Security Directory

B

Bau dein Ding

bau-dein-ding.de

10

Bau dein Ding is a German-focused educational and career guidance platform dedicated to promoting apprenticeships and careers in the construction industry. The website offers comprehensive information tailored to various target groups including students, parents, teachers, companies, and non-German speakers. It provides resources such as job listings, career fairs, and interactive tools like the BauChecker to help users find suitable professions. The platform maintains an active social media presence to engage its audience with relevant content and updates. Technically, the website is built on TYPO3 CMS, hosted by Hetzner, and integrates modern web technologies including JavaScript, jQuery, and Bootstrap for UI components. It employs a robust cookie consent management system compliant with GDPR, leveraging third-party services like etracker for analytics, Flockler for social media aggregation, and OpenStreetMap for map services. The site demonstrates good mobile optimization and SEO practices, though accessibility features could be enhanced. From a security perspective, the site enforces HTTPS with a Content-Security-Policy header and manages user consent effectively. No critical vulnerabilities or exposed sensitive data were detected. However, the site lacks explicit security policies and incident response information, and could benefit from additional security headers and a security.txt file to improve transparency and readiness. Overall, Bau dein Ding presents a trustworthy, professional, and user-friendly platform with a strong focus on privacy compliance and user engagement. Strategic improvements in security documentation and accessibility would further strengthen its posture.

B

Building Lab

building-lab.de

8

Building Lab is a small German company focused on construction and building technology services. The website is built on the Webflow platform and hosted via GoDaddy name servers, indicating a modern but small-scale digital infrastructure. The site features minimal textual content and primarily graphical elements, targeting construction professionals and technology adopters in the building sector. The market position appears niche and innovative within its industry. The technical infrastructure is moderate in performance and mobile optimization but lacks advanced security configurations and privacy compliance features. Security posture is basic with no detected security headers or incident response contacts, and no privacy or cookie policies are present. Overall, the website is accessible and safe but requires improvements in security and compliance to enhance trust and professionalism.

S

Sitevision

custompublish.com

47

Sitevision is a Nordic-focused CMS platform provider specializing in intranet and website solutions that deliver engaging digital experiences. The company offers a comprehensive platform with over 150 modules, AI-powered assistants, and a marketplace for integrations, targeting public sector, industry, banking, retail, and membership organizations. The website demonstrates a mature digital presence with modern technologies including React and Sitevision CMS, supported by a cloud-based infrastructure. Security posture is strong, evidenced by ISO 27001 certification and use of HTTPS with cookie consent mechanisms. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is well addressed with clear policies and consent management. Overall, Sitevision presents as a credible and professional business with a solid market position in the Nordic region.

T

Tom's Hardware

tomshardware.com

78

Tom's Hardware is a well-established technology media brand focused on providing in-depth reviews, news, and guides related to PC hardware and technology enthusiasts. The website targets hardcore PC enthusiasts, gamers, and technology consumers seeking expert advice on hardware purchases and PC builds. The business model primarily revolves around advertising and content publishing, supported by a strong digital presence and social media engagement. Technically, the website employs modern web technologies including JavaScript frameworks, Google Tag Manager, and a content delivery network (Future CDN). The site is mobile-optimized and demonstrates good SEO and accessibility practices. Performance is moderate with room for optimization. The CMS appears proprietary or custom, inferred from CDN URLs. From a security perspective, the site enforces HTTPS and uses common third-party scripts responsibly. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not clearly present, which could be improved. No direct incident response or security policy information is publicly available, which is a gap for transparency. WHOIS data is not publicly available, likely due to privacy protection, which slightly reduces trust but is common for media companies. Overall, Tom's Hardware presents a professional, trustworthy, and content-rich platform with a solid technical foundation. Strategic improvements in security header implementation and public security policy disclosure would enhance its security posture and trustworthiness.

LAURYN v.o.s. is a Czech company specializing in the development and implementation of information systems tailored for spa, rehabilitation, and healthcare facilities. Their key offerings include the IS L-BIS and IS R-PLAN software suites, designed to support operational and clinical workflows in these specialized sectors. The company positions itself as a niche provider with a focus on the Czech healthcare market, emphasizing quality and service support. The website content is primarily in Czech and targets healthcare institutions such as spas, sanatoria, and rehabilitation centers. From a technical perspective, the website employs basic web technologies including HTML, CSS, and JavaScript, with Google Analytics integrated for visitor tracking. The hosting appears to be managed through Czech providers, consistent with the company's location. However, the site shows limited mobile optimization and accessibility features, and lacks modern frameworks or CMS platforms. Performance is moderate, with no critical errors detected. Security posture is currently weak due to the absence of HTTPS enforcement and missing security headers. While email obfuscation is implemented via JavaScript, there is no visible privacy or cookie policy, which raises compliance concerns especially under GDPR. No incident response or vulnerability disclosure information is provided. The domain registration data aligns well with the business profile, showing a consistent and legitimate presence since 2011. Overall, the website is functional and provides clear business information but requires significant improvements in security, privacy compliance, and technical modernization to enhance trust and protect user data effectively.

T

TAKKO Fashion

takko.com

60

TAKKO Fashion operates a multi-country e-commerce platform specializing in family fashion retail across various European countries. The website provides localized shopping experiences with country and language selection, leveraging Salesforce Commerce Cloud technology. The company appears to be a large retail entity with a consistent brand presence and professional digital infrastructure. Technically, the site uses modern JavaScript frameworks, integrates marketing and analytics tools such as Google Tag Manager and Salesforce CDP, and employs session integrity and lazy loading scripts to optimize performance. Security posture is generally good with HTTPS enforced and no visible sensitive data exposure; however, explicit security headers and detailed privacy disclosures are lacking. The absence of WHOIS registration data is a notable anomaly that reduces trustworthiness, although the website content and structure suggest a legitimate business. Overall, the site scores well on business credibility and technical implementation but needs improvements in privacy compliance and transparency.

S

Sperky Frank

sperkyfrank.sk

51

Sperky Frank operates a well-established online and physical retail jewelry business in Slovakia, specializing in gold, silver, and diamond jewelry. The website demonstrates a mature e-commerce platform with a broad product catalog, clear navigation, and multiple customer engagement channels. Technically, the site employs modern web technologies, including Google Analytics, Facebook Pixel, Microsoft Clarity, and reCAPTCHA, ensuring both marketing effectiveness and security. The security posture is strong with HTTPS, secure login forms, and cookie consent mechanisms, although explicit security policies and incident response contacts are not publicly available. Overall, the site is trustworthy, professional, and compliant with GDPR requirements, reflecting a medium-sized retail business with a solid market position.

B

badenova AG & Co. KG

badenova.de

72

badenova AG & Co. KG is a well-established regional energy provider in Germany specializing in ecological energy solutions such as green electricity and biogas. The company targets both private and business customers, offering a range of services including tariff calculation, customer portals, and energy solutions for homes like photovoltaics and electric mobility. Their market position is supported by certified green energy tariffs and a strong emphasis on customer service and transparency. Technically, the website employs modern web technologies including JavaScript, CSS, and Google Tag Manager for analytics, alongside OneTrust for cookie consent management. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Performance is moderate with good user experience and navigation clarity. From a security perspective, the site enforces HTTPS and uses secure forms with validation. Cookie consent mechanisms are in place, and no critical vulnerabilities or exposed sensitive data were detected. However, explicit security headers and incident response policies are not publicly disclosed, representing an area for improvement. Overall, the website is professional, trustworthy, and compliant with GDPR requirements. The domain registration data aligns with the business claims, indicating legitimacy. No WAF or blocking mechanisms interfere with content access, allowing full analysis. Strategic recommendations include enhancing security header implementation, publishing security and incident response policies, and improving transparency around data protection officer contacts.

The website is currently inaccessible beyond a security challenge page that performs browser integrity checks and automatic redirection, indicating the presence of a Web Application Firewall or similar security mechanism. The domain is registered since 2014 with a .it TLD, consistent with an Italian presence, but no business or contact information is visible on the page. The site appears to be built on outdated CMS platforms (Joomla 1.5 and WordPress 2.5), which are known to have security vulnerabilities. No privacy, cookie, or terms of service policies are present, and no contact details or social media links are provided. The external link to bitninja.io suggests the use of BitNinja security services for protection. Overall, the site lacks visible content and trust indicators, limiting the ability to assess its business operations or credibility.

B

Burst Statistics B.V.

burst-statistics.com

76

Burst Statistics B.V. is a small technology company based in the Netherlands specializing in privacy-friendly analytics solutions for WordPress websites. Their flagship products, Burst Statistics and Burst Pro, provide website owners with real-time, GDPR-compliant insights without relying on third-party tracking or cookies. Positioned as a privacy-first alternative to Google Analytics, Burst targets bloggers, businesses, and agencies seeking transparent and local data ownership. The company is part of the reputable Team Updraft Family, enhancing its market credibility. Technically, the website is built on WordPress using modern plugins such as Gravity Forms and Easy Digital Downloads, with SEO optimized by Yoast SEO Premium. Hosting is managed via TransIP, and the site employs HTTPS with good SSL configuration. The site demonstrates good mobile optimization, accessibility, and performance, though DNSSEC is not enabled. The technical infrastructure reflects a mature digital presence suitable for a SaaS business model. From a security perspective, the site enforces HTTPS and avoids third-party tracking, aligning with its privacy claims. However, it lacks some security headers and does not publicly disclose a security policy or incident response plan. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong in practice but lacks explicit policy documentation and cookie consent mechanisms. Overall, Burst Statistics presents a trustworthy and professional online presence with a strong focus on privacy and user data protection. Strategic improvements in policy transparency and security headers would further enhance trust and compliance.

4

4 pipes GmbH

4pipes.de

54

4 pipes GmbH is a medium-sized German company specializing in products and accessories for pipeline construction, serving professional clients in the energy and transportation sectors. Their offerings include seals, corrosion protection, fittings, and various pipeline accessories, supported by professional service and technical documentation. The website reflects a focused B2B business model with clear contact information and legal compliance. Technically, the site uses standard web technologies including JavaScript, jQuery, and integrates Google Analytics and SiteSearch360 for search functionality and visitor tracking. Mobile optimization is basic but functional. Security posture is adequate with HTTPS and cookie consent mechanisms, though lacking advanced security headers and explicit security policies. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

BRUGG Pipes is a specialized manufacturer and service provider of flexible and rigid pipe systems primarily serving the energy and industrial sectors. The company is positioned as a global market leader in safe transport solutions for flammable and water-hazardous substances, offering a comprehensive product portfolio including pipe systems for district heating, cooling, industrial applications, and tank stations. Their website is professionally designed, multilingual, and rich in content, targeting industry professionals and infrastructure planners. Technically, the site is built on TYPO3 CMS with modern tracking and consent management tools, ensuring GDPR compliance and good user experience across devices. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. The absence of WHOIS data slightly reduces trust but does not detract from the overall legitimacy. The company maintains active social media presence and partners with professional platforms, enhancing its market reach and credibility.

B

BASF SE

basf.eu

79

BASF SE is a leading global chemical company headquartered in Germany, with a long history dating back to 1865. The company focuses on profitable growth and creating value for society by providing innovative chemical solutions that support sustainability. Their website reflects a mature digital presence with comprehensive content aimed at industrial clients, partners, and stakeholders worldwide. The site is well-structured, professionally designed, and optimized for mobile devices, demonstrating a high level of digital maturity. Technically, the website uses modern frameworks such as Angular and a CMS platform (Magnolia), with good performance and accessibility standards. Security-wise, BASF employs HTTPS, robust security headers, and follows recognized standards like ISO 27001, indicating a strong security posture. Privacy and cookie policies are clearly presented with consent mechanisms, supporting GDPR compliance. Despite the absence of WHOIS registration details, the overall trustworthiness and legitimacy of the website are high, supported by consistent branding, certifications, and contact information. Strategic recommendations include maintaining regular security assessments, enhancing incident response automation, and continuing to improve privacy transparency to sustain trust and compliance.

R

RAV Armaturen GmbH

rav-valve.com

45

RAV Armaturen GmbH is a German manufacturer specializing in industrial valves, particularly safety-relevant ball valves used in sectors such as petrochemicals, gas industry, and pipeline construction. The company has a long-standing market presence since 1997 and targets industrial clients requiring high-precision valve solutions. Their website reflects a professional and consistent brand image with clear contact information and multilingual support (German and English). Technically, the website is built on standard HTML5, CSS, and JavaScript with jQuery 1.11.3. While the site is functional and moderately optimized for mobile, it lacks modern security features such as DNSSEC and security headers. No CMS or advanced frameworks are detected, indicating a relatively simple but stable infrastructure. Performance is moderate with basic SEO and accessibility features. From a security perspective, the site uses HTTPS (assumed from domain but not explicitly confirmed in data), but lacks DNSSEC and security headers, which are recommended for enhanced protection. No cookie consent mechanism is present, which may impact GDPR compliance. The WHOIS data shows a consistent and legitimate domain registration with no privacy protection, appropriate for the business type. No incident response or vulnerability disclosure information is found. Overall, the website is trustworthy and professional but could improve its security posture and privacy compliance. Strategic recommendations include enabling DNSSEC, adding security headers, implementing cookie consent, and updating JavaScript libraries to mitigate vulnerabilities.

B

BRANDES GmbH

brandes.de

54

BRANDES GmbH is a specialized company with over 55 years of experience providing leak detection and monitoring systems primarily for the energy sector, including district heating and cooling, industrial applications, and environmental protection. The company positions itself as a leading system manufacturer and service provider with a comprehensive product portfolio and extensive service offerings such as planning, installation, and maintenance. Their market presence is supported by certifications and a strong brand identity. Technically, the website is built on TYPO3 CMS, integrates Google Analytics and Tag Manager with consent mechanisms, and is hosted by Parrot Media. The site is well-structured, mobile-optimized, and professionally designed, reflecting a mature digital presence. Security posture is good with HTTPS enforced and privacy compliance evident, though explicit security policies and incident response contacts are not published. Overall, the website and domain registration data indicate a trustworthy and legitimate business with a strong focus on compliance and user privacy.

K

KÄHLER Industrie-Armaturen GmbH

kaehler-armaturen.de

49

KÄHLER Industrie-Armaturen GmbH is a specialized supplier and service provider of high-quality industrial valves and fittings, primarily serving the energy, petrochemical, and industrial sectors in Germany. The company partners with reputable manufacturers such as Vexve to offer a broad portfolio of products including fully welded ball valves and hot tapping systems. Their business model focuses on B2B sales and comprehensive service offerings including installation training and maintenance support. The website reflects a professional and consistent brand image targeting industrial clients with clear contact channels and product information. Technically, the website is built on a modern stack likely using Shopware CMS, with integration of Google Tag Manager and cookie consent management via Cloud CCM19. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Performance is moderate with standard web technologies and lazy loading of images. From a security perspective, the site enforces HTTPS and uses consent management for analytics, but lacks explicit security headers and detailed security or incident response policies. No vulnerability disclosure or security.txt file is present, which could be improved to enhance trust and compliance. Privacy and cookie policies are not explicitly found, indicating a gap in GDPR compliance documentation. Overall, the website is trustworthy and professional with a solid business presence, but could benefit from enhanced privacy and security disclosures to improve compliance and user trust. Strategic improvements in security headers and policy transparency are recommended to strengthen the security posture.

B

Bayern Fernwärme

gorisek.net

58

Bayern Fernwärme is a small German company specializing in the insulation and re-insulation of district heating pipelines, operating primarily in Donaueschingen. The website presents a professional image with clear business descriptions and contact information, targeting property owners and businesses interested in cost-effective heating solutions. The company positions itself as a reliable local service provider with a focus on customer consultation and quality service. Technically, the website is built on the IONOS MyWebsite platform, utilizing standard web technologies such as HTML, CSS, and JavaScript. The site is moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. No advanced frameworks or analytics tools are detected, indicating a basic digital maturity level. From a security perspective, the site uses HTTPS but lacks important security headers and policies such as privacy and cookie notices, which are critical for GDPR compliance. The absence of WHOIS registration data raises concerns about domain legitimacy and ownership transparency. No forms or data collection mechanisms are present, reducing immediate data protection risks but also limiting user engagement. Overall, the website is functional and professional but requires improvements in compliance, security best practices, and domain registration transparency to enhance trust and reduce risk.

S

SPIE Deutschland & Zentraleuropa

spie.de

72

SPIE Deutschland & Zentraleuropa is a leading multi-technical service provider operating in Germany and neighboring Central European countries. The company specializes in services for buildings, plants, and infrastructure, positioning itself as a key player in the energy and transportation sectors. The website reflects a professional corporate presence with clear business descriptions and a focus on B2B customers. Technically, the site uses a modern CMS (Sitefinity), integrates Google Maps API, and employs Microsoft Application Insights for telemetry, indicating a mature digital infrastructure. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not published. Overall, the site is trustworthy and professionally maintained, with room for improvement in transparency around security and terms of service.

KLINGER Fluid Control GmbH is a well-established manufacturer specializing in high-quality industrial valves with over 130 years of experience. The company operates globally with a strong network of distribution partners and is a subsidiary of the KLINGER Group. Their website reflects a professional and consistent brand image, targeting industrial clients primarily in the manufacturing and energy sectors. Technically, the website employs modern web standards and includes user tracking via Google Analytics, though it lacks explicit cookie consent mechanisms. Security posture is solid with HTTPS and no visible vulnerabilities, but could be improved by adding security headers and incident response information. Overall, the site is trustworthy and professionally maintained, supporting the company's market position.

I

INTEC GMK

gmk.info

46

INTEC GMK is a specialized manufacturer and turnkey supplier of Organic Rankine Cycle (ORC) power plants designed to generate electricity from waste heat, geothermal energy, and biomass. The company positions itself as an innovative leader with the broadest range of ORC products, targeting industrial and energy sector clients. Their business model focuses on custom-made, highly individual solutions that integrate seamlessly into client processes, supporting the ongoing energy transition with sustainable power generation technologies. The website reflects a professional and consistent brand image with clear contact information and participation in industry exhibitions, reinforcing market credibility. Technically, the website is built using modern JavaScript frameworks such as Nuxt.js and Vue.js, likely managed via the Wagtail CMS. The site demonstrates good mobile optimization, clear navigation, and moderate performance. SEO practices are adequately implemented with proper meta tags and canonical URLs. However, some technical improvements could enhance security and privacy compliance, such as implementing cookie consent mechanisms and security headers. From a security perspective, the site uses HTTPS and does not expose sensitive data. However, no explicit security policies, incident response contacts, or vulnerability disclosure mechanisms are publicly available. The absence of security headers and cookie consent banners indicates room for improvement in security posture and GDPR compliance. The WHOIS data is unavailable due to a malformed response, suggesting privacy protection, which is reasonable for this business type. Overall, the domain appears legitimate and consistent with the website's claims. The overall risk assessment is moderate with no critical vulnerabilities detected. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure policies, and implementing cookie consent to improve privacy compliance and user trust. These steps will strengthen the company's digital maturity and security culture, supporting its professional market presence.

B

Baker Hughes

bakerhughes.com

77

Baker Hughes is a leading energy technology company focused on advancing safer, cleaner, and more efficient energy solutions globally. The company offers a broad portfolio of services and technologies including energy transition, hydrogen technologies, geothermal solutions, carbon capture, emissions abatement, remote operations, AI-driven energy operations, liquefied natural gas, industrial technology, and mature asset solutions. Their market position is that of a large, established enterprise headquartered in the United States, serving energy industry professionals and partners worldwide. Technically, the website is built on Drupal CMS with modern JavaScript integrations, including analytics and consent management tools, demonstrating a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms in place, though explicit security policies and incident response information are not publicly detailed. Overall, the website presents a professional, trustworthy, and well-structured digital presence aligned with enterprise standards.

I

ISOPLUS Group

isoplus.de

61

ISOPLUS Group is a large European manufacturer specializing in pre-insulated pipe systems for district heating, cooling, industry, solar thermal, bioenergy, agriculture, and CCS sectors. The company operates in over 30 countries with a workforce of approximately 1,600 professionals and is part of the Viessmann Generations Group. Their website is professionally designed, multilingual, and provides comprehensive information about their products, services, and corporate profile. Technically, the site is built on TYPO3 CMS, uses modern web technologies, and integrates Google Analytics and Tag Manager for user tracking. Security-wise, the site enforces HTTPS and implements a cookie consent mechanism, but lacks explicit security policies and incident response contacts. WHOIS data is privacy protected, which is justified for a business of this scale. Overall, the website demonstrates a mature digital presence with good privacy compliance and a strong business credibility profile.

B

badenovaWÄRMEPLUS GmbH & Co. KG

badenovawaermeplus.de

68

badenovaWÄRMEPLUS GmbH & Co. KG is a regional energy provider specializing in sustainable heat supply and renewable energy solutions in Germany. The company focuses on delivering Fernwärme (district heating), biogas, geothermal energy, solar, and wind energy services, targeting private customers, businesses, and industrial clients. Their market position is that of a key regional player driving the energy transition with innovative and efficient solutions. The website reflects a professional and consistent brand image with clear navigation and relevant content for their audience. Technically, the site uses modern JavaScript libraries and Google Tag Manager for analytics, with good mobile optimization and accessibility features. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, although a dedicated security policy and incident response information are missing. Privacy compliance is well addressed with cookie consent and a comprehensive privacy policy. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

B

Bayerischer Bauindustrieverband

bauindustrie-bayern.de

55

The Bayerischer Bauindustrieverband website serves as the official online presence of the Bavarian construction industry association. It provides comprehensive information about the association's activities, including member services, educational programs, events, and industry news. The site targets industry professionals, member companies, and prospective trainees, positioning itself as a key regional player in the construction sector. Technically, the site is built on TYPO3 CMS, leveraging modern web technologies and integrating external services for analytics and content delivery. Security posture is adequate with HTTPS and Content-Security-Policy headers, though additional security headers and privacy compliance mechanisms are recommended. Overall, the website is professional, well-structured, and trustworthy, with moderate technical performance and good user experience.

E

Energie-Wende-Garching GmbH

ewg-garching.de

61

Energie-Wende-Garching GmbH is a local energy provider based in Garching, Germany, specializing in sustainable district heating using geothermal energy. The company positions itself as a green energy supplier focused on reducing CO2 emissions and providing environmentally friendly heating solutions to residents and businesses in the Garching area. Their website reflects a professional and well-structured digital presence with clear navigation, comprehensive customer support portals, and detailed business information. Technically, the site employs modern web standards including Bootstrap for responsive design, JSON-LD structured data for SEO, and optimized media formats such as WebP images. Security posture is strong with HTTPS enforced and no visible vulnerabilities or exposed sensitive data, although formal security policies and vulnerability disclosures are absent. Overall, the website demonstrates a mature digital infrastructure aligned with the company's sustainable energy mission, fostering trust and credibility among its audience.

T

Tønder Kommune

toender.dk

69

Tønder Kommune operates as the official municipal government website for the Tønder region in Denmark, providing residents and stakeholders with access to municipal services, public information, and citizen support. The website is positioned as a local government authority, serving a medium-sized audience within the government sector. The digital presence is built on modern web technologies including Nuxt.js, with a focus on accessibility, mobile optimization, and SEO best practices. The site implements a comprehensive cookie consent mechanism aligned with GDPR requirements, reflecting a mature approach to privacy compliance. However, the absence of WHOIS data limits the ability to fully verify domain registration legitimacy. Security posture is moderate, with HTTPS implied but lacking explicit security headers and published security policies. Overall, the website presents a professional and trustworthy interface suitable for its governmental role.

Region Syddanmark is a Danish regional government authority responsible for healthcare, regional development, and environmental management within the Southern Denmark region. The website serves as an official information portal for citizens and partners, providing comprehensive details about its services and operations. The organization holds a strong market position as a public entity with a long-established presence since 2004. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and integrates third-party services such as Cookiebot for cookie consent management, Cludo for search functionality, and Monsido for website monitoring. The site is well-optimized for mobile devices and accessibility, with good SEO practices and performance. From a security perspective, the site uses HTTPS with good SSL configuration and implements cookie consent mechanisms aligned with GDPR requirements. However, there is room for improvement in security headers and publishing explicit security policies or incident response contacts. No critical vulnerabilities or suspicious activities were detected. Overall, the website demonstrates a solid risk posture with high legitimacy and trustworthiness. Strategic recommendations include enabling DNSSEC, enhancing security headers, and publishing security and incident response policies to further strengthen compliance and user trust.

D

Deutsche Bürgschaftsbanken

ermoeglicher.de

45

The website www.ermoeglicher.de is a service offering by Deutsche Bürgschaftsbanken, a financial institution in Germany specializing in financial guarantees. However, the current accessible content is minimal and primarily a 404 error page, indicating that the requested page or content is not found. The site uses modern tracking and cookie consent technologies such as Usercentrics CMP and etracker analytics, but lacks fundamental elements like metadata, privacy policy, terms of service, and contact information. The technical infrastructure includes JavaScript libraries and cookie consent management but lacks visible security headers and SSL/TLS confirmation. Overall, the security posture is moderate but incomplete due to missing security best practices and transparency. The domain WHOIS data is consistent and supports legitimacy, but the website content and user experience are poor, limiting trust and usability.

Dineout.hr is an online platform focused on restaurant discovery and reservation services in Croatia. It offers users the ability to find excellent restaurants, book tables, and purchase tickets for culinary events and tasting menus. The platform targets a general audience interested in dining experiences and culinary events, positioning itself as a regional player in the hospitality sector. The website is built using modern web technologies such as React and Next.js and is hosted on DigitalOcean, indicating a contemporary and scalable technical infrastructure. The site includes standard marketing and analytics tools like Facebook Pixel and Google Tag Manager, supporting data-driven business decisions. Security-wise, the site enforces HTTPS and includes a cookie consent mechanism, but lacks visible security headers and explicit privacy or terms of service pages, which are recommended for compliance and trust. Overall, the website is professional and functional with moderate security posture and privacy compliance, suitable for a small-sized hospitality business.

E

European Society of Cardiology

escardio.org

60

The European Society of Cardiology (ESC) is a leading independent, nonprofit organization dedicated to reducing the burden of cardiovascular disease through education, research, and advocacy. The website serves as a comprehensive platform for cardiology professionals, offering access to guidelines, congresses, eLearning, and community engagement. The ESC maintains a strong market position as a trusted authority in cardiovascular health across Europe and globally. Technically, the website is built on a robust infrastructure using modern web technologies including Bootstrap for responsive design, and integrates multiple analytics and marketing tools such as Google Analytics, Microsoft Clarity, and Adobe DTM. The site is hosted with performance and security in mind, leveraging Akamai CDN and enforcing HTTPS with strong security headers. From a security perspective, the ESC website demonstrates good practices including HTTPS enforcement, cookie consent management via OneTrust, and no visible vulnerabilities or exposed sensitive data. However, there is an opportunity to enhance transparency by publishing a dedicated security policy and vulnerability disclosure information. Overall, the ESC website is a professional, secure, and user-friendly platform that effectively supports its mission. Strategic recommendations include improving security transparency, maintaining up-to-date third-party scripts, and enhancing accessibility features to further strengthen trust and compliance.

Z

ZOLL Medical Corporation

zolldeviceregistration.com

10

ZOLL Medical Corporation operates the ZOLL Device Registration website, providing a platform for users to register medical devices such as AEDs to ensure regulatory compliance, warranty extension, and communication of product notifications. The website targets medical device users, distributors, and end-users, supporting compliance with FDA and EU regulations. The business model focuses on B2B and B2C services related to device registration and compliance management. The company is well-established with a domain age consistent with its market presence. Technically, the website uses a custom or unknown CMS with a JavaScript-heavy front end, integrating multiple third-party analytics and marketing tools including Google Analytics, Hotjar, LinkedIn Insight, and TikTok Analytics. The site is hosted with Cloudflare DNS and uses HTTPS with good SSL configuration. Mobile optimization and accessibility are basic to good, with room for improvement in security headers and performance tuning. From a security perspective, the site employs HTTPS and cookie consent mechanisms with anonymized IP tracking in analytics. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure information. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent and transparent, supporting the legitimacy of the domain and business. Overall, the website presents a professional and trustworthy platform with good privacy compliance and business credibility. Strategic improvements in security headers, incident response transparency, and DNSSEC implementation would enhance the security posture and trustworthiness further.

V

VU - Vereinigung der Unternehmensverbände Mecklenburg-Vorpommern e.V.

vumv.de

10

VU - Vereinigung der Unternehmensverbände Mecklenburg-Vorpommern e.V. is the largest business association in Mecklenburg-Vorpommern, Germany, serving as a central organization representing economic and social policy interests of employers and businesses in the region. The website presents a professional and consistent brand image, targeting regional businesses and stakeholders. The business model focuses on advocacy, networking, and representation within political and administrative spheres. Technically, the website is built on the Contao Open Source CMS with Bootstrap 3.3.7 for responsive design, hosted by iwelt AG. It employs modern web technologies including Google Tag Manager and Cookiebot for analytics and GDPR-compliant cookie consent management. Security posture is adequate with HTTPS enforced and cookie consent mechanisms denying ad personalization and analytics by default, but lacks explicit security headers and published security policies. Privacy compliance is partial due to the absence of a visible privacy policy and terms of service. Overall, the website is accessible, well-structured, and trustworthy, but could improve transparency and security practices.

E

Ehrenamtsstiftung MV

ehrenamtsstiftung-mv.de

59

Ehrenamtsstiftung MV is a regional non-profit foundation dedicated to supporting volunteer engagement in Mecklenburg-Vorpommern, Germany. The organization focuses on recognizing, advising, funding, qualifying, and networking volunteers and related entities. Their website reflects a professional and consistent brand image with clear navigation and relevant content tailored to their target audience of volunteers, NGOs, and civic organizations. Technically, the site employs modern JavaScript libraries, Cookiebot for consent management, and Google Analytics for visitor insights, indicating a mature digital infrastructure. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Privacy compliance is strong, with a comprehensive privacy policy and cookie consent dialog. Overall, the site is trustworthy and well-positioned within its niche, with no critical vulnerabilities or blocking mechanisms detected.

D

DeepL

deepl.com

74

DeepL is a leading technology company specializing in AI-powered language translation services. Their flagship product, DeepL Translator, offers highly accurate translations for individuals, teams, and enterprises, supported by additional tools such as DeepL Write and DeepL Voice. The company targets a broad audience including businesses requiring localization, legal, marketing, and customer service solutions. The website demonstrates a mature digital presence with modern technologies like React and Gatsby, optimized for performance and mobile use. Security posture is strong with HTTPS enforcement and standard security headers, though explicit incident response and vulnerability disclosure information are not publicly available. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, DeepL presents a professional, trustworthy, and technically sound online presence.

B

Bundesverband Kraft-Wärme-Kopplung e.V. (B.KWK)

bkwk.de

53

The Bundesverband Kraft-Wärme-Kopplung e.V. (B.KWK) is a German non-profit association dedicated to promoting the expansion of combined heat and power technology in Germany, Europe, and globally. Their mission focuses on resource conservation through simultaneous conversion of primary energy into electricity, heat, and cooling, alongside climate protection by utilizing CO2-neutral fuels. The website is primarily targeted at stakeholders in the energy sector, including policymakers, industry participants, and environmental advocates. Technically, the website is built on WordPress using the Divi theme and Yoast SEO plugin, indicating a moderate level of digital maturity with good SEO practices and mobile optimization. Security-wise, the site uses HTTPS but lacks visible security headers and explicit privacy or cookie policies, which are areas for improvement. Overall, the site is accessible without WAF or blocking mechanisms, presenting a safe and professional online presence with moderate trustworthiness.

A

AGFW e.V.

agfw-shop.de

9

AGFW e.V. operates a specialized e-commerce webshop focused on providing technical literature, brochures, guidelines, and industry statistics primarily for the energy sector, with a strong emphasis on district heating technologies. The platform targets professionals and members within this niche industry, offering differentiated pricing for members and non-members. The website is built on the Magento platform, utilizing common JavaScript libraries such as jQuery, Prototype.js, and Bootstrap, indicating a moderately modern technical infrastructure. Hosting is managed via Giordano Online, as inferred from the nameservers. Security posture is adequate with HTTPS enforced and form validation scripts present; however, the absence of security headers and cookie consent mechanisms suggests room for improvement in compliance and security best practices. Overall, the site presents a professional and trustworthy front with clear business focus but could enhance privacy compliance and security transparency.

A

Agentur2020

2020.de

59

Agentur2020 is a small German agency specializing in sustainability and sustainability communication services. The website presents a professional and well-structured digital presence built on WordPress with the Divi theme and enhanced by Yoast SEO for search optimization. The technical infrastructure includes Cloudflare for DNS and CDN services, and integration with HubSpot and Google Tag Manager for marketing and analytics purposes. Security posture is adequate with HTTPS enabled and Cloudflare usage, but lacks advanced security headers and formal security policies. Privacy compliance is weak due to the absence of privacy and cookie policies and consent mechanisms. Overall, the website is functional and professional but requires improvements in privacy compliance and security best practices to enhance trust and regulatory adherence.

M

MANDARIN CARE

mandarin-care.de

58

MANDARIN CARE is a specialized digital transformation partner focused on the healthcare and social economy sectors in Germany. The company offers services including employer branding, digital recruiting, digital communication, marketing, and IT services tailored to organizations such as social welfare associations, healthcare providers, municipalities, and public administration. Their market position is that of a niche provider with a professional and consistent brand presence supported by a well-structured and mobile-optimized website. Technically, the website is built on Drupal 10, leveraging modern web technologies and integrating comprehensive cookie consent management aligned with GDPR requirements. The site demonstrates good SEO, accessibility, and performance characteristics, with active use of analytics and marketing tools such as Google Analytics and Facebook Pixel, managed through a granular consent mechanism. From a security perspective, the site enforces HTTPS and integrates consent-based tracking controls but lacks explicit security policy documentation and incident response contacts. No critical vulnerabilities or suspicious patterns were detected, though security headers could be improved. WHOIS data is minimal but consistent with the business identity, supporting legitimacy. Overall, the website and business demonstrate a mature digital presence with strong privacy compliance and professional credibility. Strategic improvements could focus on enhancing security transparency and incident response readiness to further strengthen trust and compliance.

M

MANDARIN

mandarin.digital

58

MANDARIN is a German one-stop agency specializing in marketing, digital transformation, employer branding, and IT services. The company positions itself as a holistic partner for change and transformation, targeting businesses seeking to improve their digital presence and internal processes. The website reflects a mature digital infrastructure using modern technologies such as Next.js and React, with excellent mobile optimization and SEO practices. Security posture is strong with HTTPS, security headers, and a comprehensive cookie consent mechanism. Privacy compliance is well addressed with a detailed privacy policy and GDPR-aligned cookie consent. The WHOIS data is privacy protected, which is common for agencies, and does not raise immediate concerns. Overall, MANDARIN presents as a professional and trustworthy digital agency with a solid market position and a broad service portfolio.

The website etherscan.io is currently inaccessible due to a Cloudflare Turnstile security challenge page, which blocks direct content access. Etherscan.io is a well-known blockchain explorer service primarily serving the Ethereum ecosystem, providing users with transaction tracking, smart contract verification, and blockchain analytics. The domain is mature, created in 2015, and uses privacy protection for WHOIS data, which is common in the blockchain industry to protect registrant privacy. The technical infrastructure includes Cloudflare's security services, indicating a strong perimeter defense. However, due to the blocking, no direct content, policies, or contact information could be extracted or analyzed. The security posture at the network edge is strong, but internal security and compliance details are not visible. Overall, the site appears legitimate and professionally managed but requires bypassing the WAF challenge for full analysis.

S

Explore

snapshot.org

61

Snapshot.org is a leading decentralized governance platform widely used by DAOs to facilitate voting and proposal management. The platform targets blockchain communities and DAO members, providing an open-source, user-friendly interface for decentralized decision-making. The website demonstrates a professional and consistent design with good content relevance and navigation clarity. Technically, it leverages modern JavaScript frameworks (Vue.js) and is hosted on Cloudflare, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforced and domain transfer protection, though improvements such as DNSSEC and security headers are recommended. Privacy compliance is currently lacking, with no visible privacy or cookie policies. Overall, the domain is legitimate with a long registration history and consistent WHOIS data, supporting trustworthiness.

The website at unoino.de currently serves a security challenge page that blocks direct access to its content, indicating the presence of a Web Application Firewall or similar security mechanism, powered by BitNinja.IO. The visible metadata and HTML content reveal the use of outdated content management systems, specifically Joomla 1.5 and WordPress 2.5, which are no longer supported and pose significant security risks. No business-specific content, contact information, or privacy-related policies are accessible, limiting the ability to assess the company's operations or compliance posture. The domain uses green-internet.net nameservers, suggesting eco-friendly hosting, but lacks detailed WHOIS registrant information, which reduces trust signals. Overall, the site appears to be either under maintenance, a placeholder, or protected by strict security controls preventing full content access.

T

thermondo

thermondo.de

63

thermondo.de is a German website offering heating installation and replacement services, positioning itself as a convenient local heating contractor with fixed pricing and comprehensive consulting including subsidy support. The website targets homeowners and property owners in Germany seeking heating system upgrades. Technically, the site employs modern marketing and analytics tools such as Visual Website Optimizer, Google Tag Manager, Usercentrics CMP for consent management, and Facebook and Microsoft advertising pixels, indicating a mature digital marketing infrastructure. The website is accessible, uses HTTPS, and implements cookie consent mechanisms, but lacks publicly visible privacy policies, terms of service, and explicit security or incident response policies. No contact information is found in the provided HTML content, which may impact user trust and compliance. Overall, the security posture is moderate with room for improvement in transparency and policy publication.

T

TheDive GmbH

thedive.com

56

TheDive GmbH is a German-based consultancy specializing in organizational development and sustainable business models. Their website targets organizations interested in adapting to modern work environments with services including change management, leadership development, and agile methodologies. The company positions itself as a niche player focused on sustainability and adaptability in business. Technically, the website employs modern JavaScript, CSS, and third-party services such as Google Tag Manager and Cookiebot for analytics and cookie consent management. The site is mobile-optimized with good SEO practices but lacks visible security headers and explicit contact information, which could be improved. Security posture is moderate with no detected vulnerabilities but missing some best practices like security headers and incident response contacts. The WHOIS data is missing, raising some concerns about domain legitimacy, though the professional site content and compliance with privacy regulations mitigate this risk. Overall, the site is functional and professional but would benefit from enhanced transparency and security hardening.

R

Rinn Beton- und Naturstein GmbH

rinn.net

63

Rinn Beton- und Naturstein GmbH is a German company specializing in concrete and natural stone products for garden and property landscaping, with a history spanning over 100 years. The website presents a professional and well-structured digital presence using TYPO3 CMS, featuring comprehensive product information and a clear focus on quality and sustainability. The company targets garden owners, landscapers, and construction professionals, positioning itself as a trusted provider in the landscaping materials sector. Technically, the website employs modern web technologies including Cookiebot for consent management and Google Tag Manager for analytics, ensuring compliance with GDPR and related privacy regulations. However, the absence of WHOIS registration data raises concerns about domain legitimacy, despite the professional appearance and content quality of the site. Security measures such as HTTPS are implied but security headers and incident response policies are not explicitly found, indicating room for improvement in security posture. Overall, the website is functional, compliant, and trustworthy from a user perspective but requires verification of domain registration and enhancement of security policies to strengthen its risk profile.

E

easyfeedback

easy-feedback.com

57

easy-feedback.com is a professional online survey platform offering tools for creating questionnaires, forms, and quizzes with an emphasis on GDPR compliance and AI-powered analysis. The website targets businesses and individuals seeking flexible and privacy-conscious survey solutions. The platform is built on WordPress using Elementor and Yoast SEO, hosted by Hetzner Online GmbH, and integrates modern consent management via Cookiebot and analytics through Google Tag Manager. Security posture is solid with HTTPS and cookie consent, though explicit privacy and terms of service pages are missing, representing compliance gaps. The domain is mature and legitimate, supporting the business's credibility.

E

easyfeedback

indivsurvey.de

48

The website indivsurvey.de is a login portal for the easyfeedback survey tool, a SaaS platform focused on survey creation and feedback collection. The business operates primarily in the technology sector, targeting businesses and individuals requiring survey solutions. The site is professionally designed with consistent branding and good user experience, supporting mobile optimization and basic accessibility. The technical infrastructure leverages modern JavaScript libraries, Google Tag Manager for analytics, and Cookiebot for cookie consent management, indicating a moderate level of digital maturity. Security posture is solid with HTTPS enforced and secure form handling, though the absence of explicit security policies and incident response information suggests room for improvement. Overall, the site is trustworthy and functional, with no signs of blocking or WAF interference.

J

JessenLenz GmbH

jessenlenz.com

43

JessenLenz GmbH is a medium-sized German technology company specializing in IT infrastructure management, data center services, and enterprise software development. They also operate as an Apple Premium Reseller through a partner site, targeting businesses and educational institutions. The website reflects a professional business presence with clear service offerings and partner affiliations. Technically, the site is built on WordPress with the Astra theme, employing modern web standards and responsive design, though some SEO and accessibility features are basic. Security posture is adequate with HTTPS enforced but lacks advanced security headers and incident response disclosures. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and business-focused but could improve transparency and security practices.

W

whistly. The secure whistleblower software.

whistly.org

67

Whistly.org is a small, specialized SaaS provider offering a digital whistleblower system designed to help companies comply with the EU Whistleblower Directive and supply chain regulations. The website positions itself as a secure and compliant whistleblower software solution targeting businesses needing to meet EU regulatory requirements. The business appears to be recently founded in 2023, consistent with the domain registration date. The platform is built on Bubble.io, leveraging modern JavaScript frameworks and integrates multiple marketing and analytics tools such as HubSpot, Google Analytics, LinkedIn Insight Tag, and Apollo.io. Cookie consent is implemented via Cookiebot, indicating some level of privacy compliance. However, no privacy policy or terms of service pages were detected in the provided content, which is a compliance gap.

W

WTSH Wirtschaftsförderung und Technologietransfer Schleswig-Holstein GmbH

partner-sh.de

58

The website partner-sh.de represents the Partnerprogramm of WTSH Wirtschaftsförderung und Technologietransfer Schleswig-Holstein GmbH, a regional economic development organization focused on promoting Schleswig-Holstein as a prime location for business, work, and living. The platform serves as a network hub for over 600 partner companies and institutions, facilitating collaboration, marketing, and talent acquisition. The site offers job and training portals, partner showcases, and event information, targeting businesses and prospective employees in the region. Technically, the website is built on the gradwerk CMS 6 platform, utilizing modern JavaScript libraries such as jQuery, Slick Carousel, and Tiny Slider for interactive UI components. The site is mobile-optimized, accessible, and SEO-friendly, with a comprehensive cookie consent mechanism and privacy policy compliant with GDPR. Hosting details are consistent with professional standards, and no blocking or WAF interference was detected. From a security perspective, HTTPS is enforced, and cookie consent is properly managed. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not visibly implemented, and no public security policy or incident response information is provided. No vulnerabilities or exposed sensitive data were found in the HTML content. Overall, the website demonstrates a strong business credibility and digital maturity with excellent content quality and user experience. Strategic recommendations include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to further improve trust and compliance.