Security Directory

Z

zero

zero.de

22

zero.de is a German e-commerce website specializing in women's fashion, offering a wide range of clothing and accessories for leisure, business, and festive occasions. The brand emphasizes feminine, authentic, and sustainable fashion, targeting women who value quality and modern design. The website is professionally designed with clear navigation and good content relevance, supporting a medium-sized retail business model in Germany. Technically, the site runs on a Shopware platform with Apache and PHP backend, using various third-party marketing and analytics tools. However, the absence of a valid SSL certificate and HTTPS is a critical security flaw that undermines user trust and data protection. The site uses secure cookie flags but without HTTPS, limiting their effectiveness. No explicit security or incident response policies are found, indicating room for improvement in security governance. Overall, the website is functional and credible but requires urgent security enhancements to meet modern standards.

A

Abramson, Brown and Dugan Law

arbd.com

19

Abramson, Brown and Dugan is a specialized law firm based in New Hampshire focusing on medical malpractice and personal injury cases. The firm holds a strong market position in the state, recognized for winning more malpractice settlements and verdicts than any other local firm. Their website provides comprehensive information about their services, recent settlements, attorney profiles, and client testimonials, targeting individuals seeking legal representation for serious injury and malpractice claims. The business model centers on plaintiff legal services with a focus on compassionate client engagement and free consultations. Technically, the website is built on WordPress using the Enfold theme and integrates common technologies such as jQuery, Google Tag Manager, Google Analytics, and Google reCAPTCHA for form security. While the site is mobile optimized and SEO friendly, performance metrics indicate slow loading times, and accessibility features are basic. The site lacks a valid SSL certificate, resulting in no HTTPS support, which is a significant security concern. DNS records are missing or not publicly visible, which is inconsistent with the active website presence. Security posture is weak due to the absence of HTTPS, missing DNSSEC, CAA, and HSTS configurations, and lack of security headers. No privacy, cookie, or terms of service policies are found, indicating compliance gaps with GDPR and other privacy regulations. The site uses Google reCAPTCHA to protect forms but lacks a formal security or incident response policy. Overall, the site demonstrates strong business credibility and content quality but requires urgent improvements in security and privacy compliance. Strategically, the firm should prioritize obtaining and configuring a valid SSL certificate, properly configuring DNS records, and publishing comprehensive privacy and cookie policies. Enhancing security headers and implementing vulnerability disclosure mechanisms would further improve trust and compliance. These steps will reduce risk, improve user trust, and align the firm with modern security and privacy standards.

P

Pizzeria Uno Corporation

unos.com

21

Uno Pizzeria & Grill is a well-established restaurant brand known for inventing the original Chicago deep dish pizza in 1943. The website reflects a large hospitality business with a focus on dine-in, takeout, catering, and online ordering services. The brand maintains a consistent and professional online presence with good content quality and clear navigation. However, the technical infrastructure shows some weaknesses, including the absence of HTTPS, which is a critical security flaw. The site uses a variety of modern web technologies and marketing tools but suffers from slow performance and lacks a cookie consent mechanism. Security posture is basic with no valid SSL certificate, no HSTS, and no advanced security headers implemented. Privacy compliance is minimal with a basic privacy policy but no explicit cookie policy or consent. Business credibility is moderate with strong branding and social media presence but lacks explicit contact details on the main page. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

SCHOLLENBERGER Kampfmittelbergung GmbH is a specialized service provider in ordnance and explosive material recovery operating primarily in Austria and Germany. Established in 2009 and employing around 380 staff, the company offers comprehensive services including surface and depth probing, aerial image evaluation, and diving operations. It is part of the SOCOTEC Group, which enhances its market position and operational capabilities. The website presents detailed business information and service descriptions targeting industrial, governmental, and private clients requiring ordnance clearance and related environmental services. Technically, the site is built on TYPO3 CMS with modern frontend libraries but suffers from critical security shortcomings such as lack of HTTPS and DNS misconfigurations. These issues undermine trust and expose the site to risks. No privacy or cookie consent mechanisms are implemented, which may affect GDPR compliance. Overall, the business is credible and professional, but the digital infrastructure requires urgent security and technical improvements.

The website horustechnology.com is currently inaccessible, serving an HTTP 403 Forbidden error indicating directory access is blocked or no index document is present. There is no visible content, metadata, or business information available on the site. The absence of DNS records and a valid SSL certificate further indicates that the domain is either misconfigured or inactive. Due to these factors, the website's technical infrastructure is minimal and lacks modern security and compliance features. The security posture is weak, with no HTTPS support, no security headers, and no evidence of privacy or cookie policies. Overall, the site presents a high risk and low trustworthiness profile, limiting its utility for business or customer engagement.

F

Fluidtime Data Services GmbH

fluidtime.com

40

Fluidtime Data Services GmbH is a medium-sized Austrian company specializing in Mobility-as-a-Service (MaaS) solutions and sustainable mobility management tools. Positioned as a pioneer in the transportation technology sector, Fluidtime offers tailored software platforms that enable businesses and organizations to implement green mobility projects efficiently. Their website is professionally designed, content-rich, and targets organizations aiming to achieve sustainability goals through innovative mobility services. The company maintains a strong partnership network and active social media presence, enhancing its market credibility. Technically, the website is built on WordPress with the Enfold theme and supports multilingual content via WPML. It employs modern JavaScript libraries such as jQuery and integrates Matomo Analytics for privacy-conscious user tracking. SEO is enhanced through Yoast SEO plugin, and the site is mobile-optimized with good accessibility features. However, performance metrics are not explicitly available. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, representing a critical vulnerability. No modern TLS protocols or security headers like HSTS are enabled, which exposes users to potential risks. Cookie consent mechanisms and GDPR-compliant privacy policies are well implemented, reflecting good privacy compliance. Contact information is clearly provided, but no explicit security or incident response policies are found. Overall, while Fluidtime demonstrates strong business credibility and technical maturity in content and privacy compliance, the absence of HTTPS significantly undermines its security posture. Addressing this critical issue should be a top priority to protect user data and maintain trust.

Z

Zertifizierungsstelle ERC

e-r-c.at

40

ERC is a European certification body specializing in the railway sector, offering comprehensive vehicle approval services primarily in the German-speaking region of Europe. Their key services include TSI conformity assessment as a Notified Body, ECM certification, and DeBo and AsBo evaluations. The website is professionally designed using Joomla CMS with a Bootstrap framework, providing clear navigation and relevant content in German with English alternatives. Technically, the site uses a valid SSL certificate but lacks modern TLS protocol support and advanced security headers, which slightly reduces its security posture. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR explicit indicators. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and trustworthy but would benefit from security and privacy improvements.

F

Frankenberg-Metallrecycling GmbH

fmr.ag

39

Frankenberg-Metallrecycling GmbH is a well-established family-owned metal recycling company based in Germany, specializing in the recycling and trading of zinc, tin, lead, and other metals. With over 65 years of experience and a certified waste disposal status, the company serves industrial and commercial clients across Europe, offering sustainable recycling solutions and related services. The website reflects a medium-sized business with a clear focus on metal recycling and environmental compliance. Technically, the website runs on an Apache server with legacy JavaScript libraries such as jQuery 1.10.2 and includes Google Analytics for tracking. However, the absence of HTTPS and modern security headers significantly weakens the site's security posture. The site is basic in mobile optimization and accessibility, with no CMS or advanced frameworks detected. Performance metrics are unavailable, indicating potential monitoring gaps. From a security perspective, the lack of SSL/TLS encryption is a critical vulnerability, exposing users to data interception risks. No advanced security policies or incident response contacts are published, and cookie consent mechanisms are missing despite cookie usage. The domain registration data is consistent with the business claims, supporting legitimacy. Privacy policies exist but are basic, and GDPR compliance is implied but not explicitly detailed. Overall, the website is functional and professional but requires urgent security improvements, especially HTTPS implementation and enhanced privacy compliance. Strategic recommendations include upgrading security infrastructure, implementing cookie consent, modernizing the tech stack, and publishing clear security and incident response policies to build trust and compliance.

H

Herbst Kinsky Rechtsanwälte

herbstkinsky.at

35

Herbst Kinsky Rechtsanwälte is a medium-sized Austrian law firm specializing in economic, corporate, and financial law with offices in Vienna and Linz. The website presents a professional image with clear business descriptions, targeting businesses and professionals seeking legal advisory services in Austria. The firm offers a broad range of legal services including M&A, venture capital, banking and capital markets law, and labor law. Technically, the website is built on WordPress with a custom theme and SEO framework, but suffers from a critical lack of HTTPS due to an invalid SSL certificate, which severely impacts security posture. The site lacks modern TLS protocols, security headers, and cookie consent mechanisms, which are important for compliance and user trust. Overall, the website is functional and well-structured but requires urgent security improvements to protect user data and enhance trust.

K

Kommunikationskunst

kommunikationskunst.at

31

Kommunikationskunst is a small Austrian marketing and communication agency led by Robert Seeger, with over 15 years of experience in innovative marketing solutions. The company offers a range of services including employer branding, keynotes, workshops, social media management, creative campaigns, and seminars. The website reflects a professional and consistent brand image targeting businesses seeking bold and effective communication strategies. Technically, the site is built on WordPress using OptimizePress and Yoast SEO, but suffers from a critical lack of HTTPS, impacting its security posture significantly. While the site includes basic privacy and cookie policies with GDPR consent mechanisms, it lacks explicit security and incident response policies. Overall, the business appears legitimate and established, but the absence of SSL/TLS is a major security concern that should be addressed promptly.

S

Studiokon Ventures Private Limited

skvindia.com

18

Studiokon Ventures Private Limited (SKV India) is a medium-sized, ISO-certified interior design firm specializing in commercial office interiors and turnkey solutions across India. With over 15 years of experience, SKV offers comprehensive services including design & build, general contracting, financing solutions, and office fit-outs. The company targets businesses seeking modern, functional, and inspiring workspaces, positioning itself as a leading player in the Indian office interior design market. Technically, the website is built on WordPress with a modern tech stack including PHP 7.4, NitroPack for optimization, and various marketing and analytics tools. However, the site lacks HTTPS, which is a critical security gap. The security posture is weak due to absence of SSL, HSTS, and security headers, though no immediate vulnerabilities or exposed sensitive data were found. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

L

Logwin AG

logwin-logistics.com

40

Logwin AG operates an international logistics and transportation services website offering a broad range of services including sea freight, air freight, warehousing, and transport management. The company targets businesses requiring reliable logistics solutions and positions itself as a professional and dedicated provider with a worldwide network. The website is built on TYPO3 CMS and uses modern frontend technologies such as jQuery and Fancybox, providing a good user experience with clear navigation and professional design. However, the technical infrastructure shows weaknesses, notably the absence of a valid SSL certificate and lack of TLS protocol support, which significantly impacts the security posture. Security headers are partially implemented, and privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is limited to a contact form, with no explicit emails or phone numbers found. Overall, the website is functional and professional but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

J

Jung Eco Building Solutions GmbH

jung-ingenieure.com

37

Jung Eco Building Solutions GmbH is a specialized engineering consultancy focused on climate engineering, green building design, and energy consulting primarily serving clients such as builders, planners, and architects in Germany. The company offers tailored energy and climate concepts, building envelope optimization, and certification services for sustainable buildings. Their market position is that of a niche player in the energy and sustainability sector with a small company size and a professional online presence. Technically, the website is built on WordPress with common libraries like Bootstrap and jQuery, but lacks HTTPS and modern security configurations, which is a significant risk. The absence of cookie consent mechanisms and incident response information indicates partial GDPR compliance. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

REFLECTIONS Research & Consulting is a small consulting firm based in Austria, led by Franz Kühmayer, offering expertise, consulting services, visionary insights, references, and keynote speaking. The website is minimalistic with basic content and navigation but lacks critical security and privacy features. Technically, the site runs on Apache with simple HTML and CSS, but it lacks HTTPS and modern security headers, exposing visitors to potential risks. No privacy or cookie policies are present, and no contact information is provided, which impacts trust and compliance. Overall, the website's security posture is weak, and the digital maturity is low, requiring urgent improvements to secure communications and comply with privacy regulations.

The website rublys.com currently serves only a minimal placeholder page indicating hosting on host22.ssl-gesichert.at with no meaningful content or business information. The technical infrastructure is basic, running on Apache with an outdated PHP 5.3.29 version and no SSL/TLS certificate, resulting in unencrypted HTTP traffic. DNS records show standard MX entries using Google and Zendesk mail services, but no DNSSEC or CAA records are configured. Security posture is weak due to lack of HTTPS, missing security headers, and no HSTS policy. There are no privacy or cookie policies, no contact information, and no visible business or compliance documentation. Overall, the site appears inactive or improperly configured for public use, presenting significant security and trust concerns.

C

CTP Chemisch Thermische Prozesstechnik GmbH

ctp-airpollutioncontrol.com

18

CTP Chemisch Thermische Prozesstechnik GmbH is a well-established Austrian company specializing in industrial air pollution control solutions with 40 years of experience. The company offers customized turnkey systems for air purification, VOC emission control, and hazardous pollutant removal, serving a global industrial clientele. Their website reflects a professional presence with clear business information and a focus on environmental technology. Technically, the site is built on Drupal 8 with modern web components but lacks a valid SSL certificate, which is a critical security shortfall. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. However, the absence of HTTPS significantly undermines the site's security posture and trustworthiness. Strategic improvements in SSL implementation and enhanced security headers are recommended to elevate the site's security and compliance standing.

F

Flexprint (part of delfortgroup AG)

delfortflexibles.com

30

Flexprint is a medium-sized, family-owned manufacturing company specializing in flexible packaging solutions for food, non-food, and tobacco products primarily in Eastern Europe. The company is part of the larger delfortgroup AG and has over 14 years of experience with a strong market presence in 40 countries and 200 clients. The website is built on WordPress using the Salient theme and WPBakery page builder, with a moderate level of technical sophistication but lacks a valid SSL certificate, which is a critical security concern. The site implements a cookie consent mechanism compliant with GDPR and links to a comprehensive privacy policy hosted on the parent company's domain. However, there is no visible terms of service or incident response policy. Security posture is weak due to missing HTTPS and modern TLS protocols, no HSTS, and lack of security headers. Business credibility is supported by multiple certifications and positive customer testimonials. Strategic improvements in security infrastructure and transparency policies are recommended to enhance trust and compliance.

S

Solstein Film & Production Services

kultig.at

17

KULTIG Werbeagentur is a small full-service advertising agency based in Innsbruck, Austria, specializing in creative and regional marketing solutions. The company offers a broad range of services including strategy, graphic design, screen design, web development, content marketing, and event services. Their market position is that of a regional creative agency with a strong local presence and a diverse portfolio of projects. Technically, the website is built on WordPress using Elementor and several modern web technologies, but suffers from critical security misconfigurations such as the absence of a valid SSL certificate and missing DNS records, which impacts trust and security posture. The site is accessible without WAF or blocking mechanisms, but lacks cookie consent mechanisms despite using analytics tools. Contact information and social media presence are well presented, supporting business credibility. Overall, the website is professional in design and content but requires urgent improvements in security and privacy compliance to enhance trustworthiness and user safety.

A

Aug. RATH jun. Gmbh

rath.at

25

RATH Austria is a well-established manufacturer specializing in high-quality chamotte stones and related refractory products for heating and stove systems, with a history spanning over 130 years. The company targets stove builders, dealers, and industrial clients primarily in Austria and Europe. Their website is built on TYPO3 CMS and provides comprehensive product and service information, including planning services for stove builders. However, the technical infrastructure shows critical security gaps, notably the absence of HTTPS, which exposes users to significant risks. The site employs some security headers but lacks modern SSL/TLS protocols and DNS records, indicating potential configuration issues. Privacy compliance is partial, with a privacy policy and terms of service present but no cookie consent mechanism. Overall, the business credibility is solid, but the security posture requires urgent improvement to protect user data and maintain trust.

E

EFM Versicherungsmakler AG

efm.at

24

EFM Versicherungsmakler AG is a leading insurance brokerage firm in Austria, serving both private and commercial clients with a wide range of insurance products and services. The company positions itself as the number one insurance broker in Austria with over 75 locations and more than 120,000 customers. Their business model focuses on independent insurance comparison and personalized local broker services. The website is built on TYPO3 CMS with Bootstrap and jQuery, featuring a professional design and good navigation, targeting German-speaking Austrian customers. However, the technical infrastructure shows weaknesses, notably the lack of a valid SSL certificate and the use of an outdated PHP version, which pose significant security risks. Cookie consent and privacy policies are implemented, reflecting GDPR compliance efforts. The site integrates Google Analytics and Facebook Pixel for analytics and marketing purposes, with moderate user tracking.

lautstark gmbh is a specialized below-the-line communications agency founded in 2003, focusing on live communication and brand experiences for premium clients including world brands and market leaders. The company positions itself as a creative activist agency delivering personalized, reliable, and impactful brand activations. The website reflects a professional and consistent brand image with comprehensive content and clear navigation targeting German-speaking audiences. Technically, the site is built on WordPress with Yootheme framework, hosted on Hetzner, and uses modern tools like Google reCAPTCHA and Matomo analytics. However, the absence of a valid SSL certificate and HTTPS is a critical security flaw that undermines user trust and data protection. Privacy compliance is well addressed with detailed policies and consent mechanisms. Overall, the business demonstrates strong market positioning but must urgently address security shortcomings to maintain credibility and protect user data.

D

DRK-Kreisverband Nordwestmecklenburg e. V.

drk-nwm.de

35

DRK-Kreisverband Nordwestmecklenburg e. V. is a regional non-profit organization providing a wide range of social, healthcare, emergency, and community services in the Nordwestmecklenburg area of Germany. The website serves as an information portal for their services, events, and engagement opportunities, targeting local residents, families, seniors, and volunteers. The organization is part of the larger Deutsches Rotes Kreuz network, emphasizing humanitarian aid and social support. Technically, the website is built on TYPO3 CMS and hosted by dt-internet.de, but it lacks a valid SSL certificate, which is a critical security shortfall. The site includes cookie consent mechanisms and uses Google Analytics with IP anonymization, indicating some privacy compliance efforts. However, the absence of HTTPS and modern security headers exposes the site to risks and undermines user trust. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect visitors and comply with best practices.

K

Kirchliche Pädagogische Hochschule Edith Stein

kph-es.at

34

The Kirchliche Pädagogische Hochschule Edith Stein is a regional educational institution in Austria specializing in teacher training and pedagogical education. It operates across four locations in western Austria and offers a range of study programs, continuing education, and research activities. The website is professionally designed and targets prospective and current educators, social pedagogues, and related professionals. The institution is positioned as a reputable academic entity with a clear focus on education and professional development. Technically, the website is built on TYPO3 CMS and uses Apache server technology. It integrates Google Tag Manager for analytics but lacks HTTPS, which is a critical security shortfall. The absence of SSL/TLS encryption exposes users to potential data interception risks and undermines trust. Privacy compliance is partially addressed with a comprehensive privacy policy, but no cookie consent mechanism is evident. Contact information is provided primarily via a contact page and footer address, with no direct emails or phone numbers visible on the main page. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

R

Raiffeisen Informatik Technical Services GmbH

ri-s.at

40

Raiffeisen Informatik Technical Services GmbH is a specialized IT service provider focused on delivering on-site user support and field services primarily for the Raiffeisenbanken group, RBI Konzern, and UNIQA in Austria. The company positions itself as a market leader in providing high-quality, timely, and competent IT and security services tailored to banking and insurance sectors. Their service portfolio includes security technology, banking technology, print management, IT services, and telecommunications. The website content and branding consistently reflect their business focus and certifications, including ISO 9001 and ISO 27001, underscoring their commitment to quality and security. Technically, the website is built on WordPress with Apache server infrastructure and uses jQuery and custom JavaScript for interactivity. DNS is managed via Cloudflare secondary nameservers, but the SSL/TLS configuration is critically lacking, with no valid certificate installed and no TLS protocols enabled, which severely impacts the security posture. Performance metrics indicate slow loading, and while mobile optimization is good, accessibility and SEO optimizations are basic. Security-wise, the site implements several important HTTP security headers such as Content Security Policy, X-Frame-Options, and X-XSS-Protection, but these are undermined by the absence of HTTPS. The lack of OCSP stapling, session resumption, and certificate transparency compliance further weakens the security stance. No cookie consent mechanism or incident response contact information is present, which may affect privacy compliance and incident handling readiness. Overall, the website demonstrates a moderate level of professionalism and business credibility but suffers from critical security configuration issues that must be addressed urgently. Strategic improvements in SSL/TLS deployment, privacy compliance, and incident response transparency are recommended to enhance trust and security posture.

The website cismogroup.com currently serves as a minimal placeholder with no substantive content or business information. The site lacks essential elements such as privacy policies, contact details, and meaningful metadata. Technically, it is hosted on an Apache server but does not support HTTPS due to the absence of a valid SSL certificate, which critically undermines its security posture. The security headers present are insufficient to compensate for the lack of encryption and modern TLS protocols. Overall, the site exhibits poor digital maturity and minimal user engagement features. The lack of forms, social media links, or analytics indicates a very basic or inactive web presence. Security risks are elevated due to missing SSL and weak security configurations, and no compliance with privacy regulations is evident. Strategic recommendations include immediate SSL implementation, content development, and privacy compliance to improve trust and security.

EREMA Engineering Recycling Maschinen und Anlagen Ges.m.b.H. is a leading Austrian manufacturer specializing in plastic recycling machinery and systems. Founded in 1983, the company has established itself as a global market leader with over 7000 systems deployed worldwide, producing millions of tons of recycled granulate annually. Their business model focuses on manufacturing innovative recycling machines, providing customer testing centers, and offering digital solutions to optimize recycling processes. The website reflects a professional and comprehensive digital presence targeting industrial clients and businesses in the recycling sector. Technically, the website employs modern frontend technologies including Bootstrap, jQuery, GSAP, and various UI libraries, hosted likely via A1 Telekom Austria infrastructure. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security shortfall. Performance data is missing, and while mobile optimization and SEO are good, accessibility is basic. Privacy and cookie policies are well implemented with consent mechanisms, indicating good GDPR compliance. From a security perspective, the absence of HTTPS and modern TLS protocols severely impacts the site's security posture, exposing users to potential risks. Other security headers and best practices are missing, and no incident response or vulnerability disclosure information is provided. The domain registration details align well with the company's claims, supporting legitimacy. Overall, while the business and content quality are excellent, the critical lack of HTTPS and SSL significantly lowers the security score and overall trustworthiness. Strategic improvements in security infrastructure are essential to protect users and maintain the company's reputable market position.

Z

zustellpartner.at

zustellpartner.at

40

zustellpartner.at is a specialized regional job platform based in Austria, focusing on providing self-employed newspaper and food delivery jobs primarily in the regions of Steiermark, Kärnten, and Osttirol. The website targets pensioners, students, job seekers, and early risers looking for flexible part-time work. The business model revolves around connecting job seekers with delivery opportunities on a self-employed basis, emphasizing flexible scheduling and local engagement. The site is well-positioned within its niche market, offering clear job listings and application pathways.

ENERGIEALLIANZ Austria GmbH is a well-established energy sales and trading company founded in 2001, serving millions of customers in Austria and abroad with electricity, natural gas, and related services. The website reflects a mature digital presence built on TYPO3 CMS with modern web technologies and a focus on sustainability and customer service. Security posture is strong with HTTPS, secure cookies, and OCSP stapling, though improvements like HSTS and security.txt could enhance it further. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Contact information is transparent and includes multiple channels. Overall, the site demonstrates professionalism, trustworthiness, and good technical implementation.

X

x.test GmbH

xtest.at

22

x.test GmbH is a specialized company in electronic measurement technology based in Austria, founded in 2010. The company offers a range of products and consulting services focused on electronic measurement, emphasizing quality and customer trust. The website is built on WordPress with modern plugins and frameworks, providing a professional and user-friendly experience. However, the absence of an SSL certificate and HTTPS significantly impacts the security posture, exposing users to potential risks. The site implements GDPR-compliant cookie consent mechanisms and provides clear privacy and terms of service pages, reflecting good privacy compliance. Overall, the business appears legitimate and well-positioned in its niche, but security improvements are critical.

M

M.O.O.CON GmbH

moo-con.com

29

M.O.O.CON GmbH is a leading consulting firm specializing in sustainable buildings, service, and change processes. The company focuses on creating identity-forming work, learning, and cultural environments that contribute significantly to business success, user satisfaction, and environmental sustainability. Their market position is strong within the German-speaking region, targeting corporate clients across various sectors including facility management, human resources, and organizational development. The website reflects a professional and comprehensive presentation of their services and projects, supported by active social media engagement and content marketing through blogs and whitepapers. Technically, the site is built on TYPO3 CMS with modern web fonts and widgets, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and HTTPS support. This exposes visitors to potential risks and undermines trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility and content quality are high, but urgent security improvements are necessary to align with best practices and protect user data.

M

Matin

matin-gallery.com

20

Matin is a small, specialized art gallery established in 2004 by Robert and Christina Odegard in Los Angeles, California. The business focuses on artisan jewelry, bronze sculptures, custom furniture, and contemporary art, targeting art collectors and design enthusiasts. The website reflects a professional design with consistent branding and a clear navigation structure, although content is somewhat limited to product categories and contact information. Technically, the site is built on the icompendium CMS platform with a React frontend and hosted on a DigitalOcean IP. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. Privacy and cookie policies are absent, and Google Analytics is not fully configured, indicating gaps in privacy compliance and analytics maturity. Security headers are minimal, and modern TLS protocols are unsupported, exposing the site to potential risks. Overall, the site demonstrates moderate business credibility but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

B

Biofaction KG

biofaction.com

33

Biofaction KG is a small interdisciplinary research and science communication company based in Austria, specializing in emerging sciences, technologies, and art-science collaborations. The company offers a range of services including research projects, integrated communication, public engagement events, training, and media production. Their market position is niche, focusing on bridging science and society through innovative communication and artistic approaches. The website is built on WordPress using the Divi theme and incorporates modern web technologies such as PHP 8 and jQuery, with integrations for Mailchimp and Contact Form 7 for marketing and contact purposes. However, the site lacks HTTPS, which is a critical security vulnerability that undermines user trust and data protection. Privacy and cookie policies are present and appear GDPR compliant, with clear contact information and social media presence enhancing business credibility. Performance data is missing, suggesting potential issues with site speed or monitoring. Overall, the site is professionally designed and content-rich but requires urgent security improvements to meet modern standards.

M

mlu-recordum Environmental Monitoring Solutions GmbH

recordum.com

24

JCT NextGen AQMS is a specialized provider of air quality monitoring solutions, leveraging the acquisition of mlu-recordum to offer innovative and cost-effective environmental monitoring products. The company operates under the JCT Group umbrella, which includes subsidiaries focused on gas sampling, liquid sampling, and process analytics. The website presents a professional and consistent brand image targeting industrial and environmental sectors, primarily in Austria. Technically, the site is built on WordPress with Elementor and uses Borlabs Cookie for GDPR-compliant cookie management. However, the absence of a valid SSL certificate and HTTPS implementation is a significant security shortfall. While privacy policies and contact information are well presented, the lack of explicit security policies, incident response, and vulnerability disclosure pages indicates room for improvement in security transparency. Overall, the site is functional and informative but requires urgent security enhancements to protect users and improve trust.

The website scheer-management.com currently hosts minimal content, displaying only the text 'scheerids docroot', which suggests it is a placeholder or under construction. There is no visible business description, services, or navigation structure, limiting the ability to assess the company's market position or offerings. The only contact information found is an email address in the HTTP headers, indicating a point of contact but no public-facing contact details on the site itself. Technically, the site is served by an Apache server but lacks a valid SSL certificate, resulting in no HTTPS support and no modern TLS protocols enabled. Security headers are partially implemented but insufficient to ensure robust protection. DNS records are standard but lack DNSSEC and CAA configurations. Overall, the website's digital maturity is low, with poor performance and no SEO or accessibility optimizations. The security posture is weak due to missing HTTPS and incomplete security configurations, posing risks to user trust and data protection. The domain registration appears consistent and legitimate, but the lack of content and security measures significantly reduces the website's credibility and trustworthiness.

Austria Trend Hotels is a well-established hospitality company operating multiple hotels across Austria and Slovenia, targeting both leisure and business travelers. The website provides comprehensive hotel listings, booking capabilities, and event services, supported by a modern technical infrastructure including Pimcore CMS and various tracking and marketing tools. However, the lack of a valid SSL certificate is a critical security weakness that undermines user trust and data protection. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is clearly presented. Overall, the site demonstrates strong business credibility and user experience but requires urgent security improvements.

CME Group Inc. operates as a leading global derivatives marketplace, offering a diverse range of futures and options products for risk management across multiple asset classes including agriculture, energy, equity indices, FX, interest rates, and metals. The company serves a broad audience of traders, investors, and financial institutions, providing comprehensive market data, clearing services, and technology solutions. The website reflects a mature, enterprise-level organization with consistent branding and high-quality content tailored to its professional audience. Technically, the website leverages modern technologies such as React, jQuery, and Adobe Experience Manager, hosted via Akamai CDN, and integrates various marketing and analytics tools including Google Tag Manager, Evergage, and OneTrust for cookie consent. The site is well-optimized for mobile and accessibility, with good SEO practices evident in meta tags and structured data. From a security perspective, while the site employs important security headers and cookie protections, the SSL/TLS configuration appears incomplete or misreported in the provided data, lacking valid certificates and modern protocol support. This represents a significant security concern that should be addressed promptly to ensure secure communications and user trust. Overall, CME Group's website is professional, content-rich, and business credible, but requires immediate attention to its SSL/TLS implementation to align with best security practices and maintain its high trustworthiness in the financial sector.

M

Mag. Boris Zalokar & Elke Blümel-Zalokar, MSc

ambros-zalokar.at

25

The website ambros-zalokar.at represents a small healthcare service provider specializing in psychological therapy, coaching, biofeedback, and corporate health management primarily serving clients in Austria. The business is positioned as a regional psychological practice with a focus on both individual and corporate clients, offering a broad range of mental health and workplace wellness services. The website content is well-structured, professionally presented, and provides clear contact information and service descriptions, targeting individuals and companies seeking psychological and health management support. Technically, the site is built on the IONOS MyWebsite CMS platform, leveraging Apache server technology and CDN services for content delivery. However, the site lacks HTTPS support due to an invalid or missing SSL certificate, which critically impacts security posture and user trust. Performance metrics are not provided, but the site is likely slow given the chunked transfer encoding and lack of optimization indicators. Mobile optimization is good, and basic SEO practices are in place, though accessibility features are minimal. From a security perspective, the absence of HTTPS and modern TLS protocols is a significant vulnerability. While some security headers are present, the lack of SSL/TLS encryption, HSTS, and incident response contact information exposes the site to risks. No privacy or cookie policies are published, indicating non-compliance with GDPR and related privacy regulations. No analytics or tracking scripts were detected, suggesting minimal user tracking. Overall, the website presents a credible business with professional content but suffers from critical security and privacy compliance gaps. Strategic improvements in SSL deployment, privacy policy publication, and security best practices are essential to enhance trust and protect user data.

G

Gesundheitscampus Wesel

mehrdrinalserwartet.de

29

Gesundheitscampus Wesel is a large healthcare organization based in Germany, providing a broad range of medical, nursing, and therapeutic services through an integrated campus model. The website reflects a professional and consistent brand focused on healthcare professionals and patients, emphasizing family-friendly work culture and digital transformation. Technically, the site is built on TYPO3 CMS with modern front-end frameworks and includes social media and analytics integrations. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and privacy policy. Overall, the site is functional and professional but requires urgent security improvements to protect user data and trust.

M

Mixed Reality I/O

mixed-reality.io

40

Mixed Reality I/O operates a professional and content-rich website focused on augmented reality, virtual reality, 3D modeling, and AI consulting and development services. The company targets businesses seeking spatial computing strategies and innovative digital experiences. Their market position is supported by a history dating back to 2008, international experience, and notable client partnerships. Technically, the website is built on WordPress with a modern plugin ecosystem, supporting multilingual content and interactive 3D models. However, the absence of HTTPS and proper SSL configuration represents a critical security vulnerability, exposing users to risks and undermining trust. Privacy compliance is addressed with cookie consent and a comprehensive privacy policy, but incident response and security policies are not evident. Overall, the website demonstrates strong business credibility and user experience but requires urgent security improvements to meet industry standards.

Lohmann & Rauscher USA Inc. is a prominent international supplier specializing in medical devices and hygiene products, targeting healthcare professionals and patients. The company offers a broad portfolio including compression therapy, wound care, casting materials, and educational items. Their market position is strong, supported by recent acquisitions such as Unisurge International Ltd. and the teledermatology startup OnlineDoctor, indicating active growth and innovation. The website is professionally designed with comprehensive content and clear navigation, reflecting a mature digital presence. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and frameworks, but performance data is lacking and the site is currently not secured with HTTPS, which is a critical security gap. Security posture is weak due to the absence of a valid SSL certificate and lack of advanced security headers or policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Business credibility is high given the detailed contact information, structured data, and active corporate communications. Overall, the site requires urgent security improvements to protect user data and enhance trust.

I

IC Group A/S

icgroup.net

39

IC Group A/S is a retail company specializing in fashion brands such as Tiger of Sweden and By Malene Birger. The company was publicly traded until 2019 when it was fully acquired by Friheden Invest A/S and subsequently delisted. The website serves primarily as a repository for historical financial statements, corporate responsibility reports, and data ethics documentation. The target audience includes investors, stakeholders, and customers interested in the company's brands and corporate governance. Technically, the website is built using the One.com Web Editor CMS and hosted on One.com infrastructure, with Apache and Varnish servers. However, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a significant security concern. No privacy or cookie policies are present, indicating potential compliance gaps with GDPR and other privacy regulations. Contact information is clearly provided, including emails, phone numbers, and physical addresses for IC Group and its brands. Overall, the website is functional but requires urgent security and privacy improvements to meet modern standards.

O

Otago Online Consulting GmbH

contentcook.at

26

Otago Online Consulting GmbH is a well-established Austrian online marketing agency specializing in SEO, SEA, social media marketing, display and video advertising, and data analytics. The company has a strong market position with a clear growth strategy including acquisitions such as Content Cook. Technically, the website is built on WordPress with modern marketing and analytics tools integrated, but lacks a valid SSL certificate, which is a critical security gap. The security posture is basic with no advanced headers or incident response information published. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website is professional and trustworthy but urgently needs to implement HTTPS to improve security and trust.

A

Agenda Austria

agenda-austria.at

35

Agenda Austria is an established independent think tank based in Austria, focusing on economic and socio-political research and analysis. The organization provides a variety of content including publications, graphics, podcasts, and events aimed at policymakers, academics, and the interested public. Their market position as the first independent think tank in Austria specializing in these areas is supported by a consistent and professional online presence. Technically, the website is built on WordPress with a modern tech stack including caching, SEO optimization, and consent management tools. The site is well-structured, mobile-optimized, and offers good user experience with clear navigation and rich content. However, the SSL/TLS configuration is currently inadequate, lacking a valid certificate and modern protocol support, which poses a security risk. Security-wise, the site implements several important HTTP security headers and uses reCAPTCHA for form protection, but the absence of valid HTTPS and modern TLS protocols significantly lowers its security posture. Privacy compliance is strong, with clear privacy and cookie policies and GDPR-compliant consent mechanisms. Overall, the website is trustworthy and professional but requires urgent improvements in SSL/TLS security to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing domain security with DNSSEC and CAA records.

The website headstart-marketing.de is currently a reserved domain hosted by STRATO, displaying a placeholder page with no business content or services. The domain is registered with German name servers and has no active content or contact information, indicating it is not yet operational. Technically, the site is served over HTTP without a valid SSL certificate, lacking modern security protocols and headers, which poses significant security risks. There are no privacy or cookie policies, no forms, and no analytics or tracking technologies implemented. Overall, the site is in an initial state with minimal digital maturity and poor security posture. Strategic recommendations include obtaining a valid SSL certificate, implementing security headers, and publishing essential compliance documents before launching any business operations.

The website profcon.com presents a minimal online presence with only a basic HTML page containing the domain name and no additional content or metadata. The lack of privacy policies, contact information, and business details suggests the site is either under development or abandoned. Technically, the site is served by an Apache server but lacks a valid SSL certificate, resulting in no HTTPS support and a poor security posture. DNS records are configured with basic mail exchange and SPF records but lack advanced security features such as DNSSEC or CAA. Overall, the site demonstrates very low digital maturity and minimal business credibility.

din – Dietmar Nocker Sicherheitstechnik GmbH & Co KG is a medium-sized Austrian company specializing in emergency lighting solutions with over 40 years of industry experience. The company offers a comprehensive portfolio including product development, systems, and service support, targeting businesses requiring compliant emergency lighting. Their market position is strong in Austria and neighboring countries, supported by multiple locations and a professional online presence. Technically, the website is built on WordPress with multilingual support and privacy-conscious analytics via Matomo. However, the lack of a valid SSL certificate and HTTPS implementation is a critical security shortfall, exposing users to risks and undermining trust. The company demonstrates good privacy compliance with detailed cookie consent mechanisms and GDPR-aligned policies. Overall, the business is credible and professional but must urgently address its security posture to protect users and maintain trust.

Vienna Capital Partners (VCP) is an established independent corporate finance advisory firm operating primarily in Central, Eastern, and Southeastern Europe with offices in Vienna and Warsaw. The company specializes in mergers and acquisitions, strategic advisory, capital advisory, and related financial services targeting large and mid-sized corporations, private equity funds, entrepreneurs, and family offices. Their market position is strong within their niche, supported by a professional website showcasing detailed transaction references and senior professionals. Technically, the website is built on WordPress with common plugins and frameworks but suffers from an invalid SSL certificate, which undermines its security posture. The site is mobile optimized and provides clear contact information but lacks advanced security headers and explicit security or incident response policies. Overall, the business credibility is good, but security improvements are necessary to enhance trust and compliance.

Berufsförderungsinstitut Burgenland (BFI Burgenland) is a regional vocational education and training provider based in Austria, specializing in continuing education, certifications, and workforce development services. The website targets individuals seeking professional development and companies aiming to qualify their workforce. The business holds several certifications and maintains a consistent brand presence with clear contact information and social media engagement. Technically, the site is built on the Contao CMS platform, utilizing common JavaScript libraries and hosted on servers associated with your-server.de and second-ns.de DNS providers. However, the website lacks a valid SSL certificate and HTTPS configuration, which is a critical security shortfall. Security headers are partially implemented, and cookie consent mechanisms are in place, indicating some privacy compliance efforts. Overall, the site offers good content quality and user experience but requires urgent security improvements to protect user data and enhance trust.

K

Katun Corporation

katun.com

37

Katun Corporation is a well-established global provider of OEM-compatible imaging supplies, photoreceptors, and parts for copiers, printers, and multifunction printers (MFPs). With over 45 years in the industry, Katun serves a broad B2B audience including distributors and businesses worldwide. The company emphasizes quality, cost savings, and service levels, supported by a professional and content-rich website that highlights its global reach and product offerings. Technically, the website is built on WordPress with modern SEO and marketing tools such as Yoast SEO and Visual Website Optimizer, and supports multiple languages via WPML. However, the site suffers from a critical security deficiency: the absence of a valid SSL/TLS certificate and HTTPS support, which severely impacts its security posture and trustworthiness. Additionally, no cookie consent mechanism is present despite the use of tracking scripts, indicating partial privacy compliance. Overall, the business credibility and content quality are strong, but the security shortcomings require urgent remediation.

S

Stadtgemeinde Amstetten

amstetten.at

34

The website amstetten.at serves as the official online portal for the Stadtgemeinde Amstetten, a municipal government entity in Austria. It provides residents and visitors with comprehensive information about city administration, services, events, and public resources. The site targets local citizens and stakeholders, offering key services such as event announcements, service directories, job postings, and public transportation information. The business model is that of a government entity focused on public service delivery and community engagement. Technically, the website is built on the WordPress CMS platform, utilizing common plugins such as Yoast SEO for search optimization, WP Statistics for analytics, and Complianz for GDPR-compliant cookie management. The site employs Apache as the web server and includes JavaScript libraries like jQuery and RoyalSlider for interactive features. While the site is mobile-optimized and accessible, performance data is incomplete, and the site currently lacks a valid SSL certificate, resulting in no HTTPS support. From a security perspective, the absence of a valid SSL certificate is a critical vulnerability, exposing users to potential data interception risks. The site does not implement modern TLS protocols, HSTS, or OCSP stapling, which are essential for secure communications. However, no known vulnerabilities such as Heartbleed or POODLE were detected. Privacy compliance is strong, with a clear cookie consent mechanism and a comprehensive privacy policy aligned with GDPR requirements. Overall, the website is a well-structured and professionally maintained municipal portal with good content quality and user experience. The primary risk lies in the lack of HTTPS, which should be addressed urgently to protect user data and enhance trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern security protocols, and enhancing security headers to improve the site's security posture and compliance.