Security Directory

B

Boxcar

boxcar.com

39

Boxcar is a regional transportation company specializing in commuter bus services and complementary local services such as grill cleaning, knife sharpening, and auto detailing. The company targets commuters in the New Jersey and New York City metropolitan area, offering reserved seating, Wi-Fi, and other amenities to enhance the commuting experience. The website presents a professional and consistent brand image with clear service offerings and customer testimonials, positioning Boxcar as a trusted local transportation provider. Technically, the website is built on the Webflow platform, leveraging modern frontend technologies including jQuery and Google Fonts, and is hosted behind Cloudflare. While the site is mobile-optimized and well-structured, performance data is missing, and the SSL/TLS configuration is critically deficient, lacking a valid certificate and modern protocol support. This represents a significant security risk. From a security perspective, the absence of HTTPS and TLS protocols severely undermines the site's security posture, exposing users to potential data interception and undermining trust. Although privacy and terms of service policies are present and comprehensive, the lack of a cookie consent mechanism despite active tracking scripts indicates partial privacy compliance. Contact information is clearly provided, supporting business credibility. Overall, Boxcar's website demonstrates good content quality and business credibility but suffers from critical security shortcomings that must be addressed urgently to protect user data and maintain trust. Strategic improvements in SSL/TLS deployment and privacy compliance will significantly enhance the site's security and compliance posture.

Nissan Motor Corporation operates a comprehensive global website that serves as a central hub for corporate information, sustainability initiatives, investor relations, innovation, and career opportunities. The company is a major player in the transportation industry with a strong global brand and a focus on sustainable mobility and advanced automotive technologies. The website targets a broad audience including consumers, investors, partners, and potential employees. Technically, the site employs a modern technology stack including jQuery, Swiper.js, Google Tag Manager, and OneTrust for cookie consent, indicating a mature digital infrastructure. The site is mobile optimized and well-structured for user experience and SEO. Security posture is strong with HTTPS enforced and use of standard security best practices, although explicit security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site reflects a high level of professionalism and trustworthiness consistent with a large multinational corporation.

P

Permapack AG

permapack.ch

26

Permapack AG is a Swiss family-owned manufacturing and trading company specializing in high-quality products such as labels, adhesive tapes, films, sealants, and garden articles. The company serves various sectors including food, cosmetics, industry, construction, and retail, offering both standard products and customized solutions. Their business model combines B2B sales with an online shop and extensive production services. The website reflects a medium-sized enterprise with a consistent brand presence and strong trust indicators such as awards and social media engagement. Technically, the site uses a custom e-commerce platform with modern JavaScript libraries and tracking tools, hosted by IP-Plus AG. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to risks and limiting secure communications. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Overall, the site is professional and trustworthy but requires urgent security improvements.

M

Music Direct

musicdirect.com

40

Music Direct operates as a specialized e-commerce retailer focusing on high-end audio equipment and audiophile music products, including vinyl records and turntables. The company positions itself as a leading online destination for audiophiles and music enthusiasts, offering a broad catalog of equipment and music media. Their business model centers on direct online sales, supported by customer service, trade-in programs, and financing options. The website reflects a mature digital presence with comprehensive product offerings and clear navigation tailored to their target audience. Technically, the website is built on the BigCommerce platform using the Stencil framework, leveraging modern web technologies such as jQuery, Bootstrap, and OwlCarousel. The site integrates multiple marketing and analytics tools including Google Analytics 4, Klaviyo, Lucky Orange, and Yotpo, indicating a sophisticated approach to customer engagement and data-driven marketing. Hosting is provided via Cloudflare, enhancing performance and availability. From a security perspective, the site exhibits significant weaknesses. Despite Cloudflare hosting, the SSL certificate is invalid or missing, and no TLS protocols are enabled, resulting in unencrypted HTTP traffic. Security headers such as X-Frame-Options and X-Content-Type-Options are present, but critical HTTPS enforcement and HSTS configurations are lacking. These deficiencies expose the site and its users to potential interception and downgrade attacks. Privacy and cookie policies are well implemented with consent mechanisms, reflecting compliance with GDPR and related regulations. Overall, while the business and technical infrastructure are solid and professional, the lack of proper SSL/TLS configuration is a critical security gap that undermines user trust and data protection. Addressing this issue should be a top priority to ensure secure transactions and compliance with industry standards.

T

Transsystem Spółka Akcyjna

transsystem.pl

32

Transsystem Spółka Akcyjna is a Polish manufacturing company specializing in the production and general contracting of technological transport systems, primarily serving the tire industry, intralogistics, and e-commerce sectors. With over 31 years of market presence and a portfolio of international projects, the company maintains a solid market position supported by partnerships with major industry players such as Michelin, Goodyear, and Bridgestone. The website reflects a professional business model focused on manufacturing and technological transport solutions. Technically, the site is built on WordPress with common plugins like Yoast SEO and Contact Form 7, and it integrates Google Tag Manager and reCAPTCHA for analytics and security. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, exposing users to potential risks. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to align with best practices.

Laserer alpin OG is a specialized alpine travel and training company founded in 1989 in Graz, Austria, now headquartered in Gosau. The company offers a wide range of mountain-related services including ski tours, climbing courses, trekking, and expeditions worldwide, supported by certified mountain guides. It holds the Gütesiegel der Alpinschulen Österreichs, reflecting high quality standards. The website is professionally designed with comprehensive content targeting outdoor enthusiasts and adventure travelers. Technically, the site runs on WordPress with WooCommerce and integrates marketing tools like Rapidmail and Google Analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, lowering the overall security posture significantly. Privacy and cookie policies are well implemented and GDPR compliant, enhancing user trust. Business information is transparent and consistent with domain registration data, supporting legitimacy. Strategic improvements in security infrastructure are recommended to enhance trust and compliance.

L

LIMAK Austrian Business School GmbH

limak.at

35

LIMAK Austrian Business School is a well-established educational institution in Austria specializing in executive education and leadership development. With over 30 years of experience, LIMAK offers a broad portfolio of academic programs including various MBA tracks, university courses, inhouse corporate training, and digital learning solutions. The institution targets professionals and companies seeking advanced management and leadership skills. The website reflects a mature digital presence with rich content, testimonials, and strong branding aligned with its market position. Technically, the site is built on WordPress with WooCommerce and uses modern plugins and CDN services, but suffers from critical SSL/TLS misconfigurations that undermine security. Privacy compliance is well addressed with cookie consent and GDPR-aligned policies. Overall, LIMAK presents a credible and professional business front but must urgently address its HTTPS and SSL issues to protect users and maintain trust.

I

iSimulate

isimulate.com

40

iSimulate is a specialized company providing clinical education technology solutions focused on simulation products for healthcare training. Their product family includes modular simulation ecosystems, fetal heart rate monitor simulators, point of care device simulators, and training manikins. The website presents a professional and consistent brand image targeting healthcare educators and simulation trainers globally. Technically, the site uses modern JavaScript libraries and is hosted on AWS infrastructure, but critically lacks HTTPS support, exposing users to security risks. Privacy compliance is basic with a cookie consent banner and a linked privacy policy, but no terms of service or security policies are evident. The security posture is weak due to missing SSL/TLS and security headers, which should be addressed urgently to protect user data and trust. Overall, the site is functional and informative but requires significant security improvements to meet modern standards.

U

Unitedprint SE

unitedprint.com

38

Unitedprint SE operates as a major European web-to-print service provider, offering a range of print-related services including web-to-print shops, print material supply, and production partnerships. The company maintains multiple brands and portals targeting print industry professionals and businesses seeking print solutions. The website is built on WordPress with a modern theme and multilingual support, reflecting a mature digital presence. However, the technical infrastructure lacks a valid SSL certificate, which impacts security and user trust. Security posture is basic with no advanced headers or HTTPS enforcement, and privacy compliance is partial with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and professional but requires improvements in security and privacy to meet modern standards.

insideAx GmbH is a small Austrian technology company specializing in digital transformation services, focusing on simplifying business processes primarily through Microsoft Dynamics 365 ERP and CRM solutions. Their target market includes retail and manufacturing sectors, offering consulting, project implementation, support, and productivity tools. The website is professionally designed with good content quality and clear navigation, supporting German language users. Technically, the site uses modern frontend libraries such as Bootstrap 5, jQuery, and Swiper.js, hosted on Cloudpit infrastructure with a custom CMS. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, exposing the site to risks and reducing trust. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, but no explicit security or incident response policies are found. Overall, the site is functional and credible but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

A

Austrian Institute of Economics and Social Philosophy

austrian-institute.org

25

The Austrian Institute of Economics and Social Philosophy is a small non-profit organization focused on promoting classical liberal social philosophy and Austrian economics primarily to a German-speaking audience. The website serves as an educational platform offering blogs, videos, podcasts, and events such as the Austrian Academy. The organization is funded by donations and maintains a professional online presence with consistent branding and active social media channels. Technically, the website is built on WordPress with modern plugins and page builders, but lacks a valid SSL certificate, which is a critical security flaw. The absence of HTTPS significantly undermines the site's security posture despite good privacy compliance and cookie consent mechanisms. No explicit security or incident response policies are published, and no phone contact is provided, only an official email address. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

E

Eti

etietieti.com

39

Eti is a well-established Turkish food manufacturing company with a strong market presence and a diverse product portfolio including biscuits, chocolates, and health-oriented food products. The website serves as a comprehensive corporate portal providing product information, recipes, corporate governance details, career opportunities, and social responsibility initiatives. The site targets consumers interested in quality food products and healthy nutrition, leveraging a consistent brand identity and multiple language options for international reach. Technically, the website is built on ASP.NET WebForms and uses modern JavaScript libraries for UI enhancements. However, performance metrics are lacking and the site suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, which significantly impacts user trust and security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR requirements. Social media integration and partner links enhance the brand's digital ecosystem. Overall, Eti's website is professional and content-rich but requires urgent security improvements to meet modern standards.

R

Rail Cargo Group

railcargo.com

40

Rail Cargo Group is a well-established rail logistics provider operating primarily in Europe and Asia, offering a broad range of freight and logistics services including wagon loads, intermodal and multimodal logistics, and railway operations. The company targets businesses requiring efficient rail freight solutions and maintains a strong market position supported by its parent company ÖBB. Technically, the website employs modern JavaScript libraries and custom corporate scripts, with a focus on accessibility and SEO, though performance data is unavailable. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, despite good security header implementation. Privacy compliance is supported by a comprehensive privacy policy and GDPR adherence, with Matomo analytics used for privacy-conscious tracking. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

S

SVD Büromanagement GmbH

svdgmbh.at

40

SVD Büromanagement GmbH is a medium-sized Austrian company specializing in providing comprehensive management and support services across multiple sectors including construction, procurement, IT, facility management, printing, information security, payroll, and legal services. The company primarily serves government and social insurance institutions, positioning itself as a key regional player with a strong focus on public sector needs. The website reflects a professional and consistent brand presence with clear navigation and relevant content tailored to its target audience of government agencies, suppliers, and job seekers. Technically, the site employs modern JavaScript libraries such as jQuery 3.6.0 and Jakarta Faces framework, hosted on Apache servers with a CMS likely based on Gentics. However, performance is slow and SSL/TLS security is critically lacking due to an invalid or missing certificate and disabled TLS protocols. Security headers are present but insufficient to compensate for the lack of HTTPS, resulting in a low security posture score. Privacy compliance is strong with comprehensive privacy and cookie policies and an active consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and build trust.

IMAS International is a mature Polish market research company established in 1998, specializing in quantitative and qualitative research services including internet-based CAWI studies, CATI telephone surveys, and ethnographic research. The company targets businesses and organizations seeking data-driven insights to support decision-making. Their website reflects a professional presence with consistent branding and good content quality, offering reports, publications, and a panel internetowy service. Technically, the site is built on WordPress with common plugins for forms, slideshows, and marketing integrations such as Mailmunch and Jetpack. However, the site lacks HTTPS support, which is a significant security concern. No privacy or cookie policies are found, and contact information is limited to forms without explicit emails or phone numbers. Security posture is weak due to missing SSL/TLS and security headers, though no active vulnerabilities or malware are detected. Overall, the website is functional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

R

rieg marketing

rieg-marketing.de

22

rieg marketing is a small German marketing consultancy specializing in creative marketing, communication, and promotional services primarily for the sporting goods, marine, and fashion industries. The company offers tailored marketing strategies, project management, public relations, promotions, and visual merchandising services. The website is built on WordPress and uses common plugins such as Contact Form 7 and Cookie Law Info for user interaction and compliance. While the website content is professional and well-structured, the technical infrastructure lacks a valid SSL certificate, resulting in no HTTPS support, which is a significant security concern. Cookie consent mechanisms and a privacy policy compliant with GDPR are present, indicating attention to privacy compliance. However, no incident response or security policy information is provided, and no terms of service page is found.

S

Scigility Switzerland AG

scigility.com

23

Scigility Switzerland AG is a specialized technology company focused on delivering advanced data solutions including AI, machine learning, data strategy, and governance primarily to enterprise clients in finance, healthcare, manufacturing, and utilities sectors. The company has a mature market presence with a domain age of 12 years and a strong client portfolio including major Swiss corporations. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates analytics tools such as Matomo and Google Analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness that undermines user trust and data protection. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the business credibility and website professionalism are high, but the security posture requires urgent improvement.

B

Bullhorn

invenias.com

40

Bullhorn is a well-established enterprise SaaS provider specializing in cloud-based staffing and recruitment software solutions, including the Invenias executive search platform. The company serves a global customer base with a comprehensive suite of products designed to streamline recruitment processes, enhance compliance, and improve business development efforts. The website reflects a mature digital presence with strong branding, professional content, and targeted messaging for staffing firms and executive search professionals. Technically, the site leverages WordPress CMS, integrates marketing automation tools like Marketo, and employs standard web technologies such as jQuery and Slick Carousel. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which is a critical vulnerability that undermines user trust and data protection. Privacy compliance is well addressed with a comprehensive privacy policy, cookie consent via OneTrust, and GDPR adherence. Overall, the site is professional and credible but requires urgent remediation of SSL issues to ensure secure user interactions.

1

101domain GRS Limited

psolutions.at

37

The website psolutions.at is currently a parked domain page managed by 101domain GRS Limited, a domain registration and related services provider. The site offers no original business content but promotes domain registration, Google Workspace, web hosting, and corporate brand services through 101domain. The target audience is individuals or businesses interested in acquiring this domain or other domains. The site is minimalistic with basic design and navigation, primarily serving as a placeholder and sales funnel for domain services. Technically, the site is hosted on an AWS IP with nginx server and uses modern frontend technologies such as jQuery and Modernizr. However, it lacks SSL/TLS encryption, serving content over HTTP only, which is a significant security shortfall. Performance metrics are not available, but the site appears lightweight. Mobile optimization is good due to responsive CSS, but accessibility and SEO are basic. Security posture is weak due to the absence of HTTPS, no HSTS, no DMARC, no DNSSEC, and no valid SSL certificate. Some security headers like Content-Security-Policy and X-Frame-Options are present, but overall security best practices are not fully implemented. There are no signs of vulnerabilities like Heartbleed or POODLE, but the lack of encryption is critical. Overall, the site poses low risk as it is a parked domain with no user data collection or business operations. However, the lack of HTTPS and privacy policies reduces trustworthiness and compliance. Strategic recommendations include implementing SSL/TLS, adding privacy and cookie policies, and improving security headers to enhance trust and security posture.

V

Vela Labs

vela-labs.at

28

Vela Labs GmbH is a GLP and GMP certified contract laboratory specializing in analytical services for pharmaceutical and biotechnology companies. The company supports all phases of drug development with services including physico-chemical analysis, ligand binding assays, cell based assays, microbiological analysis, clinical sample analytics, and GMP storage. As part of the Tentamus Group, Vela Labs positions itself as a trusted partner with strong compliance credentials and a focus on quality and regulatory adherence. The website demonstrates a professional digital presence built on WordPress with SEO and analytics integrations, targeting pharma and biotech professionals. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Privacy policies and cookie consent mechanisms are well implemented, reflecting GDPR compliance. Overall, the company shows a solid market position but should urgently address its SSL/TLS configuration to improve security posture and user confidence.

M

Mondial GmbH & Co. KG

mondial-congress.com

37

Mondial GmbH & Co. KG is a medium-sized Austrian company specializing in congress and event management services, including green meetings, virtual events, and travel management. The company holds several industry certifications and maintains a multilingual, content-rich website targeting organizations seeking professional event solutions. Technically, the website is built on WordPress with modern libraries but lacks a valid SSL certificate, resulting in a critical security gap. The absence of HTTPS and security headers exposes users to risks and reduces trust. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site demonstrates good business credibility and content quality but requires urgent security improvements to meet modern standards.

D

DIE FLIEGENDEN KÖCHE GMBH

fliegende-koeche.com

25

DIE FLIEGENDEN KÖCHE GMBH operates Austria's largest chefs agency, providing professional kitchen staff placement services nationally and internationally since 2007. The company targets gastronomy businesses such as restaurants and hotels, offering temporary and permanent staffing solutions including various chef roles. Their market position is strong within Austria, supported by over a decade of experience and multiple regional offices. Technically, the website is built on WordPress with common plugins and libraries but suffers from critical security shortcomings, notably the absence of a valid SSL certificate and use of outdated PHP. The site includes privacy and cookie policies with consent mechanisms, but lacks explicit security or incident response policies. Overall, the business credibility is good, but the security posture is weak, exposing the site to risks. Strategic improvements in HTTPS deployment, server software updates, and security headers are recommended to enhance trust and compliance.

Acer Inc is a global technology company specializing in the manufacturing and retail of computing devices including laptops, desktops, Chromebooks, monitors, and projectors. The website targets both consumer and business audiences primarily in Finland but also globally, offering a comprehensive product catalog and support services. The company maintains a strong market position with consistent branding and a professional online presence. Technically, the site uses ASP.NET MVC framework, jQuery, and integrates multiple third-party analytics and marketing tools such as Google Tag Manager and Visual Website Optimizer. Hosting is via Amazon AWS with Akamai CDN for content delivery. Security posture shows presence of key security headers and secure cookies; however, the SSL certificate is invalid or missing and no TLS protocols are enabled, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the site is professional and trustworthy but requires urgent SSL remediation to improve security and trust.

Ö

Österreichische Gesundheitskasse

ooegkk.at

40

The Österreichische Gesundheitskasse (ÖGK) operates as a major public health insurance provider in Austria, delivering comprehensive health insurance services and support to insured individuals, employers, and contract partners. The website serves as an official portal offering information, appointment scheduling, customer service, and career opportunities, targeting Austrian residents and stakeholders in the healthcare sector. The digital presence is supported by a modern technology stack including Apache, Jakarta Faces, and jQuery, managed via a Gentics CMS platform, and hosted within the Austrian social insurance infrastructure. Despite a professional and content-rich website, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. The site implements a strong Content Security Policy and cookie consent mechanisms, reflecting good privacy compliance, but the lack of HTTPS and TLS protocols is a critical vulnerability. Social media integration and clear contact information enhance trust and user engagement. Overall, the website is functional and credible but requires urgent security improvements to protect user data and comply with modern standards.

M

Melitta

melitta.com

40

Melitta is a well-established company specializing in coffee products and related services, operating a professional website that serves both consumers and B2B partners. The site provides comprehensive information about the company, its sustainability initiatives, and customer service options, supported by a consistent brand presence and active social media engagement. The technical infrastructure leverages modern JavaScript libraries, Google Analytics, and Cloudflare CDN services, with good mobile optimization and accessibility features implemented via a third-party widget. However, the website's security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which poses risks to data confidentiality and user trust. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the website is functional and professional but requires urgent remediation of SSL and TLS issues to improve security and trustworthiness.

B

BVAEB Versicherungsanstalt öffentlich Bediensteter, Eisenbahnen und Bergbau

bvaeb.at

40

BVAEB is an Austrian government social insurance institution serving public servants, railway workers, and mining employees. It provides comprehensive information and services related to health insurance, accident insurance, pension, and family benefits. The website is well-structured and targets insured persons, employers, and partners within its sector. Technically, the site uses Apache, Jakarta Faces, and modern JavaScript libraries, but suffers from a critical lack of valid SSL/TLS certificates, severely impacting its security posture. Privacy and cookie policies are implemented with consent mechanisms, and contact information is clearly provided. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and comply with modern standards.

Ö

Österreichische Gesundheitskasse

meineoegk.at

40

The website meineoegk.at serves as the official service portal for the Österreichische Gesundheitskasse, Austria's public health insurance provider. It offers a broad range of online services including e-Rezept, insurance data access, pension applications, and various social insurance related forms. The portal targets insured Austrian residents and provides a secure login mechanism via ID Austria, ensuring user data protection and access control. The site is professionally designed with clear navigation and comprehensive content relevant to its audience. Technically, it employs a custom CMS with Jakarta Faces framework and uses modern JavaScript libraries such as jQuery 3.6.0 and Slick Carousel for UI components. Analytics is managed through Piwik PRO with user consent mechanisms in place, reflecting good privacy practices. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the site's security posture. The Content Security Policy is robust but includes unsafe directives that could be improved. Overall, the site is trustworthy and authoritative but requires urgent security enhancements to protect user data and comply with best practices.

O

oe24.at

oe24.at

36

Oe24.at is a prominent Austrian online news portal delivering comprehensive news coverage, multimedia content, and subscription services targeting German-speaking audiences interested in Austrian and global events. The website integrates advanced advertising and analytics technologies, including Google Tag Manager, Relevant Digital, and Piano subscription management, reflecting a mature digital infrastructure. However, a critical security deficiency is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. The site demonstrates strong privacy compliance with detailed GDPR-aligned policies and consent mechanisms. Overall, while content and business credibility are solid, urgent improvements in security posture are necessary to protect user data and maintain trust.

I

Implenia AG

implenia.com

38

Implenia AG is a leading Swiss construction and real estate services company with a strong multinational presence, particularly in Switzerland and Germany. The company specializes in infrastructure, real estate development, and specialized construction services such as tunnel and civil engineering. The website reflects a mature business with comprehensive content targeting business clients, investors, and partners. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and integrates consent management and analytics tools. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing the site to risks and undermining user trust. Security headers are partially implemented but insufficient without HTTPS. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism and business credibility but requires urgent security improvements to align with best practices.

Ö

Österreichische Gesundheitskasse

wgkk.at

40

The Österreichische Gesundheitskasse (ÖGK) operates as a major public healthcare insurance provider in Austria, offering a broad range of health-related services and information to insured individuals, employers, and contract partners. The website serves as a comprehensive portal for health facilities, health services, customer support, appointment scheduling, and career opportunities, targeting Austrian residents and stakeholders in the healthcare sector. The organization maintains a consistent and professional online presence with clear branding and trust signals, including official government domain usage and social media engagement. Technically, the website is built on a mature infrastructure utilizing Apache, Jakarta Faces (JSF), jQuery 3.6.0, and Gentics CMS. It integrates advanced features such as a content slider and Piwik PRO analytics for user behavior tracking. However, performance metrics appear incomplete, and the site shows moderate loading characteristics. Accessibility and SEO optimizations are well addressed, with good mobile responsiveness and clear navigation. From a security perspective, the site implements several best practices including a detailed Content-Security-Policy and HttpOnly, Secure cookie flags. Nevertheless, the absence of a valid SSL certificate and HTTPS support is a critical vulnerability, severely impacting the security posture. Other SSL/TLS features such as modern protocol support, OCSP stapling, and session resumption are missing. Privacy compliance is strong, with GDPR-aligned cookie consent mechanisms and clear privacy policies. Overall, the website is trustworthy and professionally managed but requires urgent security improvements to enable HTTPS and strengthen SSL/TLS configurations. Addressing these issues will enhance user trust, data protection, and compliance with modern security standards.

P

PV - Pensionsversicherung Österreich

pensionsversicherung.at

39

The website pensionsversicherung.at represents the official online presence of the Austrian Pensionsversicherung (PV), the largest pension insurance carrier in Austria, serving approximately 5.6 million insured persons. It provides comprehensive information and services related to pensions, care allowances, rehabilitation, and health prevention. The site is well-structured, professionally designed, and targets insured workers, pensioners, and caregivers in Austria. The business model is that of a government social insurance provider, with a strong market position as a key public institution in Austria's social security system. Technically, the website uses a mature technology stack including Apache server, jQuery 3.6, Jakarta Faces framework, and Piwik PRO for analytics. The content is rich and well-optimized for SEO and accessibility, with good mobile responsiveness. However, performance data is missing, and the site is currently served without a valid SSL certificate, resulting in no HTTPS availability, which is a critical security flaw. From a security perspective, the site implements several security headers including a detailed Content Security Policy and uses secure cookie flags. Despite this, the lack of a valid SSL certificate and absence of modern TLS protocols severely degrade the security posture. No DMARC record is found, and session resumption and OCSP stapling are not enabled. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the site is trustworthy and authoritative in its domain but must urgently address SSL/TLS issues to ensure secure communications and maintain user trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing email security with DMARC. The site demonstrates a high level of professionalism and business credibility but is currently limited by its security shortcomings.

T

TimeTac GmbH

timetac.com

31

TimeTac GmbH operates a comprehensive online time tracking software platform targeting businesses of all sizes, including SMEs and enterprises across multiple industries. The company offers modular SaaS solutions including employee time tracking, project time tracking, leave management, and integrations via API. Positioned as a market leader especially in German-speaking countries, TimeTac emphasizes GDPR compliance, data protection, and customer service excellence. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support. Technically, the site uses WordPress CMS with Bootstrap and jQuery, and integrates multiple marketing and analytics tools such as Google Analytics, Hotjar, and Cookiebot for consent management. However, the website currently suffers from a critical security issue: the SSL certificate is invalid or missing, and no TLS protocols are enabled, exposing users to risks and undermining trust. Security headers are absent, and performance is slow due to high load times and large page size. Privacy compliance is strong with clear policies and consent mechanisms. Business credibility is high, supported by certifications, partner logos, and customer testimonials.

IT-Services der Sozialversicherung GmbH (ITSV) is a specialized technology company focused on managing and coordinating IT activities for the Austrian social insurance sector. The company plays a pivotal role in driving digital transformation and efficiency improvements within the healthcare and social insurance ecosystem in Austria. Their key services include IT coordination, digitalization of social insurance services, and SAP support through a dedicated Customer Center of Expertise. The website reflects a professional and consistent brand presence targeting social insurance entities and insured individuals in Austria. Technically, the site uses a modern tech stack including Apache, Jakarta Faces, and jQuery, supported by a Gentics CMS platform. However, performance appears slow and SSL/TLS security is critically lacking, with no valid certificate or secure protocols enabled. Security headers such as Content Security Policy are well implemented, but the absence of HTTPS and TLS protocols represents a significant risk. Privacy compliance is strong, with clear cookie consent mechanisms and a comprehensive privacy policy. Overall, the site is content-rich and trustworthy but requires urgent security improvements to protect user data and maintain trust.

BE Semiconductor Industries N.V. (Besi) is a leading technology company specializing in the development and manufacturing of advanced semiconductor assembly equipment and processes. Their product portfolio includes solutions for die attach, packaging, plating, and cleaning, serving diverse markets such as electronics, automotive, industrial, and renewable energy sectors. The website reflects a mature business with a strong investor relations presence and comprehensive corporate governance disclosures, indicating a well-established market position. Technically, the website is built on the TYPO3 CMS platform, utilizing jQuery and Google Tag Manager for analytics and tracking. While the site has a professional design and clear navigation, it lacks a valid SSL certificate, which significantly impacts its security posture. The absence of HTTPS and modern TLS protocols exposes the site to potential risks and undermines user trust. Additionally, no cookie consent mechanism or detailed privacy compliance features are present, which may pose compliance challenges. From a security perspective, the site implements several security headers and restricts device permissions, but the invalid SSL configuration and lack of session resumption or OCSP stapling reduce overall security effectiveness. No incident response or vulnerability disclosure policies are publicly available, limiting transparency in security management. Overall, the website demonstrates solid business credibility and content quality but requires urgent improvements in security infrastructure and privacy compliance to enhance trustworthiness and protect user data effectively.

E

ENI

eni.com

40

Eni is a large, established integrated energy company headquartered in Italy with a strong global presence and diversified energy portfolio including oil & gas, renewables, and bioenergy. The website reflects a mature digital presence with comprehensive content covering corporate governance, sustainability, investor relations, and career opportunities. Technically, the site uses modern frameworks like Bootstrap and jQuery, hosted on Akamai CDN, and employs Adobe Helix for content management. However, the security posture is weakened by the absence of a valid SSL certificate and HTTPS support, which is a critical vulnerability. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

A

Activision Publishing

treyarch.com

40

Treyarch.com is the official website of Treyarch Studios, a renowned video game developer known for the Call of Duty Black Ops series. The site is professionally designed, targeting gamers and industry professionals, and showcases the company's history, culture, and game portfolio. It operates under the parent company Activision Publishing, reflecting a strong market position in the gaming industry. Technically, the site uses Adobe Experience Manager CMS, hosted via Akamai, and integrates modern marketing and analytics tools such as Google Tag Manager and Adobe Launch. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue for user trust and data protection. Privacy and cookie policies are comprehensive and GDPR compliant, linked through the parent company domain. Overall, the site is content-rich and trustworthy but requires urgent security improvements.

N

Nestec Scharf IT-Solutions OG

nestec.at

35

Nestec Scharf IT-Solutions OG operates as an Austrian IT security and messaging distributor with a strong emphasis on sustainability, fair partnerships, and regional focus. The company offers a broad portfolio of cybersecurity and IT solutions targeting MSPs and IT resellers primarily in Austria and Europe. Their business model centers on value-added distribution, partner support, and personalized service. Technically, the website runs on legacy Microsoft IIS 7.5 with ASP.NET 4.0 and uses common JavaScript libraries such as jQuery and Bootstrap. However, the site lacks HTTPS, modern TLS support, and critical security headers, exposing it to security risks. The absence of cookie consent mechanisms and limited privacy compliance indicators suggest room for improvement in regulatory adherence. Overall, the website is functional and content-rich but requires urgent security upgrades to protect users and improve trust.

U

Universalmuseum Joanneum GmbH

museum-joanneum.at

40

The Universalmuseum Joanneum is Austria's oldest and second largest museum institution, operating 20 museums and one zoo across 14 locations in the Steiermark region. Founded in 1811, it offers a rich cultural, historical, and natural heritage experience to a broad audience including families, schools, and art enthusiasts. The website reflects a professional and comprehensive digital presence with excellent content quality and user experience, supported by a mature TYPO3 CMS platform. However, the technical infrastructure shows significant security weaknesses, notably the absence of a valid SSL certificate and lack of HTTPS support, which critically impacts the site's security posture. Privacy and cookie policies are well implemented and GDPR compliant, but incident response and security policy information are absent. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

E

evolaris next level GmbH

evolaris.net

37

evolaris next level GmbH is a technology-focused company specializing in mobile communication and digital innovation services. Their website highlights their role as a bridge between science and business, offering digital assistance systems, customized solutions, software engineering, user experience design, and research activities. The company targets enterprises seeking to enhance their digital capabilities and innovation potential. The website is professionally designed, with clear navigation and relevant content, supporting their market position as an established innovation center in Austria. Technically, the website runs on WordPress CMS with common plugins such as NextGEN Gallery and EvoSlider, and uses Apache server hosting likely provided by Hetzner. While the site includes Google Analytics for user tracking, performance metrics are not optimal, and mobile optimization is good. However, a critical technical shortfall is the lack of a valid SSL certificate and HTTPS support, exposing users to security risks. From a security perspective, the site lacks HTTPS, HSTS, and modern TLS protocol support, which are fundamental for secure communications. No advanced security headers or incident response contacts are found. The absence of cookie consent mechanisms and limited privacy policy details indicate partial GDPR compliance. The WHOIS data aligns well with the website's business information, supporting legitimacy. Overall, the website presents a moderate risk profile primarily due to missing HTTPS and security best practices. Strategic improvements in SSL configuration, security headers, and privacy compliance would significantly enhance trust and security posture.

Ö

Österreichische Gesundheitskasse

sgkk.at

40

The Österreichische Gesundheitskasse (ÖGK) operates as a major public healthcare insurance provider in Austria, offering a broad range of health-related services to insured individuals, employers, and partners. The website serves as an information and service portal, providing access to appointment scheduling, customer service, health information, and career opportunities. The target audience primarily includes Austrian residents and healthcare stakeholders. The organization holds a strong market position as a government-affiliated entity with consistent branding and trust indicators such as official social media presence and comprehensive privacy policies. Technically, the website is built on a custom CMS likely based on Gentics Content Server, utilizing Jakarta Faces (JSF) framework and jQuery 3.6.0. It integrates Piwik PRO for analytics and employs a detailed Content Security Policy. However, the site currently lacks a valid SSL certificate and does not support HTTPS, which significantly impacts its security posture. Performance data is limited but suggests slower load times. Accessibility and SEO optimizations are well implemented. From a security perspective, the absence of HTTPS and modern TLS protocols is a critical vulnerability. While security headers like CSP and HSTS are present, the lack of a valid certificate and secure transport reduces overall security. No explicit incident response or vulnerability disclosure mechanisms are found. Privacy compliance is strong, with clear cookie consent and privacy policies aligned with GDPR. Overall, the website is professional and trustworthy in content and business credibility but requires urgent improvements in SSL/TLS implementation to enhance security and user trust. Strategic recommendations include immediate SSL certificate deployment, enabling modern TLS protocols, and enhancing security header configurations to protect user data and comply with best practices.

B

BCS Koolitus AS

bcskoolitus.ee

40

BCS Koolitus AS is a well-established Estonian company specializing in IT training and certification services for both IT specialists and general computer users. The company offers a broad range of courses including Microsoft Office, IT infrastructure management, programming languages, and e-learning platforms. Their market position is strong within Estonia, supported by extensive project experience and recognized quality certifications such as the HAKA quality mark. The website reflects a professional and consistent brand image with detailed service descriptions and active client engagement through testimonials and project showcases. Technically, the site is built on WordPress with modern technologies and includes multilingual support, though performance optimization is needed due to slow load times and large page size. Security posture is generally good with HTTPS and OCSP stapling, but improvements are recommended in DNS and email security configurations. Privacy compliance is basic with cookie consent mechanisms and privacy policies present, but GDPR compliance could be enhanced. Overall, the company demonstrates credible business operations with clear contact information and a moderate level of digital maturity.

C

CREDITREFORM Rating SIA

crediweb.lv

40

CrediWeb.lv is a Latvian-based business information platform operated by CREDITREFORM Rating SIA, providing comprehensive credit and business reports for companies primarily in Latvia, Europe, and China. The platform targets businesses and registered users seeking detailed company and private person credit information, offering services such as company reports, family trees, monitoring, and foreign credit reports. The website demonstrates a professional design with consistent branding and clear navigation, supporting multiple languages and user authentication methods including bank link authentication. Technically, the site uses modern JavaScript libraries like jQuery, Flatpickr, Tippy.js, and Chart.js, and integrates Google Tag Manager for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts user security and trust. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. WHOIS data confirms the domain is actively maintained and consistent with the business's Latvian operations, though domain protection locks are not enabled. Overall, while the business model and content quality are strong, the security posture requires urgent improvement to protect users and enhance credibility.

A

ACT Alliance

actalliance.org

39

ACT Alliance is a large, global non-profit coalition comprising 152 members operating in 127 countries, focused on humanitarian aid, climate justice, gender justice, migration, peace, and advocacy. The website reflects a well-structured organization with clear thematic areas and a broad international presence. Technically, the site is built on WordPress with modern frameworks such as Bootstrap and uses various JavaScript libraries for UI and mapping functionalities. However, the security posture is weak due to the absence of a valid SSL certificate and lack of essential security headers, which exposes users to risks and undermines trust. Privacy compliance is partially met with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the site is professional and credible but requires urgent security improvements to protect user data and enhance trust.

C

Celebrus Technologies plc

celebrus.com

53

Celebrus Technologies plc operates a sophisticated digital data and identity platform designed to capture, connect, and activate first-party data across multiple channels in real time. The company targets enterprise clients primarily in financial services, retail, healthcare, telecommunications, and hospitality sectors, offering solutions that enhance marketing personalization, fraud prevention, and compliance adherence. Their market position is strengthened by patented technology, a comprehensive product suite, and ISO 27001 certification, signaling a mature security posture. Technically, the website is built on HubSpot CMS with integrations of modern marketing and analytics tools, though performance is moderate and accessibility is basic. Security analysis reveals a critical gap in SSL/TLS implementation, with no valid certificate and lack of modern TLS protocols, which significantly impacts the security score. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and maintain compliance.

OldPostcards.com is a mature, niche e-commerce retailer specializing in vintage and collectible postcards, operating since 1998. The website offers a broad catalog of postcards including US states, world countries, trade cards, and thematic categories, targeting collectors and enthusiasts. The business maintains multiple related stores and demonstrates consistent branding and trust signals such as BBB accreditation and PayPal acceptance. Technically, the site is built on the ShopSite Pro platform with a traditional Apache hosting environment and uses common web technologies like jQuery and Bootstrap. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security deficiency. Privacy compliance is minimal, with no cookie consent mechanism and only basic privacy and terms of service pages. The site employs several analytics and marketing tools including Google Analytics, Facebook Pixel, and Constant Contact, but without clear user privacy controls. Overall, the site is functional and professional but requires urgent security and privacy improvements.

T

The Trade Desk

transparentadvertising.com

62

The website transparentadvertising.com serves as a Transparency and Control Portal for users to opt out of targeted advertising based on UID2 identifiers derived from their email addresses or phone numbers. It is operated by The Trade Desk, a large technology company specializing in advertising technology. The portal provides a user-friendly form for submitting opt-out requests and includes links to a privacy policy and a vulnerability disclosure page, demonstrating some commitment to transparency and security. However, the site currently lacks a valid SSL certificate, which is a critical security deficiency that undermines user trust and data protection. The technical infrastructure relies on dated technologies such as jQuery and jQuery UI, hosted likely on Amazon AWS, with slow page load times and large page size impacting user experience. Security measures include HSTS and Google reCAPTCHA Enterprise integration, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy compliance is basic, with no explicit GDPR compliance or cookie consent mechanisms visible. Overall, the site is functional but requires urgent improvements in security and privacy to meet modern standards.

I

Ivans

ivansinsurance.com

69

Ivans is a leading technology company specializing in digital insurance software that connects carriers, MGAs, and agencies. Positioned as an industry network, Ivans offers streamlined workflows and connectivity solutions to drive business growth for insurance professionals. The company operates under the parent organization Applied Systems, Inc., and serves primarily the US market with enterprise-level solutions. Their offerings include digital distribution platforms, claims communications, and industry insights, targeting insurance agents and brokers. The website reflects a strong market position with clear branding, comprehensive content, and multiple trust signals such as awards and customer testimonials. Technically, the website employs modern web technologies including jQuery, Bootstrap, and Marketo forms, hosted behind Cloudflare with robust SSL/TLS configurations supporting TLS 1.3 and OCSP stapling. Performance is fast with good mobile optimization and accessibility features. SEO is enhanced by structured data (JSON-LD) and proper meta tags. However, there is room for improvement in security headers (lack of HSTS) and DNS security (no DNSSEC or CAA records). From a security perspective, the site demonstrates good practices with secure cookies, no known SSL vulnerabilities, and no exposed sensitive data. The absence of a cookie consent mechanism and explicit GDPR compliance indicators suggests partial privacy compliance. No security policy or incident response information is publicly available, which could be a gap for enterprise clients. Overall, the security posture is strong but could be enhanced with additional headers and transparency. The overall risk assessment is low with a well-maintained, professional website that supports Ivans' business credibility and digital maturity. Strategic recommendations include implementing cookie consent for privacy compliance, enabling HSTS, adding DNS security records, and publishing security and incident response policies to further build trust and compliance.

A

Applied Systems, Inc.

appliednet.com

35

Applied Net is a specialized annual user conference organized by Applied Systems, Inc., targeting insurance agents, brokers, and software users within the Applied Systems ecosystem and its subsidiaries such as EZLynx, Tarmika, and Ivans. The event focuses on education, innovation, and networking, positioning itself as a premier industry gathering. The website reflects a mature digital presence with comprehensive content, structured data, and integration of modern web technologies. However, the absence of a valid SSL certificate and lack of HTTPS enforcement significantly undermine the site's security posture. While the site employs trusted third-party services like Google Tag Manager and Brightcove for analytics and media delivery, the missing cookie consent mechanism and incomplete security headers indicate areas for compliance improvement. Overall, the business credibility and content quality are strong, but technical and security enhancements are critical to ensure trust and compliance.

A

Applied Systems, Inc.

appliedsystems.com

50

Applied Systems, Inc. is a leading enterprise technology company specializing in insurance software and agency management solutions for independent insurance agencies and brokers. The company offers a comprehensive suite of cloud-based products including agency management platforms, marketing automation, digital payments, and business intelligence tools. With a strong market position evidenced by adoption among top insurance brokerages and multiple industry awards, Applied Systems serves a primarily US-based audience with a focus on innovation and digital transformation in the insurance sector. The company was founded in 1983 and operates several subsidiaries such as EZLynx, Ivans, Indio, and Tarmika, enhancing its product ecosystem. Technically, the website employs modern JavaScript libraries like jQuery and Bootstrap, integrates marketing tools such as Marketo Forms, and uses Google Tag Manager for analytics. Hosting is via Cloudflare, but a critical security gap exists due to the absence of a valid SSL certificate and disabled TLS protocols, severely impacting the security posture. The site is well-structured with comprehensive metadata, JSON-LD structured data, and good SEO practices, providing a professional and trustworthy user experience. Security-wise, the lack of HTTPS and TLS support is a major vulnerability, exposing users to risks and undermining trust. While privacy and cookie policies are present and GDPR compliant, no explicit incident response or vulnerability disclosure mechanisms were found. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to meet modern standards and protect user data effectively.

V

Veterans United Home Loans

veteransunited.com

60

Veterans United Home Loans is a leading mortgage lender specializing in VA home loans, serving veterans and military families across the United States. The company holds a strong market position as the top VA purchase lender by volume for multiple consecutive years, offering a comprehensive suite of services including VA loans, refinancing, realty, insurance, and credit building. Their website reflects a professional and user-friendly digital presence with extensive educational content, customer reviews, and interactive tools such as mortgage calculators and eligibility forms. Technically, the site leverages a modern JavaScript stack with jQuery, Google Tag Manager, and custom form frameworks, hosted on AWS infrastructure. However, the security posture is currently weak due to the absence of a valid SSL certificate and disabled TLS protocols, which poses a significant risk to user data confidentiality and trust. Privacy policies and cookie consent mechanisms are well implemented, supporting compliance with general privacy standards. Overall, the site demonstrates strong business credibility and digital maturity but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.