performance data suggests moderate speed. Security posture is currently weakened by an invalid SSL certificate and lack of support for modern TLS protocols, which undermines HTTPS effectiveness. Privacy and cookie policies are present and GDPR compliant, with clear contact information and a contact form secured by Google reCAPTCHA. Overall, the site is trustworthy and professionally maintained but requires urgent improvements in SSL/TLS configuration and security headers to enhance user trust and data protection. There is no evidence of a formal security policy or incident response contact, which could be areas for future enhancement.

C

Clementoni Spa

clementoni.com

34

Clementoni Spa operates a professional and well-branded e-commerce website focused on selling toys and educational products primarily in Italy. The website is built on the Shopify platform, leveraging modern web technologies and integrations such as Google Analytics, Facebook Pixel, and Iubenda for privacy compliance. The company demonstrates strong business credibility with clear contact information, social media presence, and comprehensive privacy and cookie policies. However, the website currently lacks a valid SSL certificate, which significantly impacts its security posture and user trust. The technical infrastructure is robust but could benefit from improved SSL/TLS implementation to ensure secure communications. Overall, the site is functional and user-friendly but requires urgent security improvements to meet industry standards.

S

Sky Internet Marketing

skyinternetmarketing.nl

40

Sky Internet Marketing is a mature, small-sized Dutch internet marketing bureau specializing in SEO, SEA (Google Ads), and website development services. Established in 2012, the company positions itself as a leading SEO expert in its region, supported by a team of seven specialists and strong client testimonials. The website is professionally designed, mobile-optimized, and rich in relevant content, reflecting a high level of digital maturity. Technically, the site runs on WordPress with modern frameworks and integrates marketing and analytics tools such as Google Tag Manager and Ahrefs. Security posture is good with HTTPS enforced, SPF and DMARC policies configured, but there are minor gaps such as missing OCSP stapling and malformed CAA records. Privacy and terms policies are comprehensive and GDPR compliant, with clear contact channels provided. Overall, the site demonstrates strong business credibility and technical implementation, with room for security enhancements.

Net.Com is a specialized digital agency focused on providing web solutions for the public sector in France, including government agencies, hospitals, educational institutions, and social housing organizations. With over 27 years of experience and more than 500 projects completed, the company offers services such as Drupal and WordPress development, UX design, SEO, and agile development methodologies. The website reflects a professional and well-structured digital presence with comprehensive client references and testimonials. Technically, the site uses modern JavaScript libraries and frameworks but lacks HTTPS support, which is a critical security deficiency. The absence of SSL/TLS and security headers exposes the site and its users to potential risks. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the business demonstrates strong credibility and a clear market niche but must urgently address its security posture to protect its reputation and client data.

E

Eficiens

eficiens.com

52

Eficiens is a specialized digital agency focused on the insurance sector, providing services such as website creation and redesign, UX design for insurance quote and subscription journeys, maintenance, email marketing, and digital advertising. The company holds a strong market position in France as a leading digital agency dedicated to insurance and related financial services. Their client portfolio includes major insurance and mutual companies, supported by positive client testimonials and a high customer satisfaction rating. Technically, the website is built on WordPress with modern JavaScript libraries and SEO optimizations, but lacks a valid SSL certificate, which is a critical security gap. The absence of HTTPS and security headers exposes the site to potential risks and undermines user trust. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site demonstrates professional design and content quality but requires urgent security improvements to align with best practices.

O

Open Research Data Portal

open-research-data-portal.ch

40

The Open Research Data Portal is a collaborative platform dedicated to implementing Open Research Data (ORD) practices within the ETH Domain, encompassing prominent Swiss research institutions such as ETH Zurich, EPFL, Eawag, PSI, WSL, and Empa. The portal provides comprehensive information on ORD projects, services, and training resources, targeting researchers and academic institutions. Technically, the website is built on WordPress using Elementor and various Jet plugins, with integration of Google Analytics for minimal user tracking. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. The presence of SPF and DMARC records indicates some email security awareness, though the DMARC policy is set to 'none', offering no enforcement. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Overall, the site offers good content quality and professional design but requires urgent security improvements to protect user data and enhance trust.

B

BlueGlass | Team Farner

blueglass.ch

60

BlueGlass Interactive AG, operating as BlueGlass | Team Farner, is a leading digital marketing agency based in Zurich, Switzerland. The company offers a comprehensive suite of services including digital strategy consulting, SEO, content marketing, social media marketing, web design and development, data analytics, and e-sports video productions. With a strong market position supported by multiple industry awards and partnerships with major technology providers such as Google, Meta, and Microsoft, BlueGlass serves both national and international clients with a focus on data-driven and user-centric marketing solutions. The company is a medium-sized enterprise founded in 2007 and is part of the larger Team Farner communications group.

V

VR Equitypartner

vrep.de

40

VR Equitypartner is a leading equity financing provider specializing in tailored capital solutions for medium-sized enterprises in Germany, focusing on succession, shareholder changes, and growth financing. The company positions itself as a reliable partner offering both direct investments and mezzanine financing, enabling businesses to realize growth and transition plans while maintaining operational independence. The website reflects a mature digital presence built on WordPress with Elementor, integrating advanced SEO, accessibility, and privacy compliance features. Security posture is strong with HTTPS, modern TLS protocols, and proper email authentication mechanisms, although improvements like enabling HSTS and DNSSEC could enhance protection further. Overall, the site demonstrates professionalism, trustworthiness, and compliance, supporting VR Equitypartner's market position effectively.

F

flexiWAN Ltd.

flexiwan.com

66

flexiWAN Ltd. operates a professional website focused on providing open source SD-WAN and SASE solutions, targeting MSPs and enterprise customers. The company positions itself as an innovator with a SaaS business model and partnerships with major technology players like Google and Intel. The website is built on WordPress with Elementor and WooCommerce, featuring rich content, structured data, and multiple trust signals including testimonials and partner logos. Technically, the site uses modern web technologies but suffers from slow load times and lacks some advanced security headers. The security posture is adequate with valid SSL and SPF/DMARC records but could be improved with HSTS and additional headers. Privacy compliance is supported by a comprehensive privacy policy and terms of service, though cookie consent mechanisms are missing. Overall, the site is professional and trustworthy but would benefit from performance and security enhancements.

6

6WIND

6wind.com

59

6WIND is a technology company specializing in virtualized and secure networking software solutions. Their offerings target communication service providers, mobile network operators, cloud providers, and enterprises worldwide. The company positions itself as a trusted provider of high-performance, scalable, and cost-effective networking software, including virtual service routers, host accelerators, and cloud-native solutions. The website reflects a professional and consistent brand with rich content, including testimonials, case studies, and video resources. Technically, the site is built on WordPress with the Avada theme and integrates modern libraries and marketing tools such as Google Analytics, Pardot, and LinkedIn widgets. However, the security posture is weakened by an invalid or missing SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications and trust. Privacy compliance is well-handled with a cookie consent mechanism and a comprehensive privacy policy. Overall, the site demonstrates good digital maturity but requires immediate attention to its SSL configuration to improve security and user trust.

W

Westin Store

westinstore.com

60

Westin Store is an e-commerce retailer specializing in luxury bedding, linens, and bath products inspired by the Westin Hotels brand, a subsidiary of Marriott International. The website targets consumers seeking premium hotel-quality sleep and bath products, offering a broad catalog of branded merchandise. The business model is direct-to-consumer online retail with integrated customer support and marketing channels. Technically, the site is built on Magento with extensive use of Adobe Launch, Google Tag Manager, and OneTrust for privacy compliance. However, the site suffers from a critical security issue: the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts the security posture and user trust. The site implements strong privacy and cookie consent mechanisms, including GDPR-compliant policies and DMARC email protection. Overall, the website is professionally designed with good content quality and marketing integration but requires urgent remediation of its SSL/TLS configuration and subdomain takeover vulnerability to improve security and trustworthiness.

E

EDITION Hotels

editionhotels.com

62

EDITION Hotels is a luxury boutique hotel brand operated under Marriott International, offering unique, localized hotel experiences across major global cities and emerging markets. The website reflects a strong brand presence with comprehensive information about hotel locations, services, and offerings. Technically, the site is built on WordPress with a rich set of modern JavaScript libraries and frameworks, ensuring good user experience and mobile optimization, though performance could be improved due to high resource count and page size. Security posture is solid with HTTPS, valid SPF and DMARC records, and no critical vulnerabilities detected, but improvements in security headers and SSL configurations are recommended. Privacy compliance is well addressed with a comprehensive privacy policy and OneTrust cookie consent mechanism. Overall, the site demonstrates a mature digital presence suitable for a large hospitality brand.

V

VisiConsult

visiconsult.de

40

VisiConsult is a family-owned German company recognized as a global market leader in customized and standardized X-ray inspection solutions for non-destructive testing (NDT), quality assurance, and process optimization. The company operates multiple business divisions and subsidiaries, including VCxray, VCbattery, VCcount, and VC Inspection Services, as well as diondo X-ray Systems and Services. Their solutions serve diverse industries such as aerospace, automotive, defense, energy, and manufacturing. Technically, the website is built on WordPress with the Avada theme and uses modern web technologies including TLS 1.3 for secure communications. The site is well-optimized for SEO and mobile devices, with good accessibility features. Security posture is solid with no critical vulnerabilities detected, although improvements like enabling HSTS and OCSP stapling are recommended. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the website reflects a professional, trustworthy, and technically mature organization.

4

4ED

4ed.com.br

64

4ED is a Brazilian design school offering a wide range of online and in-person courses across various design disciplines including graphic, interior, fashion, product, and more. Established in 2011 and based in Porto Alegre, it serves students, professionals, and corporate clients with a comprehensive educational model. The website reflects a mature digital presence with extensive content, clear navigation, and strong branding. Technically, the site is built on WordPress with Elementor and WooCommerce, leveraging multiple plugins and integrations for e-commerce and marketing. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which are critical for protecting user data and ensuring trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but should prioritize upgrading its SSL/TLS configuration to enhance security and user confidence.

A

absence.io GmbH

absence.io

63

absence.io GmbH is a medium-sized technology company based in Germany specializing in SaaS solutions for absence management, time tracking, digital personnel files, and expense management. The company serves over 2,500 companies and 100,000 users, positioning itself as a reliable and trusted provider in the HR software market. Their platform supports multiple languages and integrates with major services like Google Workspace, Microsoft 365, and Slack, enhancing usability and enterprise adoption. The website demonstrates a strong brand presence with multiple trust signals including ISO certification and positive customer testimonials. Technically, absence.io uses TYPO3 CMS with a modern JavaScript stack including jQuery, Bootstrap, and Swiper for UI components. Hosting is on DigitalOcean with DNS managed via AWS Route53. The site supports TLS 1.3 and 1.2 but lacks advanced SSL features like HSTS and OCSP stapling. Cookie consent is managed via Usercentrics CMP, and analytics are extensive using HubSpot, Google Analytics, and Crazy Egg. Performance is moderate to slow, likely due to large page size and resource count. Security posture is solid with ISO-certified servers, daily backups, SPF and DMARC email protections, and SSL encryption. However, DNSSEC is not enabled, and CAA records are malformed. No public vulnerability disclosure or security.txt file was found. Privacy policies and terms of service are present and GDPR compliant. Overall, the company demonstrates a mature security and compliance stance but could improve SSL and DNS security features. Strategically, absence.io is well positioned in the HR SaaS market with a comprehensive product suite and strong customer trust. Continued investment in security hardening and performance optimization will enhance their competitive edge and customer confidence.

P

Planon

planonsoftware.com

72

Planon is a leading global provider of Smart Sustainable Building Management software solutions, connecting buildings, people, and processes to optimize workspace management and building performance. With a strong market position recognized by industry analysts such as Verdantix, IDC, Gartner, and Frost & Sullivan, Planon offers a comprehensive suite of services including Integrated Workplace Management, Campus Management, Lease Accounting, and Field Services. Their platform supports IoT-enabled solutions and is designed to meet the evolving needs of real estate and facilities management professionals worldwide. Technically, Planon's website leverages modern web technologies including jQuery, Bootstrap, Swiper, and Choices.js, integrated with advanced analytics and A/B testing tools like Google Analytics and Visual Website Optimizer. The site is hosted on Yourhosting DNS infrastructure and employs secure TLS 1.2 encryption with strong cipher suites. Cookie consent is managed via Cookiebot, ensuring compliance with GDPR and other privacy regulations. From a security perspective, Planon demonstrates good practices with SPF and DMARC email policies, absence of known SSL vulnerabilities, and a strict DMARC reject policy. However, there are opportunities to enhance security by enabling HSTS, OCSP stapling, TLS 1.3 support, and DNSSEC. No explicit vulnerability disclosure or incident response contacts were found, indicating potential areas for improvement in transparency and security readiness. Overall, Planon maintains a high-quality, professional web presence with strong trust indicators and comprehensive compliance measures. Strategic enhancements in security configurations and public disclosure policies could further strengthen their security posture and stakeholder confidence.

4

4ED

4ed.cc

62

4ED is a Brazilian design school offering a broad range of online and in-person courses across multiple design disciplines including graphic, UX/UI, marketing, architecture, and product design. Established in 2011 and based in Porto Alegre, it serves students, professionals, and corporate clients with a comprehensive educational portfolio. The website demonstrates a mature digital presence with extensive use of WordPress, WooCommerce, and Elementor, complemented by advanced marketing and analytics tools such as Google Analytics, Facebook Pixel, and Bing UET. However, the absence of a valid SSL certificate on the main domain represents a significant security risk that could undermine user trust and data protection efforts. While privacy and cookie policies are well implemented and GDPR compliant, there is no explicit security or incident response policy publicly available. Overall, 4ED maintains a strong market position in design education in Brazil but should prioritize improving its security posture to safeguard its digital assets and user data.

I

Institute for Digital Out of Home Media GmbH

idooh.media

56

The Institute for Digital Out of Home Media GmbH (IDOOH) is a German-based industry association dedicated to advancing the digital out-of-home advertising sector. It serves as a central hub for knowledge exchange, standard development, and market research within the DOOH industry. The website reflects a professional and content-rich platform targeting industry professionals and stakeholders, offering insights, events, and educational resources. Technically, the site is built on WordPress with Elementor and several plugins, but suffers from slow performance and lacks a valid SSL certificate, which poses security risks. The security posture is basic with some good practices like SPF and DMARC records, but critical improvements are needed in SSL configuration and security headers. Overall, the site demonstrates moderate trustworthiness and good compliance with GDPR through cookie consent mechanisms.

H

Hispasat

hispasat.com

66

Hispasat is a leading satellite telecommunications operator specializing in the distribution of audiovisual content in Spanish and Portuguese across Europe and Latin America. As a large enterprise and a subsidiary of Redeia, Hispasat offers a broad portfolio of satellite and data services including internet access, cellular backhaul, tele-education, and satellite programs. The website reflects a mature digital presence with multilingual support, modern UI frameworks, and a comprehensive content structure targeting telecommunications customers and partners. Technically, the infrastructure leverages Microsoft Azure hosting and AWS Route53 DNS, with a tech stack including jQuery, Bootstrap, and Google Tag Manager. Security posture is moderate with valid SSL certificates and SPF records but lacks advanced protections such as HSTS, DMARC, DNSSEC, and OCSP stapling. The site employs cookie consent mechanisms and analytics tools, indicating awareness of privacy compliance, though no explicit security or incident response policies are published. Overall, Hispasat demonstrates a professional and trustworthy online presence aligned with its market position.

O

Orchestra Brasil

orchestrabrasil.com.br

49

Orchestra Brasil is a Brazilian project focused on promoting and supporting the internationalization of suppliers in the furniture manufacturing industry. It acts as a bridge between Brazilian suppliers and global markets, facilitating export activities and participation in major international trade fairs. The project is well-established with over a decade of experience and supports nearly 100 qualified Brazilian companies exporting to more than 90 countries. The website serves importers, manufacturers, distributors, and retailers in the furniture sector, providing information and contact channels to engage with Brazilian suppliers. Technically, the website is built on WordPress and leverages common plugins such as Contact Form 7, Yoast SEO, and GDPR compliance tools. It uses Google Analytics and Facebook Pixel for tracking and marketing automation via Mautic. The hosting provider is KingHost, and the SSL certificate is valid but lacks advanced security configurations like HSTS and security headers. Performance is relatively slow due to a large page size and many resources, but mobile optimization and SEO are adequately addressed. From a security perspective, the site implements basic protections including SSL and invisible reCAPTCHA on forms, along with a cookie consent mechanism aligned with GDPR requirements. However, it lacks explicit privacy policies, terms of service, security policies, and incident response information. No vulnerability disclosure or security.txt files were found. The overall security posture is moderate but could be improved with enhanced HTTP headers, DNSSEC, and published security documentation. Overall, Orchestra Brasil presents a professional and consistent online presence supporting Brazilian furniture industry exporters. Strategic improvements in security and compliance documentation would enhance trust and reduce risk exposure.

P

Prêmio Salão Design

salaodesign.com.br

44

Prêmio Salão Design operates a Brazilian-focused design award platform that integrates designers and industries through contests, virtual catalogs, and galleries. The website is built on WordPress with a mature technical stack including SEO optimization and multiple marketing and analytics tools. However, the site lacks a valid SSL certificate, which poses a significant security risk to users. While cookie consent mechanisms are implemented, no explicit privacy policy or terms of service pages were found, indicating compliance gaps. The site maintains partnerships with multiple industry organizations and sponsors, reflecting a solid market presence in the design sector.

L

LWND Kreativagentur GmbH

lwnd.com

50

LWND Kreativagentur GmbH is a small Austrian creative agency specializing in providing customized teams of specialists across various disciplines to drive brand success. The company positions itself as a modern and innovative agency with a strong focus on digital marketing, branding, campaigns, and UX design. Their website showcases a comprehensive portfolio of services, detailed case studies, and a professional team presentation, targeting brands and companies seeking tailored creative solutions. Technically, the website uses common web technologies such as jQuery, Swiper, and Google reCAPTCHA, hosted on Hetzner infrastructure. However, the site suffers from a critical security weakness due to the absence of a valid SSL/TLS certificate and lack of HTTPS support, which undermines user trust and data protection. DNS and email security configurations are properly implemented with SPF and DMARC policies. Overall, the website demonstrates excellent content quality and branding consistency but requires urgent security improvements to protect user data and comply with best practices.

H

Hypothekarbank Lenzburg AG

hbl.ch

67

Hypothekarbank Lenzburg AG is a Swiss regional bank offering a hybrid model of digital and personal banking services targeting private and corporate customers. The website reflects a mature digital presence with comprehensive service offerings including e-banking, mortgages, savings, investments, and financial planning. The bank positions itself as a trusted regional financial institution with a focus on customer-centric solutions. Technically, the website is built on Umbraco CMS and leverages modern frontend libraries such as Swiper, GSAP, and Cookiebot for consent management. However, the current SSL/TLS configuration is invalid, which poses a significant security risk and undermines user trust. Security headers like SPF and DMARC are properly configured, but the absence of DNSSEC, CAA, and HSTS reduces the overall security posture. The site employs extensive tracking and advertising technologies including Google Analytics, TikTok, and Meta Platforms, with a robust cookie consent mechanism ensuring GDPR compliance. Overall, the bank demonstrates a strong market position with a professional and user-friendly website but must urgently address SSL/TLS issues to maintain security and trust.

D

D4Sign

d4sign.com.br

64

D4Sign is Brazil's leading electronic and digital signature platform, offering a comprehensive SaaS solution that integrates advanced AI capabilities to streamline document signing and contract management. The company serves a broad audience including businesses and individuals, providing secure authentication methods linked to government data for enhanced trust and legal compliance. Technically, the website is built on WordPress with multiple modern plugins and integrates various marketing and analytics tools, hosted on AWS. However, the current SSL/TLS configuration is invalid, posing a significant security risk. The company demonstrates strong market presence with over 500,000 companies trusting its services and certifications such as Great Place To Work and sustainability seals. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms.

O

OBJENTIS Software Integration GmbH

objentis.com

65

OBJENTIS Software Integration GmbH is an established Austrian IT service provider specializing in software testing consulting, automation, and training. With over 26 years of experience and a portfolio of notable clients including major banks and insurance companies, OBJENTIS positions itself as a trusted partner in the software lifecycle. Their offerings include consulting solutions, innovative driverless test automation products, and tailored training workshops. Technically, the website is built on WordPress using the Astra theme and Elementor page builder, supported by modern web technologies and plugins for search and cookie management. Security-wise, the domain employs valid SPF and DMARC records with strict policies, supports TLS 1.2 and 1.3, and avoids known SSL vulnerabilities. However, improvements are needed in SSL configuration such as enabling HSTS and OCSP stapling, and publishing a security.txt file. Overall, the site demonstrates good digital maturity and professionalism, with moderate performance and good mobile optimization. The presence of client testimonials, certifications, and social media links enhance trust. Strategic recommendations include enhancing HTTPS security headers, formalizing security policies, and improving transparency around incident response.

M

Movelsul Brasil

movelsul.com.br

50

Movelsul Brasil operates the largest furniture fair in Latin America, targeting retailers, importers, and industry professionals. The company organizes a major event that attracts hundreds of exhibitors and thousands of visitors, positioning itself as a key marketplace in the furniture manufacturing and retail sectors. The website is built on WordPress and integrates multiple marketing and analytics tools, including Google Tag Manager, Facebook Pixel, and RD Station, indicating a moderate level of digital maturity. However, the site lacks a valid SSL certificate, which undermines secure communications and user trust. The absence of explicit privacy and terms of service policies, combined with limited security headers and no DNSSEC, suggests gaps in compliance and security posture. Overall, Movelsul Brasil demonstrates a solid business presence with room for improvement in technical and security domains.