Security Directory

S

SCHUFA

schufa.de

48

SCHUFA is a major German credit bureau specializing in credit scoring and risk assessment services for consumers and businesses. The website is currently protected by a FriendlyCaptcha challenge, indicating active bot mitigation measures. However, the site lacks visible privacy, cookie, or terms of service policies on the captcha landing page, and no direct contact information is provided. The DNS configuration shows strong email authentication with SPF and DMARC policies, but the SSL/TLS configuration is critically lacking, with no valid certificate or secure protocols enabled. This presents a significant security risk for users and the business. The technical infrastructure relies on external captcha services and is hosted via United Domains nameservers. Performance is moderate but user experience and content quality are poor due to the captcha gate and lack of accessible content.

D

DKB AG

dkb-bank.de

56

DKB AG is a large German direct bank focused on sustainable banking services including checking accounts, loans, investments, and renewable energy financing. It holds a strong market position as one of the top 20 banks in Germany by balance sheet size and is recognized for its sustainability leadership with ISS ESG Prime-Status. The website is built on modern web technologies including Nuxt.js and Contentful CMS, offering excellent mobile optimization and user experience. However, the SSL configuration is currently misconfigured with a self-signed certificate and no supported TLS protocols, representing a significant security risk. Security headers are present but could be enhanced with better SSL/TLS setup and HSTS configuration. Overall, the bank demonstrates strong trust indicators and compliance with GDPR and cookie policies, supported by comprehensive privacy and terms of service documentation.

D

DKB Grund GmbH

dkb-grund.de

61

DKB Grund GmbH is a German real estate company specializing in property sales, financing, insurance, and investment services. With over 25 years of experience, it serves private and commercial clients across Germany. The website presents a comprehensive portfolio of services including property valuation, financing certificates, and energy-saving advice, supported by a strong regional presence and recognized industry partnerships. Technically, the site uses modern web technologies and analytics tools but currently lacks a valid SSL certificate, which impacts its security posture. The company demonstrates good GDPR compliance with a clear privacy and cookie policy and employs consent management tools. However, there is no explicit security policy or incident response information available. Overall, the website is professionally designed, user-friendly, and trustworthy, but the lack of HTTPS is a critical security gap that should be addressed promptly.

A

ABIMÓVEL

brazilianfurniture.org.br

54

Brazilian Furniture is a project supported by ABIMÓVEL and Apex-Brasil focused on promoting the Brazilian furniture manufacturing sector and design industry. The website serves as a platform for industry news, events, and export promotion, targeting furniture professionals, designers, and international buyers. The site demonstrates a moderate level of digital maturity with use of common web technologies and marketing tools but suffers from significant security shortcomings, including an invalid SSL certificate and lack of security headers. The absence of privacy and cookie policies indicates compliance gaps. Overall, the business is well positioned within its sector but should improve its digital security and compliance posture to enhance trust and protect user data.

F

Finance Forward

financefwd.com

59

Finance Forward operates as a leading German-language online media platform specializing in new finance topics such as fintech, blockchain, and banking. The website offers a comprehensive range of services including news articles, podcasts, newsletters, and event information, targeting professionals and enthusiasts in the finance sector. The business model is centered on digital content delivery with monetization through advertising and partnerships. The company maintains a strong market position as a trusted source for fintech and finance news in Germany, supported by consistent branding and high-quality content.

S

Saulės spektras, UAB

auto.lt

50

Auto.lt is a Lithuanian online business directory specializing in automotive-related companies and services. It offers comprehensive search capabilities, user reviews, expert advice, job listings, and map-based navigation to serve both businesses and consumers in Lithuania's automotive sector. The platform is operated by Saulės spektras, UAB, positioning itself as a key local player with a consistent brand and good content quality. Technically, the website uses modern JavaScript libraries, Google Analytics, and a custom CMS hosted by Hostex. While the site supports TLS 1.2 with strong cipher suites and has valid SPF and DMARC records, it lacks DNSSEC, HSTS, and OCSP stapling, which are recommended for enhanced security. The cookie and privacy policies are comprehensive and GDPR compliant, with active consent mechanisms. Performance is moderate to slow due to large page size and resource count, but mobile optimization and SEO are well addressed. Overall, the site demonstrates a solid digital presence with room for security and performance improvements.

S

Saulės spektras, UAB

turizmas.lt

44

Turizmas.lt is a Lithuanian tourism portal operated by Saulės spektras, UAB, providing a comprehensive directory of travel-related services including accommodation, rural tourism, travel agencies, and leisure activities. The platform targets both local and international tourists seeking detailed information and booking options within Lithuania. The website demonstrates a solid market position as a national tourism information hub with a medium-sized business model based on listings and advertising revenue. Technically, the site uses a modern but somewhat traditional tech stack including Google Analytics, Bootstrap, and CKEditor, hosted by Hostex.lt. Performance is moderate with good mobile optimization and SEO practices. Security-wise, the site employs a valid SSL certificate with strong cipher suites but lacks advanced DNS security features such as DNSSEC and CAA records. Cookie and privacy policies are comprehensive and GDPR compliant, with a consent mechanism implemented. However, there is no visible terms of service or incident response policy. Overall, the site is professional, trustworthy, and well-branded, but could improve security posture and transparency in some areas.

S

Saulės spektras, UAB

medicina.lt

43

Medicina.lt is a Lithuanian healthcare information portal operated by Saulės spektras, UAB, providing a comprehensive directory of medical institutions, pharmacies, medical equipment suppliers, and expert advice. The site targets Lithuanian healthcare consumers seeking medical services, products, and professional guidance. It holds a strong market position as a trusted source for healthcare-related information with multilingual support and user engagement features such as reviews and Q&A with experts. Technically, the site uses a custom CMS with JavaScript libraries, Google Analytics, and Google Maps API, hosted by Hostex. Performance is moderate with good mobile optimization and SEO practices. However, the security posture is weak due to an invalid SSL certificate and lack of HTTPS, no DNSSEC, and missing security headers, which poses risks to user data confidentiality and trust. Privacy and cookie policies are comprehensive and GDPR compliant, with explicit consent mechanisms implemented. Overall, Medicina.lt is a well-established healthcare portal with room for critical security improvements to protect users and enhance trust.

S

Saulės spektras, UAB

statyba.lt

48

Statyba.lt is a comprehensive Lithuanian online business directory specializing in the construction sector, offering company listings, expert advice, job postings, and industry articles. Operated by Saulės spektras, UAB, it serves as a key platform for connecting construction-related businesses and consumers in Lithuania. The website demonstrates a solid market position with a broad range of services and active content updates. Technically, the site uses modern JavaScript frameworks, Google Analytics, and Google Fonts, hosted by Hostex, but suffers from slow load times due to large page size and resource count. Security-wise, it employs TLS 1.2 with strong cipher suites but lacks TLS 1.3, HSTS, OCSP stapling, and DNSSEC, which are recommended for enhanced security. Privacy and cookie policies are comprehensive and GDPR compliant, with clear user consent mechanisms. Overall, the site is professional, trustworthy, and well-optimized for SEO and mobile use, though performance improvements are advisable.

P

PMHinvestments

pmhinvestments.com

52

PMH Investments is a Dutch investment company focused on small and medium-sized enterprises with strong growth potential (scale-ups). The company positions itself as an active investor providing not only capital but also strategic, financial, and coaching support to entrepreneurs. Their market niche is well-defined within the Dutch finance sector, targeting growing businesses. The website is built on WordPress with a solid SEO foundation and multilingual support, indicating a moderate level of digital maturity. However, the technical infrastructure shows weaknesses in security, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which undermines user trust and data protection. Tracking and analytics are implemented via Google Tag Manager and WPMU DEV Analytics, but no cookie consent mechanism is present, which may raise compliance concerns. Overall, the security posture is basic with significant room for improvement, especially in SSL/TLS configuration and email security policies. Strategic recommendations include securing the website with a valid SSL certificate, implementing DMARC, and enhancing transparency around privacy and security policies.

S

SoftBank Group Corp.

softbank.com

65

SoftBank Group Corp. is a leading multinational holding company specializing in technology investments and telecommunications. The company operates significant investment funds such as the SoftBank Vision Fund and Latin America Fund, focusing on AI and breakthrough technologies to drive sustainable growth. The website reflects a mature digital presence with comprehensive investor relations, sustainability initiatives, and corporate governance information. Technically, the site uses modern frameworks like Next.js and React, hosted likely on AWS infrastructure, with integrations for analytics and performance monitoring. However, the current SSL/TLS configuration is invalid, posing a critical security risk that undermines user trust and data protection. The site employs cookie consent mechanisms and maintains GDPR-compliant privacy and cookie policies. Overall, SoftBank's digital footprint is professional and content-rich but requires urgent security improvements to align with best practices.

N

Nomupay

nomupay.com

66

Nomupay is a payment solutions provider offering a comprehensive suite of services including global acquiring, online payments, payouts, and fraud prevention tools. Positioned as a global payment platform with local licenses and extensive payment method coverage, Nomupay targets businesses seeking seamless and scalable payment processing solutions. The website demonstrates a mature digital presence with WordPress CMS, Oxygen Builder, and multilingual support via TranslatePress. Integration of Google Analytics, Tag Manager, and LinkedIn Insight indicates moderate user tracking and marketing sophistication. However, the absence of a valid SSL certificate and lack of TLS support represent significant security vulnerabilities that undermine user trust and data protection. While privacy and cookie policies are present and GDPR compliant, the site lacks explicit security and incident response documentation. Overall, Nomupay presents a professional and trustworthy brand but requires urgent security improvements to safeguard its digital assets and customer data.

P

Plataforma Brasil Exportação

brasilexportacao.com.br

57

Plataforma Brasil Exportação is a comprehensive online platform operated by Apex Brasil, serving as the largest community for foreign trade in Brazil. It offers a wide range of services including logistics, financial solutions, business opportunities, export training courses, market studies, and event calendars, targeting Brazilian companies aiming to expand their export capabilities. The platform leverages modern web technologies such as WordPress, WooCommerce, Elementor, and Algolia Search to deliver a rich user experience, although its performance is currently hindered by slow load times and a lack of SSL/TLS encryption. Security posture is weak due to the absence of valid SSL certificates and essential security headers, exposing the platform to potential risks. Despite these vulnerabilities, the platform demonstrates good SEO practices and maintains a strong social media presence, enhancing its market position. Strategic improvements in security and performance are recommended to safeguard user data and improve trust.

A

ApexBrasil

investinbrasil.com.br

54

ApexBrasil operates as the Brazilian government's official trade and investment promotion agency, providing comprehensive support and information to international investors interested in Brazil. The website serves as a detailed portal showcasing Brazil's economic strengths, key investment sectors, and regional opportunities, positioning ApexBrasil as a critical facilitator for foreign direct investment. Technically, the site is built on Adobe Experience Manager, leveraging Adobe's marketing and analytics tools, but suffers from critical SSL/TLS misconfigurations that undermine its security posture. While security headers are partially implemented, the absence of a valid SSL certificate and modern TLS protocols presents significant risks. Contact information is clearly presented with official emails and physical addresses, enhancing trust. However, the lack of visible privacy, cookie, and terms of service policies indicates compliance gaps. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and maintain credibility.

I

Invalid Dynamic Link

tcssistemas.com

55

The website at tcssistemas.com currently serves an error page indicating an invalid dynamic link, with no substantive business or contact information presented. The domain is registered and uses Azure DNS hosting, but the SSL configuration is severely lacking, with no valid certificate or secure protocols enabled. There is no evidence of privacy, cookie, or terms of service policies, nor any contact or security policies. The site lacks any metadata, structured data, or scripts that would indicate a mature digital presence. Overall, the website appears non-operational or misconfigured, providing no meaningful content or business insight. The security posture is weak due to missing SSL and security headers, exposing visitors to potential risks. Performance is slow despite minimal content, and no mobile or SEO optimizations are evident.

O

Orchestra Brasil

orchestrabrasil.com.br

49

Orchestra Brasil is a Brazilian project focused on promoting and supporting the internationalization of suppliers in the furniture manufacturing industry. It acts as a bridge between Brazilian suppliers and global markets, facilitating export activities and participation in major international trade fairs. The project is well-established with over a decade of experience and supports nearly 100 qualified Brazilian companies exporting to more than 90 countries. The website serves importers, manufacturers, distributors, and retailers in the furniture sector, providing information and contact channels to engage with Brazilian suppliers. Technically, the website is built on WordPress and leverages common plugins such as Contact Form 7, Yoast SEO, and GDPR compliance tools. It uses Google Analytics and Facebook Pixel for tracking and marketing automation via Mautic. The hosting provider is KingHost, and the SSL certificate is valid but lacks advanced security configurations like HSTS and security headers. Performance is relatively slow due to a large page size and many resources, but mobile optimization and SEO are adequately addressed. From a security perspective, the site implements basic protections including SSL and invisible reCAPTCHA on forms, along with a cookie consent mechanism aligned with GDPR requirements. However, it lacks explicit privacy policies, terms of service, security policies, and incident response information. No vulnerability disclosure or security.txt files were found. The overall security posture is moderate but could be improved with enhanced HTTP headers, DNSSEC, and published security documentation. Overall, Orchestra Brasil presents a professional and consistent online presence supporting Brazilian furniture industry exporters. Strategic improvements in security and compliance documentation would enhance trust and reduce risk exposure.

P

Prêmio Salão Design

salaodesign.com.br

44

Prêmio Salão Design operates a Brazilian-focused design award platform that integrates designers and industries through contests, virtual catalogs, and galleries. The website is built on WordPress with a mature technical stack including SEO optimization and multiple marketing and analytics tools. However, the site lacks a valid SSL certificate, which poses a significant security risk to users. While cookie consent mechanisms are implemented, no explicit privacy policy or terms of service pages were found, indicating compliance gaps. The site maintains partnerships with multiple industry organizations and sponsors, reflecting a solid market presence in the design sector.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 10 security findings identified across all modules.

C

Confederação Nacional da Indústria (CNI)

portaldaindustria.com.br

57

The Portal da Indústria website serves as a comprehensive digital platform representing the Confederação Nacional da Indústria (CNI) and its associated institutions SESI, SENAI, and IEL. It provides industry news, educational resources, statistical data, and compliance information targeted primarily at the Brazilian industrial sector and related stakeholders. The site demonstrates consistent branding and a broad content offering that supports its position as a leading industry portal in Brazil. Technically, the site leverages modern JavaScript libraries and is hosted on Microsoft Azure, but suffers from critical security shortcomings including an invalid SSL certificate and lack of HTTPS enforcement. The presence of cookie consent mechanisms and privacy policy pages indicates some compliance awareness, though GDPR compliance is uncertain. Overall, the site offers good user experience and content relevance but requires urgent security improvements to protect user data and enhance trust.

D

DataSebrae

datasebrae.com.br

56

DataSebrae is a Brazilian government-affiliated platform focused on providing data intelligence and research to support micro and small businesses. It offers a variety of studies, thematic research, and infographics to help entrepreneurs and policymakers make informed decisions. The platform is linked to Sebrae, a well-known Brazilian institution supporting small businesses, which strengthens its market position and trustworthiness. Technically, the website is built on WordPress using Bootstrap and jQuery, with integrations for Google Analytics, Google Tag Manager, and Mailchimp for marketing and analytics. However, the site suffers from an invalid SSL certificate, no advanced security headers, and lacks DNSSEC, which poses security risks. The site is moderately optimized for mobile and accessibility but has slow load times. No explicit privacy, cookie, or terms of service policies were found, indicating compliance gaps. Overall, the platform serves as a valuable resource for its target audience but requires significant improvements in security and compliance to protect users and data.

D

Deen - Agência de Marketing Digital

deen.com.br

52

Deen - Agência de Marketing Digital is a small Brazilian digital marketing agency specializing in branding, social media, and website development services. The company targets businesses seeking to enhance their digital presence, primarily within Brazil. The website highlights notable clients and awards, positioning Deen as a recognized player in the digital marketing sector. Technically, the website employs multiple marketing and analytics tools such as Google Analytics, Hotjar, LinkedIn Insight Tag, and Jivochat, indicating a moderate level of digital maturity. However, the site suffers from significant security shortcomings, including an invalid SSL certificate, lack of HTTPS enforcement, and absence of essential security headers and DNS security features. These issues expose the site and its visitors to potential risks and undermine trust. Overall, while the business demonstrates good branding and content quality, the technical and security posture requires urgent improvement to align with industry best practices and regulatory compliance.

S

Short&Sweet Marketing

shortandsweet.com.br

66

Short&Sweet Marketing is a Brazilian digital marketing agency specializing in data-driven performance marketing, including SEO, inbound marketing, PPC, and lead generation. Positioned as an RD Station Silver Partner, the company demonstrates a strong market presence with over 15 years of experience and a portfolio of successful client case studies. The website reflects a professional and consistent brand image targeting businesses seeking to enhance their digital sales channels. Technically, the site is built on modern frameworks such as React and Next.js, utilizing Material-UI for UI components, and integrates various marketing and analytics tools including Google Analytics, Google Tag Manager, and reCAPTCHA for security. However, the absence of a valid SSL certificate and lack of HTTPS support represent significant security weaknesses. The site implements basic email security measures like SPF and DMARC but lacks advanced security headers and practices. Overall, the digital infrastructure supports the business model but requires urgent improvements in security to protect data and enhance user trust.

R

RBA +

rba.com.br

47

Security assessment completed with an overall score of 50/100 (unknown risk). 12 high-priority issues should be addressed promptly. Total of 25 security findings identified across all modules.

F

FoccoLOJAS

foccolojas.com.br

51

FoccoLOJAS is a specialized software-as-a-service platform focused on providing comprehensive management solutions for furniture retail stores in Brazil. The company offers a 100% web-based system that integrates all store processes from customer entry to product delivery, aiming to increase sales efficiency and profitability. Their key services include sales management, budgeting and negotiation tools, client portfolio management, mobile applications for remote management, and business intelligence analytics. The business is positioned as a trusted partner for over 2,000 furniture stores nationwide, supported by a strong brand presence and customer testimonials. Technically, the website is built on WordPress with the Elementor framework, utilizing a variety of modern web technologies and third-party integrations such as Cloudflare for DNS and CDN services, Cookiebot for cookie consent management, and multiple analytics and marketing tools including Google Analytics, Hotjar, and Microsoft Application Insights. Despite a rich technology stack, the website suffers from performance issues due to a large number of resources and lacks a valid SSL certificate, which impacts security and user trust. From a security perspective, the site has implemented SPF for email protection but lacks DMARC, DNSSEC, and CAA records, and does not have a valid SSL certificate or HSTS enabled. The extensive use of third-party tracking and marketing scripts indicates a high level of user data collection, though managed through Cookiebot's consent mechanism. No explicit security policy, incident response, or data protection officer information is found, indicating potential gaps in formal security governance. Overall, FoccoLOJAS presents a mature business with a specialized market focus and a comprehensive digital presence. However, its security posture requires significant improvements, particularly in SSL/TLS configuration and formal security policies, to enhance trust and compliance. Performance optimization and clearer contact information would also benefit user experience and credibility.

S

sysmkt.com.br is almost here!

sysmkt.com.br

52

The website sysmkt.com.br currently serves as a placeholder page hosted by DreamHost, indicating that the domain owner has not yet uploaded any website content. There is no business information, contact details, or services described on the site. The technical infrastructure is minimal, relying on DreamHost's hosting and CloudFront CDN for static content delivery. Performance is poor with a high load time relative to the minimal content served. Security posture is weak, as no SSL/TLS certificate is installed, resulting in no HTTPS support and lack of essential security headers or policies. DNS configuration is standard with valid SPF records but lacks DNSSEC and DMARC, which are important for email and domain security. Overall, the site is not production-ready and lacks any compliance or security documentation.

M

Mktnow

mktnow.com.br

57

Mktnow is a Brazilian digital marketing agency specializing in performance-driven advertising and e-commerce solutions, with a strong focus on the VTEX platform. The company offers a comprehensive suite of services including campaign management, design, development, email marketing, social media, and marketplace integration. Positioned as a medium-sized agency, Mktnow leverages partnerships with major platforms such as Google, Facebook, and HubSpot to deliver measurable results for clients. Technically, the website infrastructure is supported by Cloudflare DNS and uses multiple modern marketing and analytics tools, though performance optimization could be improved given the slow load times and large page size. Security posture is basic with a valid SSL certificate but lacks advanced protections such as HSTS, DNSSEC, and DMARC, which are recommended to enhance trust and email security. The site employs extensive user tracking via multiple analytics and marketing scripts, balanced by a cookie consent mechanism. Overall, Mktnow demonstrates a solid digital presence and marketing maturity but should address security and privacy policy gaps to strengthen compliance and user trust.

C

Contentserv

contentserv.com

63

Contentserv is an enterprise-level technology company specializing in AI-powered Product Experience Management (PXM) cloud solutions. Recently acquired by Centric Software, Contentserv offers a comprehensive suite of services including Product Information Management, Digital Asset Management, and Multichannel Publishing, targeting marketers, product teams, and IT professionals. The website is built on HubSpot CMS and integrates multiple marketing and analytics tools, demonstrating a mature digital infrastructure. However, the current SSL/TLS configuration is invalid, posing a significant security risk. While privacy and cookie policies are present and GDPR compliant, there is no explicit security policy or incident response information publicly available. Overall, the company maintains a strong market position with excellent branding and content quality but should urgently address its SSL/TLS issues and enhance transparency around security practices.

S

Spryker Systems GmbH

spryker.com

63

Spryker Systems GmbH operates a leading digital commerce platform tailored for enterprise B2B, B2C, and marketplace solutions. Recognized as a leader by Gartner and IDC, Spryker offers a modular, cloud-capable commerce stack that supports diverse business models and sophisticated commerce needs. The company targets enterprise clients seeking scalable and extensible commerce technology with a strong partner ecosystem. Technically, the website is built on WordPress with integrations including HubSpot, Google Analytics, and Cloudflare for hosting and DNS. While the site demonstrates good SEO and content quality, performance is slow with a high load time and large page size. Mobile optimization is good, but accessibility could be improved. From a security perspective, Spryker has implemented SPF and DMARC DNS records, indicating attention to email security and domain protection. However, the SSL certificate is invalid or missing, and no TLS protocols are enabled, which is a critical security concern. Other best practices like HSTS, DNSSEC, and OCSP stapling are not implemented, reducing the overall security posture. Overall, Spryker presents a strong market position and business model but should urgently address its SSL/TLS configuration and enhance security headers to protect its digital assets and customer trust. The website's comprehensive privacy and cookie policies, along with consent mechanisms, reflect good compliance with GDPR requirements.

S

Sylius

sylius.com

61

Sylius is a leading open source headless eCommerce platform targeting mid-market and enterprise brands requiring custom solutions. It leverages modern development practices and Symfony framework to provide a highly customizable and scalable platform. The company maintains a strong community with over 650 contributors and 7000+ merchants using its solutions. Technically, the website is built on WordPress with integrations of modern tools like API Platform, Docker, Kubernetes, and various analytics and marketing services. Security posture is good with valid SSL, SPF, and DMARC records, though improvements like enabling HSTS and DNSSEC are recommended. The site demonstrates extensive tracking and marketing activities, balanced with privacy compliance mechanisms. Overall, Sylius presents a professional, trustworthy, and technically mature digital presence.

S

SecureServer

secureserver.net

65

SecureServer.net operates as a comprehensive web services provider specializing in domain registration, hosting, website building, email, SSL certificates, and website security solutions. The company targets a broad audience including businesses, resellers, and individual customers, offering a reseller program and multi-market support. Their market position is that of an established enterprise-level provider with a global footprint and a focus on reseller sales. The website content and structure reflect a professional and consistent brand with good quality content and user experience.

S

Sendcloud

sendcloud.dev

52

Sendcloud is a technology company specializing in shipping automation and logistics integration through a developer-focused API platform. Their developer portal provides comprehensive API documentation and supports integration with over 50 platforms and 80 carriers, positioning them as a significant player in the e-commerce shipping technology sector. The website targets developers and businesses looking to streamline shipping processes via API integrations. Technically, the site is built using the Hugo static site generator, hosted on AWS infrastructure, and employs modern TLS protocols with a wildcard SSL certificate. Performance is moderate with good mobile optimization and basic SEO and accessibility features. Security posture is solid with no known SSL vulnerabilities and support for TLS 1.3, but lacks advanced security headers, HSTS, DMARC, and OCSP stapling. The site includes a cookie consent mechanism and links to a privacy policy but lacks visible terms of service, security policy, or incident response information. Overall, the site demonstrates a good level of professionalism and trustworthiness but could improve security and compliance transparency.

G

group.one

jobs.one

62

group.one is a large technology company operating primarily in the DACH region, providing a broad range of IT services including domain registration, web hosting, cloud servers, digital marketing, and SaaS solutions. The company supports over 1,300 employees and serves more than one million customers through multiple brands. Their market position is strong with a diversified portfolio of partner brands and a focus on customer success and team development. Technically, the website uses modern web technologies including a Teamtailor recruitment widget and a consent management platform, but lacks a valid SSL certificate and several security best practices, which impacts the overall security posture. The cookie consent mechanism and privacy notice indicate good GDPR compliance, but the absence of security policies and incident response information suggests room for improvement in security governance. Overall, the website is professionally designed with good user experience and trust indicators, but the technical security gaps present a moderate risk that should be addressed.

P

Profihost GmbH

profihost-status.com

63

Profihost GmbH operates a status page providing real-time and historical operational information for its cloud and hosting services. The company targets its customers and subscribers who require transparency on service availability. The website leverages the Hund.io platform for status management and is hosted by Dogado GmbH. The technical infrastructure includes standard web fonts, cookie consent mechanisms, and Google Analytics for tracking. However, the website lacks a valid SSL certificate and modern TLS support, which poses security risks. Privacy policies and terms of service are linked but hosted externally, with GDPR compliance noted but not fully ensured. Overall, the site demonstrates moderate digital maturity but requires significant security improvements.

K

KAMP Netzwerkdienste GmbH

kamp.de

61

KAMP Netzwerkdienste GmbH is a medium-sized German IT service provider specializing in colocation, cloud services, and data center operations. The company holds multiple ISO certifications including ISO 27001 and ISO 14001, positioning itself as a trusted and certified provider in the German market, particularly in the Ruhr region. Their offerings include server housing, private server rooms, cloud-based virtual data centers, and specialized health-care IT services, targeting businesses requiring secure and flexible IT infrastructure solutions. The company enjoys a strong market position, recognized by industry awards and analyst reports such as ISG Provider Lens. Technically, the website is built on TYPO3 CMS with Bootstrap framework, employing modern web technologies and a cookie consent mechanism compliant with GDPR. Performance is moderate with good mobile optimization and SEO practices. Security posture is solid with strong TLS 1.2 configuration and no known vulnerabilities, though improvements are recommended in email authentication (DMARC), DNS security (DNSSEC), and HTTPS hardening (HSTS). Overall, KAMP demonstrates a mature digital presence aligned with its business focus on secure and certified IT infrastructure services.

A

AGIQON GmbH

agiqon-shopware.de

49

AGIQON GmbH is a specialized full-service Shopware agency based in Germany, focusing on B2B and medium-sized enterprises. They hold a strong market position as a Shopware Platinum Partner with extensive certifications and a portfolio of over 200 projects and 100 custom plugins. Their services encompass strategic consulting, technical implementation, and ongoing support for Shopware 6 e-commerce platforms. Technically, the website is built on HubSpot CMS with integrations for marketing and analytics tools such as Google Tag Manager and Facebook Pixel. However, the site currently suffers from critical security shortcomings including an invalid SSL certificate, lack of modern TLS protocols, and missing DNS security features like DNSSEC and DMARC. Despite these issues, the site demonstrates good privacy compliance with GDPR-aligned cookie consent mechanisms and a comprehensive privacy policy. The overall digital maturity is moderate with room for improvement in security and performance.

W

Webmatch

webmatch.de

59

Webmatch is a Cologne-based e-commerce agency with over 15 years of experience, specializing in tailored e-commerce strategies and platform implementations for B2C, D2C, and B2B clients. The company holds a strong market position as a Shopware Gold Partner and a trusted partner for major clients such as Toyota, TAMRON, ADAC, and Wolters Kluwer. Their service portfolio includes business consulting, UX & design, tech development, growth & engagement, and data management. Technically, Webmatch leverages modern technologies including Shopware, commercetools, Algolia, and Storyblok, hosted on specialized platforms like maxcluster, and employs best practices in web performance and accessibility. Security-wise, the website uses strong TLS configurations and SPF/DMARC email protections but lacks DNSSEC, CAA records, and HSTS enforcement. Cookie consent is managed via Usercentrics, ensuring GDPR compliance. Overall, Webmatch demonstrates a mature digital infrastructure with a professional and trustworthy online presence.

I

IFRS Foundation

ifrs.org

61

The IFRS Foundation is a globally recognized non-profit organization dedicated to developing and promoting international accounting and sustainability disclosure standards. It operates through two main boards, the IASB and ISSB, serving a diverse audience including academics, investors, regulators, and preparers. The Foundation maintains a strong market position with adoption in over 140 jurisdictions and offers licensing, digital subscriptions, and professional credentials as part of its service portfolio. Technically, the website is built on Adobe Experience Manager, hosted on Microsoft Azure, and integrates modern analytics and user experience tools such as Adobe Analytics, Google Tag Manager, and Hotjar. The site demonstrates good performance and accessibility standards with a comprehensive cookie consent mechanism and privacy policy aligned with GDPR requirements. Security posture is solid with modern TLS protocols, valid SPF and DMARC records, and OCSP stapling, though improvements are recommended in DNS security and email policy enforcement. Overall, the IFRS Foundation website reflects a mature digital presence with high-quality content, consistent branding, and robust trust indicators.

R

RegioHelden GmbH

stroeer-online-marketing.de

64

RegioHelden GmbH, operating under the brand Ströer Online Marketing, is a large German media company specializing in local and measurable online marketing services for small and medium-sized enterprises. They hold a strong market position as one of the largest providers in Germany, offering a broad portfolio including Google Ads, SEO, directory listings, website creation, and social media advertising. Their digital presence is supported by a modern WordPress-based infrastructure with integrated analytics and consent management tools, reflecting a mature digital marketing operation. Security-wise, the company employs good SSL configurations, DNS security records like SPF and DMARC, and a comprehensive cookie consent mechanism, although there is room for improvement in HTTP security headers and vulnerability disclosure practices. Overall, the company demonstrates a high level of professionalism and trustworthiness, with clear contact channels and strong branding.

S

Ströer X GmbH

stroeer-x.de

50

Ströer X GmbH is a large German-based outsourcing partner specializing in dialog marketing, sales, and customer experience services. As part of the Ströer Group, it leverages the strength of a major corporation combined with the agility of a mid-sized service provider. The company offers a broad portfolio including customer service, digital transformation, social media management, and value-added services such as chat software and AI automation. Their market position is strong within media and related sectors, serving clients across multiple industries including e-commerce, energy, financial services, telecommunications, and tourism. Technically, the website is built on TYPO3 CMS and integrates modern marketing and analytics tools like Google Tag Manager, TikTok Pixel, and HubSpot forms, with GDPR-compliant cookie consent managed by Cookiebot. However, the site currently lacks a valid SSL certificate and modern TLS support, which is a critical security concern. Security policies such as SPF and DMARC are properly configured, but DNSSEC and other advanced DNS security measures are absent. Overall, the company demonstrates good digital maturity but needs to address fundamental security gaps to protect user data and maintain trust.

E

Edgar Ambient Media Group GmbH

edgar.de

64

Edgar Ambient Media Group GmbH is a leading German media company specializing in integrated digital and analog advertising solutions across high-traffic indoor urban touchpoints. With over 60,000 advertising carriers, the company holds a strong market position as a premier provider of DOOH, Ambient, and Live Media campaigns. Their business model focuses on authentic communication solutions for advertisers targeting urban audiences. Technically, the website is built on Webflow with modern JavaScript libraries for animation and smooth user experience, supported by a managed hosting provider. However, the current SSL/TLS configuration is invalid, which poses a significant security risk despite the presence of HSTS and email authentication records. The company demonstrates good privacy compliance with GDPR-aligned policies and consent mechanisms. Overall, Edgar Ambient Media Group GmbH presents a professional and trustworthy digital presence with room for critical security improvements.

S

Ströer Media Deutschland GmbH

stroeer-direkt.de

58

Ströer Media Deutschland GmbH operates as a leading regional online and outdoor advertising provider in Germany, offering a broad portfolio of advertising media including street, station, shopping center, and airport placements, as well as digital marketing services such as Google Ads, SEO, and native advertising. The company holds a strong market position as a major German advertising marketer with exclusive media spaces across cities and municipalities. Technically, the website is built on WordPress with a custom theme and plugins, leveraging Matomo for privacy-conscious analytics and Klaro for cookie consent management. However, the site lacks a valid SSL certificate and modern TLS configurations, which poses a significant security risk. The DNS setup uses Cloudflare but does not implement DNSSEC or CAA records, further limiting DNS security. While privacy compliance is well addressed through cookie consent and a comprehensive privacy policy, the absence of terms of service, security policies, and incident response information indicates gaps in transparency and security governance. Overall, the website demonstrates good content quality, user experience, and branding consistency but requires urgent improvements in transport security and security headers to protect user data and enhance trust.

S

Ströer SE & Co. KGaA

stroeer.com

65

Ströer SE & Co. KGaA is a leading German media company specializing in Out-of-Home (OOH) advertising, digital advertising, dialog marketing, and e-commerce services. Listed on the MDAX, Ströer holds a strong market position in Germany with a comprehensive portfolio of advertising solutions supported by subsidiaries and partner companies. The company emphasizes sustainability and diversity, aiming for CO2 neutrality by 2025 and fostering an inclusive work environment. Technically, the website is built on TYPO3 CMS with modern frontend technologies like Alpine.js and uses Cloudflare for DNS and CDN services. Analytics are managed via Matomo, and cookie consent is handled by Cookiebot, ensuring GDPR compliance. Security posture is solid with valid SSL certificates, SPF and DMARC records, but lacks advanced DNS security features like DNSSEC and CAA records. The site does not currently publish a security policy or incident response plan publicly. Overall, the website demonstrates a professional, trustworthy, and well-maintained digital presence aligned with business goals and regulatory requirements.

P

PwC-Stiftung

galerie-pwc-stiftung.de

61

The PwC-Stiftung website galerie-pwc-stiftung.de serves as a digital gallery and archive showcasing 20 years of cultural and educational projects and programs supported by the PwC-Stiftung foundation in Germany. The foundation focuses on promoting cultural education and youth engagement through funding and running various initiatives. The website is professionally designed with good content relevance and navigation, targeting educational institutions, cultural organizations, and youth audiences. Technically, the site uses modern web technologies with deferred JavaScript and CSS, hosted on a provider identified as netzhaut. Security posture is moderate with valid TLS protocols but lacks advanced security features such as HSTS, DNSSEC, and DMARC, which are recommended for improvement. Privacy policy is present and GDPR compliant, but no cookie consent mechanism or terms of service are found. Overall, the site is trustworthy and well-positioned as a non-profit educational foundation's digital presence.

S

SOCIAL POINTS gemeinnützige GmbH

sops.de

51

SOCIAL POINTS gemeinnützige GmbH operates the SOPS platform, a German-language online service dedicated to supporting and promoting non-profit organizations, especially community and social engagement groups. The platform enables non-profits to present themselves, receive digital donations, and build a community with features like messaging and a social points system. The company holds a strong position in the German non-profit sector, supported by partnerships with reputable foundations and local government entities. Technically, the website is built on TYPO3 CMS with common web technologies such as jQuery and Slick Carousel, but suffers from performance issues and lacks a valid SSL certificate, which impacts security and user trust. The site implements GDPR-compliant cookie consent and uses Google Analytics and Google Tag Manager for analytics and marketing purposes. Security posture is weak due to missing HTTPS and modern security headers, though DNS records show good email authentication practices.

M

MSP Medien Systempartner GmbH & Co. KG

medien-systempartner.de

58

MSP Medien Systempartner GmbH & Co. KG is a specialized IT consulting and software development company serving the media industry, particularly in the DACH region. With approximately 25 years of experience, MSP offers SAP IS/Media solutions, application management, and integration of digital platforms such as Piano and Lineup. The company holds a strong market position as a trusted partner for media houses undergoing digital transformation. Technically, the website is built on WordPress with modern plugins and uses a valid SSL certificate, though security headers and advanced TLS configurations could be improved. The security posture is moderate with good SPF and DMARC email protections but lacks HSTS and other HTTP security headers. Overall, MSP demonstrates a professional online presence with good content quality and user experience but could enhance security and privacy compliance by implementing cookie consent and security policies.

S

Score Media Group

scoremedia.de

55

Score Media Group operates as a national marketing platform for regional media brands in Germany, focusing on over 420 regional daily newspaper titles and associated digital and print media. The company targets advertisers and agencies seeking crossmedia advertising solutions, leveraging a strong market position with a comprehensive portfolio and high audience reach. Technically, the website is built on WordPress with modern plugins and frameworks, but performance is slow and some technical optimizations are possible. Security posture is generally good with modern TLS support and valid SPF records, but lacks advanced protections such as HSTS, DNSSEC, and OCSP stapling. Privacy compliance is addressed with a cookie consent mechanism and a comprehensive privacy policy. Overall, the company demonstrates a mature digital presence with room for security and performance improvements.

P

Paperform

dubble.so

53

Dubble is a technology company specializing in automated documentation tools that capture user workflows and convert them into step-by-step guides, videos, and screenshots. Positioned as a niche SaaS provider, Dubble targets individuals and teams seeking to simplify documentation and onboarding processes. The company operates under the parent company Paperform and offers its services primarily through a Chrome extension and web platform. The website demonstrates a strong brand presence with excellent content quality and user experience, supported by modern web technologies such as React and Next.js. Technical infrastructure leverages Cloudflare for DNS and likely CDN services, with integration of Google Analytics and Tag Manager for marketing and analytics purposes. Security posture is adequate with a valid SSL certificate and DMARC email protection, but lacks advanced security headers, DNSSEC, and HSTS enforcement. Privacy and terms of service policies are present and GDPR compliant, though no cookie consent mechanism was detected. Overall, the company shows a mature digital presence with room for security enhancements and improved transparency around incident response and vulnerability disclosure.

P

Paperform

papersign.com

59

Paperform operates Papersign, a secure and user-friendly electronic signature platform designed to simplify document signing for individuals and businesses. The company positions itself as a design-conscious and powerful solution that integrates seamlessly with its core form-building product, Paperform. The website demonstrates a mature digital presence with modern technologies such as React and Gatsby, hosted on AWS, and employs multiple analytics and marketing tools to optimize user engagement and conversion. Security is a key focus, with compliance to major eSignature regulations and SOC 2 certification, although some improvements in security headers and DNS configurations are recommended. Overall, Paperform maintains a strong market position with clear pricing, comprehensive content, and robust trust indicators, supporting a medium-sized technology business model.

F

Free email accounts with mail.com | Log in here or register today

mail.com

75

mail.com operates as a webmail service provider offering email hosting and access services to a broad audience. The website content analyzed is primarily a consent management page, indicating a focus on privacy compliance mechanisms, although no explicit privacy policy or terms of service were found on this page. The business appears to be established with a large user base, leveraging DNS infrastructure managed by GMX DNS servers and employing standard email security protocols such as SPF and DMARC with a quarantine policy. From a technical perspective, the website uses JavaScript-based consent management scripts and iframe sandboxing to handle cookie consent. However, the SSL/TLS configuration is critically lacking, with no valid certificate and no enabled TLS protocols, which severely impacts secure communications. DNSSEC is not enabled, and CAA records are malformed, indicating gaps in DNS security hardening. Performance is slow with a high page load time and moderate resource usage. Security posture shows strengths in email authentication (SPF, DMARC) and HSTS enforcement with preload, but major weaknesses in SSL/TLS deployment and DNS security. No security policy or incident response contacts are published, limiting transparency and readiness. Overall, the site demonstrates moderate trustworthiness but requires urgent improvements in SSL/TLS and DNS security to protect user data and maintain compliance. Strategic recommendations include immediate renewal and proper configuration of SSL certificates, enabling modern TLS protocols, fixing DNS CAA records, enabling DNSSEC, and publishing comprehensive privacy and security policies. Enhancing these areas will improve user trust, compliance posture, and reduce risk exposure.

G

GMX

gmx.de

68

GMX is a leading German FreeMail and media portal offering a wide range of services including free email accounts, cloud storage, news, entertainment, and affiliate cashback programs. The website targets German-speaking users and maintains a strong market position with comprehensive content and service offerings. Technically, the site employs modern JavaScript frameworks, modular scripts, and SVG graphics, hosted primarily by 1&1 IONOS. However, the SSL/TLS configuration is currently invalid, which poses a significant security risk. The site implements good privacy and cookie policies compliant with GDPR, but lacks explicit public security or incident response policies. Advertising and tracking are extensively used, including Adition and Criteo networks. Overall, the website is professionally designed with good user experience and content relevance, but requires urgent security improvements to protect user data and trust.