Security Directory

E

ESPRIT St.Gallen

stgallenbusinessreview.com

28

St. Gallen Business Review is a student-run business magazine published by ESPRIT St.Gallen, affiliated with the University of St.Gallen. It provides independent journalism focused on business, entrepreneurship, finance, economics, politics, and sustainability. The website features a membership program (SGBR+) offering exclusive early access to content. Technically, the site is built on WordPress with modern plugins and libraries, delivering a good user experience with mobile responsiveness and clear navigation. Security posture is adequate with HTTPS enabled but lacks security headers and explicit privacy or cookie policies. No direct contact emails or phone numbers are provided, but a contact form is available. The domain registration details align with the business claims, supporting legitimacy.

B

Betagy Ltd

betagy.com

33

Betagy Ltd is a technology company specializing in scalable cloud-based software solutions and business intelligence for online and retail business operations. The company offers a comprehensive suite of services including omnichannel digital offerings, CRM, third-party integrations, and localization, targeting diverse sectors such as hospitality, entertainment, and finance. With offices in Malta and Serbia, Betagy leverages international talent to deliver customizable and integrated software platforms. Technically, the website uses modern web technologies including Bootstrap and jQuery, with a focus on responsive design and modular architecture. However, the site lacks visible security headers and published privacy or cookie policies, indicating areas for improvement in security and compliance. Overall, the website is professional and informative but would benefit from enhanced security practices and privacy compliance to strengthen trust and regulatory adherence.

S

Streamline Financial Services

streamlineplanning.com

53

Streamline Financial Services is a small financial advisory firm specializing in retirement planning, investment management, and tax reduction services. The company emphasizes fiduciary responsibility and employs multiple certified professionals including CFP®, CFA, and other financial designations. Their target audience is individuals seeking to take control of their retirement and financial life. The website is built on the HubSpot CMS platform, leveraging modern web technologies such as jQuery, Font Awesome, and embedded Typeform for client engagement. The site is well-structured, mobile-optimized, and provides clear navigation and professional content including client testimonials and certifications. Security posture is adequate with HTTPS enforced and no exposed sensitive data, but lacks explicit security headers and a public security policy. Privacy compliance is weak due to absence of privacy and cookie policies or consent mechanisms. Contact information is clearly presented with phone, physical address, and an embedded contact form. Overall, the website presents a trustworthy and professional image with room for improvement in privacy compliance and security best practices.

D

Društvo arhitekata Zadra

zda.hr

43

Društvo arhitekata Zadra is a professional non-profit association of architects based in Zadar, Croatia. The organization focuses on architectural and urban planning activities including workshops, competitions, consultations, and community engagement. Their website serves as a hub for news, projects, and events relevant to their members and the local community. The association targets architects, urban planners, students, and citizens interested in urban development and architecture. The business model is centered on professional development and advocacy rather than commercial sales. Technically, the website is built on WordPress using a modern theme and several plugins that enhance functionality such as GDPR compliance, contact forms, and mapping. The site is mobile-optimized and uses standard web technologies like Bootstrap, jQuery, and media players. Performance is moderate with good SEO and accessibility basics in place. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms compliant with GDPR. However, it lacks explicit security headers and incident response policies. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website's claims, indicating legitimacy and consistency. Overall, the website presents a professional and trustworthy front for the association with good privacy compliance and moderate technical sophistication. Strategic improvements in security headers and incident response documentation would enhance their security posture further.

P

PharmaLundensis

pharmalundensis.se

45

PharmaLundensis is a Swedish pharmaceutical company specializing in the development of drugs that bind and excrete heavy metals such as mercury, lead, and cadmium from the human body. Their flagship product candidate, Phal-501, targets diseases linked to heavy metal toxicity including COPD, depression, and chronic fatigue syndrome. The company maintains a professional web presence with investor relations, project descriptions, and contact information clearly presented. The website is primarily in Swedish with English language support, targeting patients, investors, and healthcare professionals interested in novel pharmaceutical treatments. Technically, the website is built on WordPress with modern plugins including Yoast SEO, WPML for multilingual support, and MonsterInsights for Google Analytics tracking. The site is mobile optimized and uses HTTPS with a cookie consent mechanism compliant with GDPR principles. Performance is moderate with good SEO and accessibility basics in place. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. However, the site lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced trust and compliance. Privacy compliance is partial due to absence of a dedicated privacy policy page. Overall, PharmaLundensis presents a credible and professional digital footprint consistent with a small but focused pharmaceutical company. Strategic improvements in privacy and security disclosures would strengthen compliance and user trust.

H

Handheld Group AB

handheldgroup.com

53

Handheld Group AB is a Swedish manufacturer specializing in rugged mobile computing devices such as handhelds and tablets designed for tough environments. Positioned as one of the fastest growing companies in this niche, they operate globally through reseller partnerships and recently transitioned operations to their parent company MilDef Products AB. Their website reflects a professional and well-structured digital presence with comprehensive product and support information, targeting businesses requiring durable computing solutions. Technically, the site is built on WordPress with modern SEO and analytics integrations, offering good performance and mobile optimization. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit security policies and incident response contacts are absent. Overall, the domain registration and business information are consistent and trustworthy, supporting a high legitimacy score.

E

Effekt SPU AB

effekt.se

31

Effekt SPU AB is a Swedish technology company specializing in delivering customizable business solutions based on Microsoft Dynamics 365 Business Central integrated with the Bizzjoiner customer portal. Established in 1997, the company has completed over a thousand projects and serves a broad business audience seeking ERP and customer portal solutions. Their website reflects a professional and consistent brand image with clear contact information and client trust indicators. Technically, the site is built on Drupal 7 with a variety of JavaScript libraries and tracking tools, offering moderate performance and good mobile optimization. Security posture is adequate with HTTPS and cookie consent mechanisms, though the use of outdated jQuery and lack of explicit security headers present moderate risks. Privacy compliance is basic but present, with GDPR-aligned cookie policies. Overall, the website is credible and trustworthy with room for technical and security improvements.

X

xperitus

xperitus.com

49

xperitus is a well-established Oracle Partner specializing in ERP systems, particularly Oracle JD Edwards and NetSuite, with over 15 years of experience serving clients primarily in the Nordic region. The company offers comprehensive consulting services including ERP implementation, project management, and support, targeting businesses across manufacturing, distribution, life sciences, and oil & gas sectors. Their market position is strong as a leading Oracle JD Edwards provider in the Nordic market, supported by a professional and content-rich website that clearly communicates their expertise and service offerings. Technically, the website is built on the HubSpot CMS platform, leveraging modern web technologies such as jQuery, Slick Carousel, and Google Tag Manager. The site demonstrates good performance, mobile optimization, and accessibility standards. Security is robust with HTTPS enforced, secure iframe embeds, and a cookie consent mechanism, although explicit security policies and incident response contacts are not published. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. Business credibility is high, supported by clear contact information, customer testimonials, and trust indicators such as Oracle Partner certification. Overall, xperitus presents a trustworthy and professional digital presence with minor recommendations to enhance security transparency and incident response readiness.

C

Cloudmore AB

cloudmore.com

53

Cloudmore AB operates a sophisticated digital commerce platform tailored for managed service providers (MSPs) and related technology sectors. The platform focuses on subscription management, billing automation, and scalable integration solutions that help MSPs streamline operations and enhance customer experience. Positioned as a B2B SaaS provider, Cloudmore targets MSPs, CSPs, distributors, and telcos, offering a comprehensive suite of tools to unify sales, billing, and service delivery processes. The website reflects a mature digital presence with consistent branding and professional content, supported by HubSpot CMS and marketing technologies.

Q

Qvantel Oy

qvantel.com

52

Qvantel Oy is a Finnish telecommunications software company specializing in no-code/low-code Business Support Systems (BSS) for communication service providers. Their flagship product, Qvantel Flex BSS, is a cloud-native, microservices-based platform designed to accelerate digital transformation and business agility for CSPs globally. The company positions itself as an innovator with a strong track record of delivering large-scale digital transformations and managed services to leading telcos. The website reflects a professional and consistent brand presence with comprehensive content targeting CSPs and digital brands. Technically, the site is built on HubSpot CMS with modern JavaScript libraries and integrates multiple marketing and analytics tools, including Google Analytics, LinkedIn Insight Tag, and Leadfeeder. Security posture is strong with HTTPS, security headers, and ISO 27001 certification prominently displayed, although explicit security policies and incident response contacts are not found. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates a mature digital presence with good content quality, technical implementation, and business credibility.

M

MAC Group

mac-financial.com

52

MAC Group is a well-established financial services provider based in the Isle of Man, founded in 2004. It is the largest independent financial advisory and insurance broking group in the region, serving both corporate and private clients. The company offers a range of services including employee benefits advice, private client financial services, and commercial insurance broking. Their market position is strong within the Isle of Man, supported by a consistent brand presence and clear business information. The website reflects a professional and user-friendly design, optimized for mobile devices and SEO, leveraging WordPress with the Divi theme and Yoast SEO plugin. Privacy and cookie policies are comprehensive and GDPR compliant, with an active consent mechanism.

Hospice Isle of Man is a well-established non-profit organization dedicated to providing palliative and end of life care services to the Isle of Man community. The website clearly communicates its mission, services, and ways to support through donations, volunteering, and events. It targets patients, families, healthcare professionals, and donors with a comprehensive range of hospice-related services including specialized children's care at Rebecca House. The organization maintains a strong community presence and transparent communication channels.

N

Netcetera Ltd

netcetera.co.uk

54

Netcetera Ltd is a well-established UK-based web hosting and datacentre service provider founded in 1996, serving customers in over 75 countries. Their offerings include domain registration, email hosting, cloud servers, website building tools, and security services. The company positions itself as a reliable and customer-focused hosting partner with a strong reputation in the European market. Technically, the website employs modern web technologies such as Bootstrap, jQuery, and Google Tag Manager, delivering a responsive and user-friendly experience. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though improvements in security headers and incident response disclosures are recommended. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks a cookie consent mechanism. Overall, the website demonstrates good professionalism, trustworthiness, and business credibility.

A

Aerotech International Limited

aerotech.im

45

Aerotech International Limited is a well-established aviation technical consultancy firm based in the Isle of Man, with over 20 years of experience and a global network of consultants. The company specializes in aircraft transitional support and offers a wide range of services including project management, lease transitions, maintenance representation, and regulatory support. Their market position is strong as a legacy global leader with a clear focus on aviation industry clients. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the website is built on WordPress using the Divi theme and incorporates modern web technologies such as jQuery and slick carousel plugins. The site is mobile optimized and performs moderately well, though there is room for improvement in accessibility and SEO. Security-wise, the site uses HTTPS with a good SSL configuration but lacks important security headers and explicit security policies, which could be enhanced to improve the overall security posture. Overall, the website is credible and trustworthy with clear business information and contact details. However, it lacks cookie consent mechanisms and detailed privacy compliance features, which are important for GDPR adherence. No WAF or blocking mechanisms were detected, allowing full content access and analysis.

C

Cēsu novada pašvaldība

cesis.lv

45

Cēsu novada pašvaldība operates as the official municipal government for the Cēsis region in Latvia, providing a comprehensive range of public services including social support, education, cultural activities, tourism promotion, and local development projects. The website serves as a central information hub for residents, businesses, and visitors, offering detailed legal documents, news updates, and access to e-services. The site demonstrates a strong commitment to transparency and community engagement, with extensive documentation and clear contact information. Technically, the website employs a mature JavaScript stack with jQuery, Slick Carousel, and accessibility features, ensuring good user experience across devices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though there is room for improvement in security headers and incident response disclosures. Overall, the site is professional, trustworthy, and well-maintained, reflecting the municipality's role and responsibilities effectively.

A

Appac Mediatech Pvt. Ltd

appacmedia.com

37

Appac Mediatech Pvt. Ltd is a digital marketing and web development agency based in Coimbatore, India, with over 18 years of experience. The company offers a wide range of services including SEO, social media marketing, web design and development, corporate branding, and ecommerce solutions. Positioned as a leading B2B agency in South India, Appac emphasizes 100% in-house production and strong domain knowledge in industries such as manufacturing, healthcare, education, and real estate. The website reflects a professional and consistent brand image with good content quality and user experience. Technically, the website uses a traditional Apache server on Ubuntu, with common JavaScript libraries and tools such as jQuery, Owl Carousel, Google Tag Manager, Ahrefs Analytics, and Microsoft Clarity. However, the site lacks a valid SSL certificate and proper DNS records, which significantly impacts its security posture. The absence of HTTPS and security headers exposes the site to risks and reduces trustworthiness. Performance metrics are missing, but the site appears to have moderate mobile optimization and basic accessibility features. From a security perspective, the site has critical issues including no valid SSL certificate, no HSTS, no OCSP stapling, and no security.txt or incident response policies. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR indicators. Business credibility is supported by multiple trust signals such as Google Partner status, client testimonials, and active social media presence. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data. Strategic recommendations include installing a valid SSL certificate, configuring DNS properly, enabling security headers, and implementing cookie consent mechanisms.

H

HEIDI Chocolat SA

heidi-chocolate.com

37

HEIDI Chocolat SA is a premium chocolate manufacturer and retailer based in Romania, established in 2002. The company offers a wide range of chocolate products including pralines, tablets, personalized chocolates, and seasonal items, targeting chocolate consumers worldwide. The website reflects a medium-sized retail business with a focus on craftsmanship, natural ingredients, and positive brand messaging. Technically, the website uses a modern JavaScript stack with libraries such as jQuery, Owl Carousel, and integrates marketing and analytics tools like Facebook Pixel, Google Analytics, and Klaviyo. The site is mobile-optimized and provides a good user experience with clear navigation and product presentation. Security-wise, the site uses HTTPS and implements cookie consent mechanisms compliant with GDPR, but lacks explicit security policies or incident response contacts. Overall, the domain registration and business information are consistent and legitimate, supporting a trustworthy online presence.

P

Pantec Engineering AG

pantec.com

46

Pantec Engineering AG is a medium-sized manufacturing and technology company based in Liechtenstein, specializing in laser and optical systems, control solutions, drive technology, and metrology. The company operates multiple specialized subsidiaries, each focusing on distinct industrial sectors such as automation, biosolutions, dynamics, embellishment, and metrology. Their website reflects a professional and consistent brand image, targeting industrial clients and machinery manufacturers. The business model is B2B with a focus on engineering and technology services. Technically, the website uses a modern tech stack including jQuery, RequireJS, Bootstrap, and various UI and mapping libraries, built on the proprietary eboxx Enterprise System CMS. The site is mobile optimized, accessible, and SEO friendly, with good performance and structured navigation. Security-wise, the site enforces HTTPS and implements cookie consent mechanisms, but lacks explicit security headers and a published security or incident response policy. No vulnerabilities or exposed sensitive data were detected. Overall, the domain registration details align well with the business claims, indicating high legitimacy and trustworthiness.

Angelini Pharma Österreich GmbH operates as a pharmaceutical company specializing in brain health, oncology, pain management, and consumer health products. The company is part of the larger Angelini S.p.a. group and maintains a strong market presence in Austria and several European countries. Their website reflects a professional and consistent brand image, targeting healthcare professionals and consumers with comprehensive product and research information. Technically, the website employs modern JavaScript libraries such as jQuery, Slick Slider, and Piwik PRO for analytics, combined with a consent management platform to ensure GDPR compliance. The site is mobile-optimized and structured for good SEO and accessibility, although some accessibility features could be enhanced. From a security perspective, the site enforces HTTPS and uses privacy-conscious analytics with anonymization options. However, it lacks explicit security headers and a published security policy or incident response contact, which are recommended for improved security posture. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website demonstrates a mature digital presence with strong privacy compliance and business credibility. Strategic improvements in security headers and incident response transparency would further enhance trust and resilience.

N

Nimbus Structure

orage4u.com

51

Nimbus Structure is a small technology company specializing in cloud transformation services, including Microsoft Azure, Kubernetes, OpenShift, and DevOps methodologies. Their website presents a professional image focused on helping businesses transition to resilient multi-cloud environments with high availability and performance. The company emphasizes certifications and continuous improvement in cloud technologies. Technically, the website uses a modern JavaScript stack with jQuery and third-party libraries, and it employs a cookie consent mechanism with EU-hosted Matomo analytics, indicating a moderate level of digital maturity and privacy awareness. Security posture is moderate with session management and cookie consent but lacks visible security headers and explicit privacy or security policies. Overall, the website is accessible, well-structured, and professionally designed but could improve transparency and security practices. Strategic recommendations include publishing clear privacy and security policies, enhancing security headers, and providing explicit contact information to improve trust and compliance.

M

Markant AG

markant.com

42

Markant AG is a well-established European service provider specializing in connecting suppliers and retailers within the food retail, wholesale, and specialty trade sectors. The company offers a broad range of services including payment processing, finance and security, product information management, and market analysis, aiming to optimize and automate supply chain and administrative processes. With a strong market presence, Markant serves over 15,000 suppliers and 200 retailers across multiple countries, positioning itself as a key player in the retail services industry. The website reflects a mature digital infrastructure built on TYPO3 CMS, integrating modern tracking and video technologies to enhance user engagement and marketing efforts. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although explicit security headers and incident response policies could be improved. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR requirements.

Y

YUMMY Publishing GmbH

yummy.digital

35

YUMMY Publishing GmbH operates the digital publishing platform Yumpu.com, providing tools for converting documents into online magazines with a global user base. The company targets publishers and businesses seeking innovative digital publishing solutions, leveraging cloud hosting and advanced rendering technologies. The website presents a professional brand image with notable client logos and a clear business focus on digital content publishing. Technically, the site uses SilverStripe CMS and common frontend libraries but lacks HTTPS, which is a critical security gap. The absence of SSL/TLS and security headers exposes the site to risks and undermines user trust. Privacy compliance is minimal, with no cookie consent mechanism detected and only a basic privacy policy available. Overall, the site is functional and informative but requires urgent security improvements to meet modern standards.

T

Theater Regensburg

theaterregensburg.de

25

Theater Regensburg is a public theater institution located in Regensburg, Germany, offering a diverse range of cultural performances including music theater, dance, and plays. The website serves as a portal for event information, ticket sales, and community engagement, targeting local and regional audiences interested in cultural arts. The business operates primarily in the hospitality and cultural sector with a medium-sized organizational footprint. Technically, the website employs a modern frontend stack with libraries such as jQuery, Bootstrap, and Font Awesome, providing a good user experience and mobile optimization. However, the absence of a valid SSL certificate and missing DNS records represent significant technical and security shortcomings. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR. The site maintains active social media channels and provides clear contact information, enhancing business credibility. Overall, the website is functional and professional but requires urgent improvements in security infrastructure to protect user data and improve trust.

SCHOLLENBERGER Kampfmittelbergung GmbH is a specialized service provider in ordnance and explosive material recovery operating primarily in Austria and Germany. Established in 2009 and employing around 380 staff, the company offers comprehensive services including surface and depth probing, aerial image evaluation, and diving operations. It is part of the SOCOTEC Group, which enhances its market position and operational capabilities. The website presents detailed business information and service descriptions targeting industrial, governmental, and private clients requiring ordnance clearance and related environmental services. Technically, the site is built on TYPO3 CMS with modern frontend libraries but suffers from critical security shortcomings such as lack of HTTPS and DNS misconfigurations. These issues undermine trust and expose the site to risks. No privacy or cookie consent mechanisms are implemented, which may affect GDPR compliance. Overall, the business is credible and professional, but the digital infrastructure requires urgent security and technical improvements.

Z

Zertifizierungsstelle ERC

e-r-c.at

40

ERC is a European certification body specializing in the railway sector, offering comprehensive vehicle approval services primarily in the German-speaking region of Europe. Their key services include TSI conformity assessment as a Notified Body, ECM certification, and DeBo and AsBo evaluations. The website is professionally designed using Joomla CMS with a Bootstrap framework, providing clear navigation and relevant content in German with English alternatives. Technically, the site uses a valid SSL certificate but lacks modern TLS protocol support and advanced security headers, which slightly reduces its security posture. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR explicit indicators. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and trustworthy but would benefit from security and privacy improvements.

K

Klippa App B.V.

klippa.com

59

Klippa App B.V. is a Dutch technology company specializing in AI-driven document automation solutions that help businesses reduce operational costs, save time, and prevent fraud. Their market position is strong, serving over 1000 brands with products like DocHorizon and SpendControl, targeting finance professionals and enterprises across various sectors including banking, logistics, and public services. The company leverages modern web technologies and cloud infrastructure (Microsoft Azure) to deliver scalable and efficient services. Security practices are generally good with HTTPS and Cloudflare protection, but improvements in SSL/TLS configuration are recommended. The website demonstrates strong compliance with data protection regulations and holds relevant certifications such as ISO 27001 and ISO 9001. Overall, Klippa presents a professional, trustworthy, and technically mature digital presence.

G

Glanzer cosmetic engineering GmbH & Co KG

donau-kanol.com

37

Glanzer cosmetic engineering GmbH & Co KG is a well-established Austrian manufacturing company specializing in cosmetics, household cleaners, and biocides. With over 90 years of experience and 100% production in Austria, the company positions itself as a full-service partner for B2B clients seeking high-quality product development and manufacturing services. The website reflects this positioning with clear business descriptions, contact information, and a professional design. Technically, the site uses a modern technology stack centered around Craft CMS and popular JavaScript libraries, but suffers from poor performance metrics and lacks HTTPS security. Security posture is weak due to the absence of a valid SSL certificate and missing security headers, exposing the site to potential risks. Privacy compliance is also lacking, with no privacy or cookie policies present. Overall, the site is functional and professional but requires urgent improvements in security and compliance to reduce risk and enhance trust.

MS Design GmbH is a medium-sized manufacturing company based in Tirol, Austria, specializing as a system supplier to the automotive industry. Founded in 1983, the company offers comprehensive services from design and prototyping to production start, emphasizing quality, innovation, and customer satisfaction. Their market position is supported by multiple certifications including IATF 16949 and ISO standards, reflecting a strong commitment to quality and environmental management. Technically, the website is built on TYPO3 CMS with a modern but basic technology stack including jQuery and various UI libraries. While the site is well-structured, mobile-optimized, and SEO-friendly, it lacks HTTPS support and a valid SSL certificate, which is a critical security gap. The hosting environment appears to be a Plesk-managed Apache server without advanced security configurations such as HSTS or DNSSEC. From a security perspective, the absence of HTTPS and modern TLS protocols severely impacts the site's security posture. Although some security headers are present and email obfuscation is implemented, the lack of encryption exposes users to risks. Privacy compliance is addressed with visible privacy and cookie policies and consent mechanisms, but incident response and vulnerability disclosure information are missing. Overall, the website demonstrates good business credibility and content quality but suffers from critical security shortcomings. Strategic improvements in SSL implementation and enhanced security headers are recommended to elevate trust and compliance.

A

A-Commerce

a-commerce.at

22

A-Commerce is a German-language online magazine specializing in e-commerce news, business insights, and marketing strategies primarily targeting e-commerce professionals and entrepreneurs in Austria and German-speaking regions. The website offers regularly updated content including articles, interviews, and tool reviews, positioning itself as a niche media outlet in the e-commerce sector. Technically, the site is built on WordPress with a modern tech stack including PHP 8, nginx, and various JavaScript libraries for UI enhancements. However, the site lacks HTTPS, which is a critical security deficiency. The cookie consent mechanism is implemented and GDPR compliant, but no explicit contact or security policies are published. Overall, the site demonstrates good content quality and user experience but requires urgent security improvements.

PÖTTINGER Landtechnik GmbH operates as a large manufacturing company specializing in agricultural machinery with a strong international presence, offering localized content and partner portal access. The website demonstrates a good level of content quality, multi-language support, and user engagement features such as cookie consent and partner login. Technically, the site uses ASP.NET with common frontend libraries like jQuery and Bootstrap, hosted on a provider indicated by DNS records. However, the absence of a valid SSL certificate and lack of modern TLS support represent critical security weaknesses. Privacy compliance is well addressed through detailed cookie policies and consent mechanisms, reflecting GDPR awareness. Overall, the site is professional but requires urgent security improvements to protect user data and maintain trust.

U

Unisto

unisto.co.uk

26

Unisto is a mature manufacturing company specializing in security seals and brand profiling solutions, operating globally with Swiss quality standards. The website reflects a professional business presence targeting companies requiring security and brand protection products. Technically, the site is built on TYPO3 CMS with modern frontend libraries such as jQuery, Swiper, and Bootstrap, hosted by Fasthosts Internet Ltd. However, the absence of HTTPS/SSL is a critical security flaw that undermines user trust and data protection. Privacy and cookie policies are implemented with a consent mechanism, but direct contact details are limited to forms without explicit emails or phone numbers. Overall, the website is functional and professional but requires urgent security improvements.

S

SimTech GmbH

simtechnology.com

31

SimTech GmbH is a specialized software company providing advanced simulation technology primarily for energy and chemical engineering sectors. With over 30 years of experience, the company offers simulation software (IPSEpro), model libraries, consulting, and training services targeted at plant manufacturers, consultants, and R&D organizations. The website reflects a professional and consistent brand with clear business information and reputable client references. Technically, the site is built on Joomla CMS with modern frameworks but lacks HTTPS, which is a critical security gap. Security headers are present but insufficient without SSL/TLS. Privacy compliance is good with a clear privacy policy, though no cookie consent mechanism is implemented. Overall, the site is content-rich and trustworthy but requires urgent security improvements to protect user data and enhance trust.

L

LKB

lkb.eu

23

LKB is a small healthcare-focused company based in Austria, specializing in the supply and distribution of life science and routine medical diagnostics products. The company holds ISO 9001 certification and emphasizes customer and technical support, targeting laboratories and medical diagnostics professionals. The website presents a professional design with clear navigation and relevant content, supporting the company's market position as a trusted supplier in the region. Technically, the website uses modern frontend technologies such as Bootstrap 5 and jQuery, hosted on SuperHosting.bg, but lacks HTTPS support and advanced security configurations, which significantly impacts its security posture. The absence of SSL/TLS encryption and security headers exposes the site to risks and undermines user trust. Privacy compliance is minimal, with a privacy policy present but no cookie policy or consent mechanisms. Contact information is comprehensive and clearly displayed, enhancing business credibility. Overall, while the business and website demonstrate professionalism and market relevance, critical security improvements are necessary to protect users and data.

B

Barmherzige Brüder Wien

bbwien.at

38

Barmherzige Brüder Wien operates as a large, well-established non-profit hospital in Austria, providing a broad range of medical services and patient care. The website reflects a mature digital presence with comprehensive content, clear navigation, and active social media engagement. Technically, the site uses a modern CMS (siteswift) and popular JavaScript libraries to enhance user experience. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in all traffic being served over HTTP, which exposes users to potential interception risks. The site implements GDPR-compliant privacy and cookie consent mechanisms, indicating awareness of privacy regulations. WHOIS data confirms domain legitimacy and consistency with the hospital's identity. Overall, the site is professional and trustworthy but urgently requires HTTPS implementation to secure user data and improve security posture.

W

WestLicht

westlicht.com

40

WestLicht is a well-established cultural venue in Vienna specializing in photography exhibitions, a camera museum, and related services such as a bookshop and café. The website targets photography enthusiasts and cultural visitors, offering detailed information about exhibitions, events, memberships, and retail options. The domain age of 24 years and consistent WHOIS data support the legitimacy and maturity of the business. Technically, the site uses a modern JavaScript stack with jQuery, Swiper.js, and Google services integrated, managed via the siteswift CMS and hosted by Hetzner Online GmbH. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. The site implements a cookie consent mechanism compliant with GDPR, but lacks explicit security policies or incident response information. Overall, the website is professionally designed with good content quality and user experience but requires urgent security improvements to protect visitors and enhance trust.

P

Pörner Ingenieurgesellschaft mbH

poerner.at

38

Pörner Ingenieurgesellschaft mbH is a well-established independent engineering company specializing in process engineering plant construction, headquartered in Vienna, Austria. With approximately 550 engineers across 10 European locations, the company serves industrial sectors including refineries, petrochemical, chemical, energy, gas, and pharmaceuticals. Pörner is recognized globally for its Biturox® bitumen oxidation technology, having licensed and built over 60 plants worldwide. The website reflects a professional business presence with comprehensive service descriptions and active news updates. Technically, the site is built on TYPO3 CMS with common JavaScript libraries, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, lack of security headers, and no advanced SSL features. Privacy compliance is strong with a clear cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and enhance trust.

B

BAUR GmbH

baur.at

29

BAUR GmbH is a well-established Austrian company specializing in high-precision testing and measurement technology for electrical energy distribution systems, with a strong market position as a leader in cable fault location, cable testing, and insulating oil testing. The company operates internationally with multiple subsidiaries across Europe, the Americas, and Africa, offering products, services, and training to ensure reliable energy supply. Technically, the website is built on a modern JavaScript stack with RequireJS, jQuery, and various UI libraries, hosted on an Apache server. However, the primary domain baur.at lacks HTTPS, which is a significant security concern, although the main content is served securely on baur.eu. Security headers are partially implemented, but the absence of SSL/TLS and modern protocols reduces the security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website demonstrates good business credibility and technical maturity but requires urgent security improvements to protect user data and enhance trust.

S

Siblik Elektrik GmbH & Co. KG

siblik.com

39

Siblik Elektrik GmbH & Co. KG is a medium-sized Austrian company specializing in electrical and building technology solutions, including smart home products and professional training. The company maintains a professional and content-rich website powered by TYPO3 CMS, targeting electrical contractors and end customers in Austria. Their market position is supported by multiple physical locations and a consistent brand presence. Technically, the website uses modern web technologies and integrates analytics and marketing tools, but lacks HTTPS security, which is a critical vulnerability. The security posture is weak due to the absence of SSL/TLS and related security headers, exposing users to potential risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Kathrein USA operates as a technology company specializing in broadcast, cellular, and IoT antennas, providing connectivity solutions primarily targeting businesses in telecommunications and related sectors. The website presents itself as a medium for sharing industry-related content and company information but lacks comprehensive contact and compliance documentation. Technically, the site is built on WordPress with common web technologies such as jQuery and Bootstrap, hosted behind Cloudflare. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture and user trust. Security headers are partially implemented, but critical modern TLS protocols and encryption are missing. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. The site uses Clicky Analytics for user tracking without clear privacy disclosures. Overall, the website demonstrates moderate business credibility but requires significant improvements in security and privacy to meet industry standards.

ISIS Papyrus Europe AG operates a comprehensive digital Customer Communication and Process Platform targeting large enterprises globally, especially in banking, insurance, and telecommunications sectors. The company offers a broad suite of software solutions including CCM, ECM, Intelligent Document Processing, Adaptive Case Management, and Omni-Channel communication platforms. The website reflects a mature, enterprise-grade business with strong market positioning, evidenced by partnerships with IBM and recognition from Gartner Peer Insights. Technically, the website employs a modern tech stack with Bootstrap, jQuery, and various multimedia integrations, but suffers from a critical lack of HTTPS due to an invalid or missing SSL certificate, severely impacting security posture. Security headers are present but insufficient without proper SSL/TLS. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism despite tracking scripts. Overall, the site is professionally designed and content-rich, but the lack of HTTPS is a major risk that must be addressed urgently.

A

ACI Worldwide

aciworldwide.com

40

ACI Worldwide is a mature, enterprise-level financial technology company specializing in global payments software and solutions. The company offers a broad portfolio of services including payments orchestration, fraud management, bill pay, and real-time payments, targeting banks, merchants, and billers worldwide. The website reflects a strong market position with extensive customer testimonials, partner logos, and a global reach across 95 countries. Technically, the site is built on WordPress hosted on WP Engine with Cloudflare CDN, leveraging modern marketing and analytics tools such as Google Tag Manager, Hotjar, and HubSpot. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture score. Security headers and content security policies are well implemented, but the lack of HTTPS is a major vulnerability. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

U

Universalmuseum Joanneum GmbH

museum-joanneum.at

40

The Universalmuseum Joanneum is Austria's oldest and second largest museum institution, operating 20 museums and one zoo across 14 locations in the Steiermark region. Founded in 1811, it offers a rich cultural, historical, and natural heritage experience to a broad audience including families, schools, and art enthusiasts. The website reflects a professional and comprehensive digital presence with excellent content quality and user experience, supported by a mature TYPO3 CMS platform. However, the technical infrastructure shows significant security weaknesses, notably the absence of a valid SSL certificate and lack of HTTPS support, which critically impacts the site's security posture. Privacy and cookie policies are well implemented and GDPR compliant, but incident response and security policy information are absent. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

T

The Ritz London

theritzlondon.com

35

The Ritz London is a prestigious luxury 5-star hotel located in Mayfair, London, offering premium accommodation, Michelin starred dining, and exclusive services such as chauffeur and butler service. The website reflects a high level of professionalism with rich multimedia content and clear navigation, targeting affluent travelers seeking an iconic hospitality experience. Technically, the site is built on WordPress with WooCommerce and uses common libraries like jQuery and Owl Carousel, hosted behind Cloudflare. However, a critical security issue is the absence of a valid SSL certificate and HTTPS, which significantly impacts the security posture. Privacy and terms policies are present, but no cookie consent mechanism is detected. The business information is consistent and trustworthy, supported by WHOIS data and trust indicators such as the Royal Warrant and affiliation with The Leading Hotels of the World.

F

Frequentis

frequentis.com

40

Frequentis is a well-established company specializing in safety-critical communication and information solutions with over 75 years of market presence. The company serves key sectors including civil aviation, defence, public safety, maritime, and public transportation, positioning itself as a leader with a strong focus on innovation and user-centric design. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation tailored to government agencies and large organizations. Technically, the site is built on Drupal 10 with modern libraries and integrates multiple marketing and analytics tools. However, the absence of a valid SSL/TLS certificate and HTTPS support is a significant security gap, impacting the overall security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Overall, the site demonstrates high business credibility but requires urgent security improvements to align with best practices.

U

Unisender

unisender.com

49

Unisender is a well-established Russian email marketing service founded in 2009, serving over 870,000 companies primarily in Russia and Belarus. The platform offers a comprehensive suite of marketing tools including email campaigns, chat-bots, SMS messaging, landing page creation, and automation features. The website is professionally designed, content-rich, and targets businesses and marketers seeking efficient communication solutions. Technically, the site is hosted on Yandex Cloud and built on WordPress, utilizing common JavaScript libraries and marketing SDKs. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Privacy and cookie policies are present and indicate GDPR compliance, though user tracking is extensive. Overall, the business demonstrates strong credibility and market presence but must urgently address security vulnerabilities to protect user data and maintain trust.

C

CorroHealth

para-hcfs.com

61

CorroHealth is a clinically led healthcare analytics and technology company focused on optimizing revenue cycle management for hospitals and health systems. The company offers a comprehensive suite of services including utilization management, clinical documentation improvement, medical coding, chargemaster services, claims management, denials management, and value-based care solutions. Their market position is strong within the healthcare technology sector, targeting healthcare providers seeking to improve financial performance through intelligent technology and analytics. The website reflects a mature business with a professional and consistent brand presence, supported by structured data and social media integration. Technically, the website is built on WordPress using the Divi theme and incorporates modern marketing and analytics tools such as HubSpot, Google Tag Manager, Hotjar, and Microsoft Clarity. However, performance is moderate to slow, and accessibility features are basic. The site is hosted likely on Amazon AWS infrastructure and uses a Sucuri Cloudproxy WAF for protection. From a security perspective, while several security headers are properly configured and HSTS is enabled, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability. There is no cookie consent mechanism despite the presence of tracking scripts, indicating a gap in privacy compliance. No explicit security or incident response policies are found on the site. Overall, the website demonstrates good business credibility and content quality but suffers from significant security shortcomings that should be addressed promptly to protect user data and maintain trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, implementing cookie consent, and enhancing privacy and security policies.

A

ASDASD srl

popwifi.it

38

PopWiFi is a small Italian telecommunications company specializing in wireless internet connectivity and fiber optic services targeted at residential and business customers in select provinces of Italy. The company offers various internet plans with promotional pricing and includes VoIP telephone services as an experimental feature. The website demonstrates a consistent brand presence with customer testimonials and active social media links. Technically, the site uses a modern front-end stack including Bootstrap and jQuery, but suffers from slow load times and lacks a valid SSL certificate, exposing users to security risks. Privacy and cookie policies are present and appear GDPR compliant, though no explicit consent mechanism is implemented. Overall, the business appears legitimate and regionally focused, but the lack of HTTPS and security headers significantly impacts its security posture.

A

ASDASD srl

asdasd.it

22

ASDASD srl is a small Italian telecommunications wholesale provider specializing in IP transit, co-location, DSL, and Layer-2 services. The company targets business and carrier customers in Italy and Europe, offering a range of connectivity and hosting solutions including POPWIFI and FiberSurf. The website presents a professional image with relevant content and clear service descriptions, supported by social media presence and physical contact information. Technically, the website runs on outdated Apache and PHP versions without HTTPS, which significantly impacts security posture. The absence of a valid SSL certificate and modern security headers exposes the site to risks and reduces trustworthiness. Privacy compliance is minimal, with a privacy policy and cookie policy present but lacking active consent mechanisms. Overall, the site is functional but requires urgent security upgrades to meet modern standards and improve user trust.

G

Generalitat de Catalunya

atm.cat

66

Autoritat del Transport Metropolità (ATM) is a public consortium under the Generalitat de Catalunya, managing integrated transport tariffs and mobility projects in the Barcelona metropolitan area. The website serves as an official portal providing comprehensive information about transport tariffs, mobility plans, transparency, and customer support. It targets residents and public transport users in Catalonia, offering multilingual content and links to related government services. The business model is public sector focused, emphasizing transparency and service delivery rather than commercial revenue. Technically, the website is built on the Liferay CMS platform with modern web technologies including React and Bootstrap. While the site is content-rich and accessible, performance is hindered by a high load time and large page size. The site is mobile optimized and includes accessibility features. SEO and metadata are well implemented, including Open Graph tags. Security posture is adequate with HTTPS enforced, valid SSL certificates, and email authentication via DMARC and SPF. However, advanced security headers like HSTS and DNSSEC are missing, and domain protection locks are not enabled, which could be improved. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is trustworthy and professionally maintained, reflecting its governmental nature. Recommendations include enhancing security headers, enabling DNSSEC, improving performance, and adding explicit security and incident response policies to further strengthen trust and compliance.

I

Interperformances

interperformances.com

24

Interperformances.com is a mature and established sports agency specializing in basketball player management, contract negotiation, marketing, and post-career planning. The website targets professional basketball players, agents, coaches, and teams globally. The business model is focused on athlete representation and sports management services. The company has a consistent brand presence and active social media engagement, supporting its market position as a recognized agency in the basketball sports sector. Technically, the website employs a variety of modern front-end libraries such as jQuery, Bootstrap, and Slick Carousel, hosted behind Cloudflare DNS services. However, the site suffers from slow load times and lacks HTTPS support, which is a significant technical and security deficiency. Mobile optimization is good, but accessibility and SEO optimizations are basic. From a security perspective, the absence of a valid SSL certificate and HTTPS support is a critical vulnerability that exposes users to risks such as data interception. The lack of security headers, HSTS, and OCSP stapling further weakens the security posture. No privacy or cookie policies are present, indicating poor compliance with data protection regulations. Incident response and vulnerability disclosure mechanisms are also missing. Overall, the website presents moderate business credibility but requires urgent improvements in security and privacy compliance to protect users and enhance trust. Strategic recommendations include implementing HTTPS, adding security headers, publishing privacy and cookie policies, and establishing incident response contacts.