Security Directory

Volkswagen Versicherungsdienst GmbH (VVD) is a medium-sized insurance service company operating as a subsidiary of Porsche Bank in Austria. It specializes in providing automotive insurance products and services to customers of Volkswagen Group brands and other vehicle owners. The website presents a professional and consistent brand image with comprehensive service offerings including liability, partial and full coverage insurance, legal protection, and additional guarantees. Technically, the site is built on Craft CMS and leverages Cloudflare for hosting and security, along with modern marketing and analytics tools such as Google Tag Manager and Facebook Pixel. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines the security posture. Privacy compliance is well addressed with a detailed privacy policy and cookie consent mechanism. Contact information is clearly provided, enhancing business credibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

A

apis labor GmbH

apislabor.at

37

apis labor GmbH is an Austrian company operating as the first fully digitalized GMP laboratory in Austria, offering laboratory and consulting services primarily to the life science sector across Austria and the European Union. The company emphasizes professionalism, flexibility, and extensive experience in the life science field. The website is built on the Squarespace platform, featuring professional design and basic mobile optimization, but lacks performance metrics and advanced accessibility features. Security posture is weak due to the absence of a valid SSL certificate and HTTPS, no modern TLS protocols enabled, and missing security headers such as HSTS. Privacy compliance is partial with a cookie consent banner present but no privacy policy or terms of service pages found. Contact information and social media presence are clearly provided, supporting business credibility. Overall, the website presents a legitimate business but requires significant improvements in security and privacy compliance to meet modern standards.

B

benteler.com

benteler.com

40

Security assessment incomplete. Successfully analyzed: nis2, emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr. 14 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

The domain ipnetcom.at currently hosts a minimal website that immediately redirects visitors to innonet.at. There is no substantive content, metadata, or business information present on the site itself. The domain is registered and DNS records point to a hosting provider associated with innonet.at, indicating a likely relationship or ownership. However, the lack of SSL/TLS encryption and absence of security headers represent significant security weaknesses. No privacy or cookie policies are published, and no contact or business details are provided on the site. Overall, the digital presence is minimal and does not support a standalone business website.

The website rccglivingspring.org is currently inaccessible due to a Cloudflare security challenge page that requires JavaScript and cookies to proceed. This prevents access to any meaningful content or business information. The domain is registered and uses Cloudflare for DNS and security services but lacks a valid SSL certificate, resulting in no HTTPS support. The site does not present any privacy, cookie, or terms of service policies, nor does it provide contact information or forms for user interaction. The technical infrastructure relies heavily on Cloudflare, but the absence of a valid certificate and the blocking of content severely limit the ability to assess the site's digital maturity or business credibility. Security headers are present but basic, and no advanced security features like HSTS are enabled. Overall, the site scores low on content quality, privacy compliance, and business credibility due to the lack of accessible content and security shortcomings.

S

Syensqo

cytec.com

40

Syensqo is a global science company focused on developing advanced, forward-looking solutions that enhance various sectors including energy, transportation, and manufacturing. The company positions itself as a market leader with a strong emphasis on innovation, sustainability, and investor transparency. Their website reflects a mature digital presence with comprehensive content targeting industrial clients, investors, and potential employees. Technically, the site is built on Drupal 10 with modern web technologies and integrates multiple analytics and marketing tools. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue for trust and data protection. Despite strong security headers and privacy policies, the missing SSL significantly impacts the overall security score. The domain registration details are consistent with the business claims, indicating legitimacy. Strategic recommendations include immediate SSL implementation and enhancement of security configurations to align with best practices.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Ingraphics Soluções & Imagens is a small digital marketing agency based in the ABC region of São Paulo, Brazil. The company offers a range of services including digital marketing, web design, graphic design, illustration, and campaign management. Their website demonstrates a professional approach with clear service offerings and client testimonials, targeting businesses seeking to improve their digital presence and marketing effectiveness. Technically, the website is built on WordPress using Elementor and integrates marketing tools such as ActiveCampaign and Yoast SEO, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Privacy policies and cookie consent mechanisms are present but basic, with no explicit GDPR compliance or incident response information. Overall, the site is functional and informative but requires urgent security improvements to meet modern standards.

O

Octapharma AG

octapharma.com

39

Octapharma AG is a leading global manufacturer of human protein therapies derived from plasma and human cell lines, serving patients in over 120 countries. The company operates a large network of plasma donation centers and production facilities, emphasizing patient engagement and innovation in immunotherapy, haematology, and critical care. The website is professionally designed with comprehensive content, including employee stories, press releases, and detailed product information. Technically, the site uses modern frameworks like Next.js and is hosted on AWS infrastructure, but suffers from critical SSL/TLS configuration issues, lacking a valid certificate and modern protocol support. Security headers are partially implemented, but the absence of HTTPS severely impacts the security posture. Privacy compliance is well addressed with clear policies and a cookie consent mechanism. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and trust.

T

Treibacher Industrie AG

treibacher.com

26

Treibacher Industrie AG is a well-established Austrian company specializing in chemical and metallurgical precursors with a global market presence and over 125 years of experience. The website reflects a professional and comprehensive digital presence with detailed product portfolios, sustainability focus, and clear contact information. Technically, the site is built on WordPress with modern plugins for SEO, caching, and cookie management, but critically lacks HTTPS, exposing visitors to security risks. Privacy compliance is well addressed with cookie consent and a detailed privacy policy. The absence of explicit security policies and incident response information suggests room for improvement in security governance. Overall, the site is trustworthy and business credible but requires urgent security enhancements.

Swarovski Group operates a comprehensive e-commerce platform showcasing its luxury jewelry, watches, and crystal decorations. The website reflects a mature digital presence with extensive product categorization, rich multimedia content, and integrated marketing and analytics tools. The brand maintains a strong market position as a leading global luxury retailer with a history dating back to 1895. Technically, the site leverages modern JavaScript libraries, Google Tag Manager, and third-party personalization and fraud prevention services, hosted on AWS infrastructure. However, a critical security concern is the invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the site's security posture. Privacy and cookie policies are well implemented and GDPR compliant, with clear contact channels available. Overall, the site is professional and trustworthy but requires urgent remediation of SSL issues to ensure secure user interactions.

FERNBACH Financial Software operates FlexFinance, a specialized software suite designed to optimize lending business processes including loan origination, credit lifecycle management, and risk management. The company targets banks and financial institutions, offering solutions that enhance efficiency, transparency, and compliance. With a user base exceeding 12,000 and over one million credit decisions processed annually, FERNBACH holds a solid position in the finance software niche, supported by multilingual capabilities and a consistent brand presence. Technically, the website employs modern front-end technologies such as jQuery, Bootstrap, and Popper.js, alongside analytics tools like Google Analytics and Microsoft Clarity. However, the site suffers from poor performance with a notably high load time and lacks a valid SSL certificate, which critically undermines its security posture. The absence of HTTPS and security headers exposes the site to potential risks, despite no detected vulnerabilities in SSL protocols themselves. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. Contact information is limited but present, primarily via a company email address. The overall website quality is good in terms of design, content relevance, and user experience, though technical and security improvements are necessary. Strategically, the company should prioritize securing its website with a valid SSL certificate and enabling HTTPS to protect user data and improve trust. Performance optimization and implementation of security headers would further enhance the site's security and user experience. Maintaining transparent privacy practices and expanding contact options could strengthen business credibility and customer confidence.

GCC is a large multinational company specializing in the production and distribution of cement, concrete, aggregates, and innovative construction products across Mexico, the United States, Latin America, and Canada. The company positions itself as a sustainable and innovative leader in the construction materials industry, targeting construction professionals and businesses. The website is built on WordPress with a modern tech stack including jQuery, Flickity, and integrates analytics and marketing tools such as Google Analytics, Google Tag Manager, and New Relic. While the site is professionally designed, mobile-optimized, and rich in content, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support. Security headers are partially implemented, and privacy compliance is well addressed with clear privacy and cookie policies including consent mechanisms. Contact information and business details are clearly presented, enhancing business credibility. Overall, the site demonstrates strong business and technical maturity but requires urgent remediation of SSL/TLS issues to improve security posture and user trust.

S

Samsung SDI Battery Systems GmbH

samsungsdibs.at

25

Samsung SDI Battery Systems GmbH is a medium-sized company specializing in the development, testing, and industrialization of advanced lithium-ion battery systems for electric and hybrid vehicles. Located in Kalsdorf near Graz, Austria, the company is part of the Samsung SDI family and holds multiple ISO certifications demonstrating a strong commitment to quality, environmental management, information security, and cybersecurity. The website presents a professional and content-rich digital presence targeting automotive OEMs and stakeholders in the e-mobility sector. Technically, the site is built on WordPress with Elementor and uses Matomo for analytics, but lacks HTTPS, which is a critical security shortfall. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the company shows a strong market position in energy and transportation sectors with a focus on sustainability and innovation.

Primetals Technologies is a global leader in metallurgical plant solutions, offering a comprehensive portfolio of services and technologies across the steel production value chain. Their website reflects a mature enterprise-level business with a strong focus on innovation, digitalization, and sustainability, including green steel initiatives. The company targets industrial clients and professionals in the steel and metallurgical sectors, providing automation, lifecycle services, and integrated plant solutions. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and includes multilingual support and professional design. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap that undermines data protection and user trust. Security headers are well implemented, but the lack of encryption and modern TLS protocols significantly lowers the security posture. Privacy compliance is well addressed with Cookiebot and Google Consent Mode integration, ensuring GDPR alignment. Overall, the site demonstrates high business credibility and professionalism but requires urgent security improvements to meet modern standards.

J

JUDO.eu

judo.eu

26

JUDO.eu is a well-established German company specializing in water treatment solutions, with a history dating back to 1936. The company offers a broad range of products including protective filters, softening systems, lime protection, dosing pumps, leakage protection, wellness, heating protection, and smart home water solutions. Their market position is strong with a focus on innovation and sustainability, targeting both professional and consumer markets internationally. Technically, the website is built on WordPress with a modern tech stack including jQuery, Bootstrap, and various plugins for SEO, cookie management, and user interaction. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security weakness. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

S

Security Company - Leading Security Solutions - Lodge Service

lodgeservice.com

40

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 29 security findings identified across all modules.

Silhouette International Schmied AG is a well-established manufacturer and market leader specializing in premium rimless eyewear. The company targets consumers and businesses seeking high-quality, innovative eyewear products. Their website reflects a professional brand image with consistent messaging and clear business focus. Technically, the website is built on modern technologies including Storyblok CMS and Vue.js, with content delivery optimized via Amazon CloudFront. However, the website lacks a valid SSL certificate and does not support HTTPS, which significantly undermines its security posture. Security headers are partially implemented but cannot compensate for the absence of proper encryption. Privacy and cookie policies are missing, indicating compliance gaps with GDPR and related regulations. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

A

Alicona Imaging GmbH

alicona.com

33

Alicona Imaging GmbH operates as a global provider of optical 3D metrology and surface roughness measurement solutions, specializing in non-contact measurement technologies based on Focus-Variation. The company targets manufacturing sectors such as automotive, aerospace, medical technology, and precision manufacturing, offering devices and automation solutions to enhance quality assurance and production measurement. The website reflects a mature digital presence with professional design, comprehensive content, and active engagement through blogs and events. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability that undermines user trust and data protection. The technical infrastructure leverages modern frameworks and CMS platforms, but performance issues such as slow load times need addressing. Privacy compliance is well managed with cookie consent mechanisms and clear privacy policies. Overall, Alicona demonstrates strong business credibility but must urgently improve its security posture to align with best practices and regulatory requirements.

objectflor Art und Design Belags GmbH is a medium-sized German company specializing in high-quality, innovative, and elastic flooring solutions, primarily vinyl and rubber floors. As a subsidiary of James Halstead plc, it serves 16 countries in Central Europe and holds a leading market position in the flooring industry. The company offers a broad product portfolio, including design floors, technical vinyl, and rubber flooring, complemented by services such as design studios, training seminars, and a partner network. The website is professionally designed, content-rich, and targets both B2B and B2C customers seeking sustainable and functional flooring solutions. Technically, the site runs on TYPO3 CMS with integrations for consent management and analytics, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and modern TLS protocols. This significantly impacts the security posture and overall trustworthiness of the site. Privacy compliance is well addressed with GDPR-consistent policies and consent mechanisms. Business credibility is strong, supported by certifications and transparent contact options. Strategic improvements in SSL deployment and security headers are essential to enhance user trust and protect data integrity.

Ö

ÖAR GmbH

oear.at

24

ÖAR GmbH is a consulting company specializing in regional development, organizational cooperation, and evaluation services primarily targeting organizations, communities, and regions. The company positions itself as a professional and experienced niche player with international reach, supported by a well-structured and content-rich website. Technically, the site is built on WordPress with common plugins and libraries, but suffers from a lack of HTTPS and valid SSL certificate, which significantly impacts its security posture. Privacy and legal compliance are well addressed with clear policies and contact information. Overall, the website is professional and trustworthy but requires urgent improvements in security to protect user data and enhance trust.

H

Heller Consulting

teamheller.com

27

Heller Consulting is a mature and reputable technology consulting firm specializing in nonprofit and higher education sectors. They provide tailored technology strategies and implementations focusing on platforms such as Salesforce, Microsoft, and Blackbaud. The company has a strong market position supported by client testimonials, certifications like Certified B Corporation, and partnerships with major technology providers. Technically, the website is built on WordPress with modern plugins and SEO tools, offering good mobile optimization and accessibility. However, the absence of HTTPS is a critical security gap, exposing users to potential risks. Privacy compliance is partial, with a privacy policy present but lacking cookie consent mechanisms. Overall, the business credibility is high, but security posture needs urgent improvement to protect user data and enhance trust.

K

Kaleidoscope GmbH

kaleidoscope.at

27

Kaleidoscope GmbH is a medium-sized technology company specializing in terminology management, quality management, translation, and documentation services. They provide a comprehensive suite of software and consulting services aimed at enabling businesses to communicate content globally in a consistent and efficient manner. Their market position is supported by long-standing client relationships and partnerships with technology providers such as Eurocom, Congram, and Greatcontent. The website is professionally designed, content-rich, and optimized for SEO, targeting companies seeking global content solutions. Technically, the site is built on WordPress with modern plugins and themes but lacks a valid SSL certificate, which is a significant security concern. The security posture is basic with several missing best practices, including HTTPS and TLS support. Privacy compliance is well addressed with cookie consent and privacy policies in place. Overall, the site is trustworthy but requires urgent security improvements.

The website bluedanuberobotics.com is currently inaccessible due to a DNS resolution error as indicated by the Cloudflare error page. This prevents access to any meaningful business content or contact information. The site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. The technical infrastructure relies on Cloudflare for DNS and hosting services, but the current misconfiguration or propagation delay is causing the site to be unreachable. Security headers are partially implemented but insufficient to ensure robust security. No privacy, cookie, or terms of service policies are present, indicating poor compliance posture. Overall, the site is not operational and presents significant risks and trust issues.

The website brf-global.com is currently inaccessible due to a Web Application Firewall (WAF) protection by Incapsula, which blocks all content and prevents any meaningful analysis of the site's business or security posture. The domain is mature, registered since 2014, and uses Azure DNS and Microsoft Outlook for mail services, indicating a legitimate registration and hosting setup. However, the absence of an active SSL certificate and the lack of accessible content severely limit the ability to assess the company's business model, services, or compliance with privacy regulations. The security posture is weak due to missing HTTPS and security headers, and no privacy or cookie policies are detectable. Overall, the site appears to be protected by strong domain registration controls but lacks visible digital maturity and security best practices on the web front.

I

ING

ing.at

40

The website ing.at serves as an informational landing page announcing the transfer of ING Austria's private banking business to bank99 AG as of November 30, 2021. It provides contact information for former customers and legal representatives handling specific cases. The site is primarily targeted at former ING Austria private banking customers and does not offer active banking services. Technically, the site uses modern web technologies including Lit for UI components, service workers for offline capabilities, and integrates third-party services such as Usercentrics for cookie consent and Webtrekk for analytics. However, the SSL configuration is critically flawed with no valid certificate and no TLS protocols enabled, severely impacting security posture. Security headers are well implemented but undermined by the lack of proper SSL. The domain registration and DNS records are consistent with a legitimate banking entity, and the site includes standard privacy and cookie policies compliant with GDPR. Overall, the site is professional and trustworthy in content but requires urgent remediation of SSL issues to ensure secure user access.

The website for t-systems.at is currently inaccessible, returning a 403 Forbidden error with minimal HTML content, indicating that access is blocked or restricted. The domain is registered and maintained by a reputable telecommunications entity associated with Telekom, as evidenced by DNS and WHOIS data. However, the lack of SSL/TLS encryption and absence of any visible website content or metadata severely limits the ability to assess the company's digital presence and user engagement. The technical infrastructure shows hosting behind an AWS Elastic Load Balancer but without proper HTTPS configuration, which is a critical security gap. Security posture is weak due to missing HTTPS, lack of security headers, and no advanced protections such as HSTS or OCSP stapling. Overall, the site is not currently usable for public interaction or business communication, and the security risks are significant due to the absence of encryption and content access restrictions.

F

Flint Group

flintgrp.com

40

Flint Group is a global enterprise specializing in manufacturing print consumables for the packaging and printing industries. The company emphasizes sustainable innovation, customer support, and ethical business practices, positioning itself as a global leader in its sector. The website reflects a professional and comprehensive digital presence with extensive content, clear navigation, and a focus on sustainability and corporate responsibility. Technically, the site uses modern analytics and tracking tools but lacks HTTPS support due to an invalid or missing SSL certificate, which is a significant security concern. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, Flint Group demonstrates strong business credibility but must address its SSL/TLS configuration to improve security posture and user trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

A

Active Solution Sverige AB

activesolution.se

38

Active Solution Sverige AB is a well-established Swedish technology consulting company founded in 1998, specializing in system development, cloud-based solutions, artificial intelligence, and digital transformation. The company holds recognized Microsoft Solutions Partner Designations and a specialization in building and modernizing AI applications with Microsoft Azure, indicating strong technical expertise and market positioning. Their website reflects a professional and content-rich presence, targeting businesses seeking innovative digital solutions and cloud transformation services. Technically, the site is built on Squarespace with integrations of HubSpot and Google Tag Manager for marketing and analytics, but suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support. This significantly impacts the security posture and user trust. While cookie consent mechanisms are implemented, the absence of privacy and terms of service policies indicates incomplete privacy compliance. Overall, the business appears credible and mature, but immediate attention is needed to secure the website with proper SSL/TLS configuration to protect visitors and maintain trust.

The website quorumconsulting.com currently serves only a minimal HTML page containing a JavaScript redirect to /lander, with no additional content, metadata, or business information. The domain is registered and active with GoDaddy nameservers but lacks a valid SSL certificate, resulting in no HTTPS support. This severely limits the site's security posture and trustworthiness. No privacy, cookie, or terms of service policies are present, and no contact or social media information is available. Overall, the site appears to be either under development or a placeholder with no meaningful public-facing content.

P

PARTNER Consulting+Projects GmbH

partner-cp.com

39

PARTNER Consulting+Projects GmbH is a specialized consulting and project realization company serving cultural institutions and museums primarily in Austria and beyond. With over 30 years of experience, the company offers comprehensive services including consulting, project management, sustainability solutions, and interim management. Their market position is well-established with a strong portfolio of projects and partnerships. Technically, the website is built on WordPress with modern plugins and hosted on WP Engine with Cloudflare CDN, reflecting a mature digital infrastructure. However, the lack of a valid SSL certificate and disabled TLS protocols represent significant security weaknesses. Privacy compliance is well addressed with GDPR-aligned cookie consent and privacy policies. Overall, the business demonstrates professionalism and trustworthiness but must urgently address its SSL/TLS security to protect user data and improve trust.

The website boutique1.com currently serves minimal content, appearing as a placeholder or parking page with no visible business or contact information. The domain is mature, registered since 2007 with GoDaddy.com, LLC, and shows strong domain protection and low expiry risk. However, the lack of a valid SSL certificate and absence of privacy or cookie policies indicate a low security and compliance posture. The technical infrastructure includes JavaScript and hosting on Amazon AWS, but performance is slow and SEO optimization is poor. Security best practices are not implemented, and no forms or user data collection mechanisms are present. Overall, the site lacks professionalism and trust indicators, resulting in a low AI score and high risk for user trust and compliance.

A

Axians ICT Austria GmbH

axians.at

40

Axians ICT Austria GmbH is a well-established IT service provider in Austria, offering a broad range of IT solutions including cloud services, cyber security, enterprise networks, and SAP consulting. The company targets business customers across various industries and emphasizes a human-centric approach to technology. Technically, the website is built on WordPress with modern libraries and integrates analytics and marketing tools such as Matomo and HubSpot. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. Privacy compliance is strong, with comprehensive policies and consent mechanisms in place. Overall, the website is professional and trustworthy but requires urgent improvements in its SSL/TLS configuration to enhance security and user trust.

The website cddiputados.gob.mx serves as a minimal redirect page to https://congresoedomex.gob.mx, indicating it is an official government domain related to the legislative body of the State of Mexico. The site lacks substantive content, policies, or contact information, reflecting a very basic web presence. Technically, the site is served by Apache over HTTP without SSL/TLS encryption, which is a significant security shortfall for any modern website, including government domains. The absence of security headers, DNSSEC, and other best practices further weakens its security posture. From a business perspective, the domain is consistent with government registration norms and appears legitimate, but the digital maturity is low. Overall, the site presents a low-risk profile due to its minimal functionality but requires urgent improvements in security and compliance to meet modern standards.

B

BioEnergy Consult

bioenergyconsult.com

25

BioEnergy Consult is a specialized advisory and consulting organization focusing on biomass energy, waste-to-energy, and waste management sectors. The website serves as a rich knowledge base with extensive articles targeting professionals and organizations interested in renewable energy and environmental sustainability. The technical infrastructure is based on WordPress with common plugins for SEO and analytics, but lacks HTTPS security, which is a critical vulnerability. The site has implemented privacy and cookie policies with consent mechanisms, but lacks explicit terms of service and security policies. Overall, the site is content-rich and professionally presented but requires significant security improvements to protect users and enhance trust.

R

Rosendahl Nextrom GmbH

rosendahlnextrom.com

39

Rosendahl Nextrom GmbH is a well-established global leader in production technologies serving the battery, cable & wire, and optical fiber industries. The company offers sophisticated manufacturing equipment and tailor-made solutions, targeting industrial manufacturers worldwide. The website reflects a mature business with a professional digital presence, including multi-language support and structured data for SEO. Technically, the site uses WordPress with Elementor and performance optimizations like WP Rocket, hosted behind Cloudflare CDN. However, a critical security gap exists as the site lacks HTTPS/SSL encryption, exposing users to potential risks. Privacy compliance is addressed with a privacy policy and cookie consent via Cookiebot. Business credibility is strong with clear contact forms and parent company affiliation to KNILL Gruppe. Overall, the site is content-rich and professionally maintained but requires urgent security improvements.

R

recomresearch.com

recomresearch.com

37

The website recomresearch.com is a mature domain registered since 1999 but currently serves as a parked domain with minimal content focused on advertising and related search results. There is no clear business description, contact information, or services offered, indicating it is not an active commercial site. The technical infrastructure relies on Bodis domain parking and Google advertising scripts, with no CMS or modern web frameworks detected. Performance is poor with a high load time, and mobile optimization is basic. Security posture is weak due to the absence of HTTPS, security headers, and DNSSEC, exposing the site to potential risks. Privacy compliance is minimal, lacking cookie consent mechanisms despite ad scripts. Overall, the site has low trustworthiness and business credibility, primarily serving as a monetized placeholder domain.

M

mehrwert.life

ihrmehrwert.at

22

The website ihrmehrwert.at represents a small Austrian consulting and coaching business focused on personal and business transformation for entrepreneurs. The company offers services to help clients develop new behaviors for improved life quality, operational stability, and business model innovation. The site is professionally designed with consistent branding and includes customer testimonials and LinkedIn profiles to build trust. Technically, the site uses the WebPlatform CMS hosted on Amazon AWS, with integrations such as Google Calendar and Google reCAPTCHA. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are minimal, and no incident response or security policies are published. Privacy and cookie policies exist but are hosted externally on Google Drive, with a cookie consent mechanism implemented. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

D

DDB Worldwide

tribalworldwide.com

40

DDB Worldwide is a highly ranked global advertising agency specializing in creative advertising and marketing services. The company operates an enterprise-level website built on WordPress, hosted on WP Engine and served via Cloudflare CDN, leveraging modern web technologies such as jQuery, Axios, and ReactPress. The website features professional design, clear navigation, and comprehensive privacy and cookie policies, indicating a mature digital presence. However, the absence of a valid SSL certificate significantly undermines the site's security posture, exposing users to potential risks and reducing trust. Security headers are well configured but cannot compensate for the lack of HTTPS. Contact information is limited to email addresses without phone numbers or physical addresses, and no explicit security or incident response policies are published. Overall, the site demonstrates good business credibility and privacy compliance but requires urgent security improvements.

PSI Software SE operates the website psimetals.com, providing specialized production management software solutions for the metals industry, including steel, aluminum, and copper manufacturing. Their flagship product, PSImetals, integrates SCM, APS, and MES functionalities to optimize production and logistics, with a strong emphasis on sustainability and decarbonization. The company targets industrial manufacturers seeking to improve operational efficiency and meet environmental standards. The website demonstrates a mature digital presence with comprehensive content, case studies, and customer references, reflecting a well-established market position. Technically, the site is built on TYPO3 CMS and leverages modern JavaScript libraries such as Vue.js, Axios, and Parsley.js for enhanced user experience and form validation. However, performance metrics are lacking, and the SSL/TLS configuration is critically deficient, with no valid certificate and no TLS protocols enabled, severely impacting security posture. The site includes privacy and cookie policies compliant with GDPR, and uses Google Analytics and Tag Manager for user tracking at a moderate level. Security-wise, while several security headers are implemented, the absence of a valid SSL certificate and HTTPS enforcement is a major vulnerability. DNS security features like DNSSEC and CAA are not enabled, and domain protection locks are missing, which could expose the domain to hijacking risks. No explicit incident response or security policy information is available on the site. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, enhancing DNS security, and publishing clear security and incident response policies.

D

Die Presse Verlags-Gesellschaft m.b.H. & Co KG

diepresse.com

40

Die Presse is a prominent Austrian media company operating a comprehensive online news portal offering premium journalism, podcasts, videos, and newsletters targeting German-speaking audiences primarily in Austria. The website demonstrates a mature digital infrastructure leveraging modern JavaScript frameworks (Vue.js), advanced consent management (Didomi), and multiple advertising and analytics platforms. However, the security posture is notably weak due to the absence of a valid SSL certificate and disabled TLS protocols, exposing users to potential risks. Privacy compliance is robust with clear policies and consent mechanisms in place. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect user data and maintain trust.

Condor is a well-established airline focused on providing affordable flights primarily between the USA, Canada, and Europe. The website offers comprehensive flight booking services, flexible fare options, and travel extras such as seat reservations and baggage management. The company targets travelers seeking convenient and cost-effective air travel solutions. Technically, the website is built on TYPO3 CMS and leverages Akamai CDN for content delivery, with modern JavaScript frameworks and cookie consent managed by Usercentrics, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and lack of HTTPS support, which severely impacts the security posture and user trust. Privacy compliance is well addressed with GDPR-consistent cookie consent mechanisms and clear privacy policies. Overall, the website is professional and user-friendly but requires urgent security improvements to protect user data and ensure secure transactions.

D

Design Storz GmbH

designstorz.com

35

Design Storz GmbH is a small, established Austrian design studio with over 38 years of experience specializing in automotive, product, graphic design, branding, and design strategy. The company serves international clients including major automotive brands and consumer product companies. The website is built on WordPress using popular plugins and page builders, presenting professional content and clear navigation primarily in German. However, the technical infrastructure lacks a valid SSL certificate and modern TLS protocols, exposing the site to security risks. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security or incident response policies are found. Overall, the business credibility is moderate, supported by consistent WHOIS data and a clear contact presence. The security posture is weak due to missing HTTPS and security headers, which should be addressed urgently to protect user data and improve trust.

Ing. Michael Josef EDER operates a small, specialized Baumeister (master builder) business based in Hallein, Austria, offering comprehensive construction planning, execution, management, and consultancy services primarily for private residential, commercial, and industrial clients. The company has an established local presence since 1995 and demonstrates professionalism through certifications and clear contact information. Technically, the website is built on WordPress with Elementor and Yoast SEO, showing good SEO and mobile optimization but suffers from critical security shortcomings due to the absence of a valid SSL certificate and modern TLS protocols. The security posture is weak, lacking essential HTTPS encryption and advanced security headers, which poses risks to user data and trust. Privacy compliance is adequate with a cookie consent mechanism and a privacy policy page, but no incident response or security policy information is provided. Overall, the website is functional and professional but requires urgent security improvements to protect visitors and enhance trust.

C

Comprehensive Nuclear-Test-Ban Treaty Organization

ctbto.org

40

The Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO) operates as an international governmental entity dedicated to monitoring and enforcing the ban on nuclear tests globally. The organization provides key services including verification regimes, international monitoring systems, data analysis, and on-site inspections, targeting member states, researchers, civil society, and media. The website reflects a professional and authoritative presence consistent with its mission and audience. Technically, the site is built on Drupal 10 with modern frameworks and is hosted behind Cloudflare, leveraging Google Analytics and other monitoring tools. The site is mobile-optimized and well-structured, though performance metrics are unavailable. Security headers are implemented, but a critical issue is the absence of a valid SSL certificate and disabled TLS protocols, which significantly impacts the security posture. Security-wise, while the organization employs good header policies and content security policies, the lack of HTTPS and proper TLS support is a major vulnerability. No incident response or security policy pages were found, and cookie consent mechanisms are missing despite tracking usage. DNS records show malformed CAA entries and no DNSSEC, which could be improved. Overall, the site is trustworthy and professional but requires urgent remediation of SSL/TLS issues and enhancement of privacy compliance mechanisms to improve security and user trust.

T

TTX

ttx.com

40

TTX is a well-established transportation company specializing in railcar pooling and maintenance services across North America. Founded in 1955, it operates a large fleet and extensive maintenance network, serving the rail industry with innovative logistics solutions. The website reflects a mature business with comprehensive service offerings and a clear market position. Technically, the site is built on WordPress with modern libraries and integrates Google Maps and analytics, but suffers from an invalid SSL certificate and lack of HTTPS enforcement, which impacts security posture. Security headers are present, but critical SSL/TLS configurations are missing, exposing the site to potential risks. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professional and trustworthy but requires urgent SSL and security improvements to meet modern standards.

S

Sony DADC Europe GmbH

sonydadc.com

40

Sony DADC Europe GmbH operates a professional and comprehensive website presenting itself as a leading end-to-end supply chain and manufacturing service provider primarily serving the entertainment industry. The company offers a broad range of services including micro optics, manufacturing, assembly and packaging, logistics, and global business services. The website is well-structured, professionally designed, and targets B2B clients requiring specialized supply chain solutions. Technically, the site is built on WordPress with common libraries such as jQuery and Swiper.js, and includes SEO optimizations and accessibility features. However, a critical security weakness is the lack of a valid SSL certificate and proper HTTPS configuration, which severely impacts the security posture and user trust. Privacy and cookie policies are comprehensive and GDPR compliant, but no incident response or vulnerability disclosure information is provided. Overall, the site is credible and trustworthy but requires urgent security improvements to protect user data and ensure secure communications.

D

dsm-firmenich

dsm.com

40

dsm-firmenich is a global enterprise combining expertise in health, nutrition, bioscience, and fragrance industries with a strong heritage of over 150 years. The company operates multiple business units serving B2B clients worldwide, with a significant workforce and substantial revenue. The website reflects a mature digital presence built on Adobe Experience Manager, integrating advanced marketing and analytics tools. However, the security posture is weakened by an invalid SSL certificate and lack of TLS support, which poses risks to user trust and data security. Privacy and cookie policies are well implemented, supporting GDPR compliance. Overall, the site is professional and trustworthy but requires urgent remediation of SSL issues to improve security and user confidence.