Security Directory

E

Evelyn Partners

tilney.co.uk

40

Evelyn Partners is a well-established UK-based wealth management firm offering a comprehensive range of financial planning and investment management services. The company positions itself as a leader in the UK market with significant assets under management and a broad client base including individuals, families, entrepreneurs, and professional partners. Their website reflects a mature, professional business with strong branding, clear service offerings, and multiple client engagement channels including forms and contact options. Technically, the website leverages modern JavaScript frameworks and is hosted on Microsoft Azure, with good SEO and accessibility practices. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses a critical risk to user trust and data security. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and credible but requires urgent remediation of SSL issues to ensure secure client interactions.

CEVA Logistics is a leading global supply chain management and freight company offering a broad range of logistics services including air, ocean, ground, contract logistics, and customs brokerage. The company operates worldwide with a large workforce and is part of the CMA CGM Group. The website demonstrates a mature digital presence with comprehensive content, multiple language support, and active news and career sections. Technically, the site uses modern frameworks like Nuxt.js and Vue.js and is hosted behind Cloudflare, but critically lacks a valid SSL certificate and proper HTTPS configuration, which severely impacts its security posture. Security headers are well implemented, but the absence of TLS protocols and session resumption reduces security effectiveness. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy from a business perspective but requires urgent security improvements to protect user data and maintain trust.

C

Clavis Uitgeverij

clavisbooks.com

34

Clavis Uitgeverij is a well-established Belgian children's book publisher with a strong focus on enriching children's lives through literature and educational programs. The website reflects a professional and consistent brand presence, targeting children, parents, and educators. Technically, the site uses modern frontend technologies such as Vue.js and Vue Storefront, integrated with Prismic CMS and Adyen payment gateway, indicating a mature digital infrastructure. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which poses a significant risk to user data and trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is credible but requires urgent security improvements to protect users and maintain trust.

R

Raiffeisen Bank International

stepicceecharity.org

53

Stepic CEE Charity is a non-profit initiative founded in 2006 by Herbert Stepic, affiliated with Raiffeisen Bank International AG, focused on supporting socially disadvantaged groups in Central and Eastern Europe through education and social projects. The website presents a professional and well-structured digital presence with clear donation calls and comprehensive privacy compliance via OneTrust CMP. However, the absence of a valid SSL/TLS certificate significantly undermines the security posture, exposing users to risks. The charity demonstrates good trust indicators and business credibility but lacks published terms of service and phone contact details. Overall, the digital infrastructure uses modern technologies such as Vue.js and Adobe Experience Manager, hosted on Fastly, with moderate user tracking and advertising transparency.

C

Certible GmbH

certible.com

38

Certible GmbH is an independent international certification body based in Austria, specializing in delivering certification exams worldwide through online proctoring, tablet-based exams, and test centers. The company holds recognized certifications such as ISO 9001, ISO/IEC 17024, and ISO 14001, and complies with GDPR, positioning itself as a trusted provider in the education and technology sectors. Their services cater to candidates, trainers, program owners, and employers, offering flexible exam scheduling and group certification options. The website reflects a professional and consistent brand with comprehensive content and clear navigation.

F

Festspielhaus St. Pölten

festspielhaus.at

36

Festspielhaus St. Pölten is a prominent cultural venue in Austria specializing in dance, music, and architectural events. The website serves as a comprehensive platform for event information, ticket sales, subscriptions, and educational programs, targeting a diverse audience including families, schools, and cultural enthusiasts. The business is well-positioned regionally with a strong brand presence and partnerships with local institutions. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. The security posture is basic with no advanced headers or HTTPS, though privacy compliance is well addressed with detailed cookie and privacy policies. Overall, the site is professional and content-rich but requires urgent security improvements to enhance trust and compliance.

G

Geiger.com

geiger.com

40

Geiger.com is a large, family-owned US-based distributor specializing in promotional products, corporate gifts, and imprinted apparel. The company positions itself as the largest family-owned promotional product distributor in the US, serving a broad business audience with a comprehensive product catalog and services including custom products, kitting, corporate programs, and expos. The website reflects a mature digital presence with extensive product categories, client brand logos, and active social media engagement. Technically, the website uses modern JavaScript frameworks such as Vue.js and Bootstrap 5, hosted likely on AWS infrastructure. Marketing and analytics tools include Google Tag Manager, Google Analytics, Osano CMP for consent management, Filestack for file handling, and Searchspring for search functionality. The site is mobile-optimized and accessible with good SEO practices, though performance metrics indicate slow loading. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. While some security headers are present, key TLS protocols and best practices like HSTS, OCSP stapling, and session resumption are not enabled. No incident response or vulnerability disclosure policies are found. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professionally designed and credible from a business standpoint but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL/TLS deployment, enabling modern security headers and protocols, implementing cookie consent, and publishing incident response information.

dormakaba Holding is a globally recognized leader in smart and secure access solutions, providing a comprehensive range of products and services for secure access to buildings and rooms. The company operates internationally with a strong presence in multiple countries and serves diverse markets including security, technology, and manufacturing sectors. The website reflects a mature, well-established business with a clear focus on innovation, sustainability, and customer engagement. Technically, the site leverages modern frameworks such as Vue.js and Contentful CMS, ensuring a responsive and user-friendly experience across devices. Security measures are robust with multiple security headers and a comprehensive content security policy, although the SSL certificate is currently invalid, which is a critical issue that needs immediate attention. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, dormakaba demonstrates a strong security posture and business credibility, supported by transparent investor relations and active communication channels.

ZEGNA.com is the official online store for the luxury menswear brand ZEGNA, targeting discerning male customers seeking high-end designer clothing and accessories. The website offers a comprehensive product catalog with a strong focus on user experience, supported by modern web technologies such as Vue.js and Akamai CDN for performance and scalability. The site integrates multiple marketing and analytics tools to optimize customer engagement and business intelligence. However, a critical security gap exists due to the absence of a valid SSL certificate, which undermines the security posture and trustworthiness of the platform. Legal and privacy policies are well documented and accessible, indicating good compliance with GDPR and related regulations. Overall, the site presents a professional and trustworthy e-commerce experience but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

E

Excellence AG

excellence.ag

39

Excellence AG is an international technology partner specializing in engineering and IT services with a strong focus on green technology and sustainability. The company operates multiple offices across Germany and the Netherlands, offering green tech job opportunities and supporting sustainable projects in energy and transportation sectors. Their website is professionally designed, content-rich, and targets professionals interested in green technology careers and partnerships. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, integrated with Google Tag Manager and social login plugins for LinkedIn and Xing. The hosting appears to be on AWS infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Performance metrics are not available, but the site shows good mobile optimization and SEO practices. From a security perspective, the absence of HTTPS and modern TLS protocols significantly lowers the security posture. No advanced security headers or incident response policies are evident. Privacy compliance is partially met with a comprehensive privacy policy and GDPR consent statements on forms, but no cookie consent mechanism is detected. Business credibility is supported by ISO 9001 certification, multiple office locations, and professional content. Overall, the website presents a trustworthy and professional business front but requires urgent security improvements, especially enabling HTTPS and enhancing security headers, to protect user data and improve trustworthiness. Strategic recommendations include SSL implementation, security header enhancements, and adding explicit cookie consent mechanisms to align with privacy regulations.

N

Novo Nordisk A/S

novonordisk.com

40

Novo Nordisk A/S is a leading global healthcare company specializing in the research, development, and marketing of medicines for diabetes and other serious chronic diseases. Founded in 1923 and headquartered in Denmark, the company maintains a strong market position with a comprehensive online presence targeting patients, healthcare professionals, investors, and job seekers. The website reflects a mature business model with extensive investor relations, career opportunities, and patient support information. Technically, the site leverages modern JavaScript frameworks such as Vue.js and is built on Adobe Experience Manager, hosted likely on Microsoft Azure. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture.

B

Belimed INC.

belimed.com

40

Belimed INC. is a large healthcare-focused company specializing in medical and surgical instrument sterilization, disinfection, and cleaning products and services. The company positions itself as a trusted partner in advancing medical care and protecting patient and staff safety, with a global presence and over 1,000 employees across nine countries. Their business model is primarily B2B, serving sterile processing departments and healthcare providers with a comprehensive portfolio including washer-disinfectors, sterilizers, digitalization solutions, and training services. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, with Tailwind CSS for styling. It integrates multiple analytics and marketing tools including Google Analytics, Facebook Connect, LinkedIn Pixel, and Calendly. The site is well-optimized for mobile and accessibility, with clear navigation and professional design. However, the SSL certificate is invalid or missing, which significantly impacts the security posture. From a security perspective, the site implements several important HTTP security headers and a restrictive Content-Security-Policy, but the lack of a valid SSL certificate and incomplete HSTS implementation are critical weaknesses. No explicit security or incident response policies are found, and there is no vulnerability disclosure or security.txt file. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the website is professional and trustworthy from a business and content perspective but requires urgent remediation of SSL issues to improve security and user trust. Strategic improvements in security policy transparency and incident response readiness are also recommended.

S

Siemens

siemens.co.in

40

Siemens India operates as a key regional branch of the global Siemens AG conglomerate, focusing on electrification, automation, and digitalization solutions tailored for industrial and infrastructure sectors. The website reflects a mature digital presence with extensive content, professional design, and clear corporate messaging aimed at industrial clients, investors, and job seekers. Technically, the site leverages modern frameworks such as Vue.js and Apollo GraphQL, hosted on AWS CloudFront, and integrates multiple analytics and marketing tools, indicating a high level of digital maturity. However, a critical security gap exists due to the invalid or missing SSL certificate, which undermines HTTPS security and exposes the site to potential risks. Security headers and policies are well implemented, but the lack of proper SSL/TLS configuration significantly impacts the security posture. Overall, the site is trustworthy and professionally maintained but requires urgent remediation of SSL issues to ensure secure communications and compliance.

L

Lidl Österreich

lidl.at

40

Lidl Österreich operates a comprehensive retail website offering a wide range of products including food, household items, garden supplies, fashion, and more. The site features extensive promotional content, including weekly offers and loyalty programs such as Lidl Plus. The company holds a strong market position in Austria as a leading discount supermarket chain, supported by a consistent and professional brand presence. Technically, the website employs modern technologies like Vue.js and is hosted on a robust infrastructure with Akamai DNS services. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Despite this, the site implements several security headers and content security policies, indicating a focus on security best practices. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, the site is professional and trustworthy but must urgently address the SSL deficiency to ensure secure user interactions.

OBI is a leading German home improvement and garden retailer with a strong online and physical presence. The website offers a comprehensive range of products and services including project planning, rental services, and loyalty programs. Technically, the site uses modern frameworks like Vue.js and Nuxt.js, hosted on AWS CloudFront, with extensive use of third-party analytics and marketing tools. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user data protection. The site is well-structured, mobile-optimized, and provides clear contact and business information, supporting a high level of trustworthiness. Strategic improvements in security and privacy compliance are recommended to enhance overall risk posture.

R

realme

realme.com

39

realme is a large technology company focused on the European market, offering smartphones, IoT devices, and accessories through a direct-to-consumer e-commerce model. The website is professionally designed with consistent branding and supports multiple regional versions and languages. The technical infrastructure leverages modern JavaScript frameworks such as Vue.js, and integrates payment solutions from Adyen and PayPal, indicating a mature digital presence. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical issue for user trust and data protection. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Contact information is primarily via email, with no phone numbers or physical addresses found on the site.

Kontron is a global leader in IoT and embedded computing technology, offering a broad range of smart IoT solutions and electronics manufacturing services. The company targets industrial and technology sectors with a focus on innovation, sustainability, and advanced technology integration. The website is professionally designed using modern frameworks such as Nuxt.js and hosted on Hetzner infrastructure. However, the security posture is weak due to the absence of a valid SSL/TLS certificate and lack of HTTPS enforcement, which poses a significant risk to user data and trust. Privacy compliance is partially addressed through the use of Cookiebot for cookie consent, but no explicit privacy policy or terms of service are found. Overall, the website reflects a credible business but requires urgent security improvements.

E

EOX IT Services GmbH

eox.at

27

EOX IT Services GmbH is a specialized technology company focused on Earth observation data services and software solutions. Their offerings include satellite data visualization, cloudless mapping, and data catalog services targeting researchers and professionals in geospatial and environmental fields. The company maintains a professional web presence with a clear focus on open data and cloud-native solutions. Technically, the website is built on VuePress and modern JavaScript frameworks, providing a good user experience and mobile optimization. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security gap. Security headers are partially implemented, but the absence of TLS protocols and cipher suites severely impacts the security posture. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Contact information is minimal, with no explicit emails or phone numbers on the site, though social media presence is strong. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Shotview is a well-established artist management agency founded in 2002, specializing in representing photographers, stylists, casting professionals, and other creatives in the media and fashion industries. With offices in Berlin, Paris, and Vienna, the company offers strategic guidance, production expertise, and a platform for artists to showcase their work internationally. The website reflects a professional and visually rich portfolio showcasing featured projects and artists. Technically, the site uses modern frameworks such as Vue.js and Nuxt.js, hosted on Heroku and served via Cloudflare CDN. However, the absence of a valid SSL certificate is a critical security flaw, exposing users to risks and undermining trust. Additionally, the lack of privacy, cookie, and security policies indicates compliance gaps that should be addressed to meet GDPR and general best practices. Contact information is clearly provided, including multiple office addresses, emails, and phone numbers, supporting business credibility.

E

Evangelical Free Church of America

efca.org

37

The Evangelical Free Church of America (EFCA) operates as a large non-profit religious association focused on uniting and supporting approximately 1,600 evangelical congregations across the United States. Their website serves as a central hub for ministry resources, church networking, events, and informational content aimed at their faith community and interested individuals. The organization maintains a strong market position within the evangelical sector, supported by trust indicators such as ECFA accreditation and active social media engagement. Technically, the website leverages modern frontend frameworks including Vue.js and Nuxt.js, delivering a visually appealing and accessible user experience. However, the site suffers from slow load times and lacks a content delivery optimization strategy. Hosting is provided by DreamHost, and the site integrates third-party services such as Mailchimp for newsletter subscriptions and Vimeo for video content. From a security perspective, the site exhibits critical vulnerabilities, most notably the absence of a valid SSL/TLS certificate, resulting in no HTTPS support. This severely undermines user trust and data security. Additionally, the lack of security headers, HSTS, and other best practices further exposes the site to potential risks. Privacy compliance is limited, with no cookie consent mechanism detected and only a basic privacy policy present. Overall, while the EFCA website is professionally designed and content-rich, its security posture is weak and requires urgent remediation to protect users and maintain organizational credibility. Strategic improvements in SSL implementation, security headers, and privacy compliance will significantly enhance the site's trustworthiness and resilience.

E

Egon Zehnder International Ltd.

egonzehnder.com

40

Egon Zehnder International Ltd. operates a global organizational consulting and leadership advisory website offering a wide range of executive search and leadership development services. The company is positioned as a global leader with extensive geographic reach and a comprehensive service portfolio targeting large enterprises and organizations seeking leadership solutions. Technically, the website uses modern web technologies including Vue.js and integrates multiple analytics and marketing tools, but suffers from a critical security flaw due to the absence of a valid SSL certificate and HTTPS support. Security headers and content security policies are well implemented, but the lack of HTTPS severely impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professionally designed and trustworthy, but the critical SSL issue poses a significant risk that should be remediated immediately.

L

Lamb Weston

lambweston.eu

40

Lamb Weston is a globally recognized leader in the frozen potato products industry, offering a wide range of products including fries, specialties, and appetizers. The company targets foodservice professionals and retail customers primarily in the EMEA region, providing innovative and high-quality potato solutions. Their website reflects a strong market position with comprehensive content, multiple language support, and a focus on sustainability. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, hosted on AWS infrastructure, and demonstrates good mobile optimization and SEO practices. However, the absence of a valid SSL certificate significantly impacts the security posture, exposing the site to potential risks. Privacy and legal policies are well documented, but the lack of a cookie consent mechanism is a compliance gap. Overall, the website is professional and trustworthy but requires urgent security improvements to ensure safe user interactions.

M

Metso

metso.com

40

Metso is a global enterprise specializing in sustainable technologies and end-to-end solutions for aggregates production, mining, and metals refining industries. The company positions itself as a partner for positive change, focusing on improving energy and water efficiency, productivity, and reducing environmental risks. Their offerings include products, parts, services, and advanced digitalization solutions integrating AI and cloud technologies. The website reflects a mature digital presence with comprehensive business information, investor relations, and sustainability commitments. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which poses significant risks to user data and trust. The site employs modern web technologies such as ASP.NET and Vue.js, and integrates analytics tools including Microsoft Application Insights and Hotjar, indicating a moderate level of digital maturity. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Overall, the website is professional and trustworthy but requires urgent security improvements to enable HTTPS and strengthen its security posture.

P

PwC Legal Rechtsanwälte GmbH

pwclegal.at

40

PwC Legal Österreich operates as a leading legal advisory firm in Austria, leveraging the global PwC network to provide comprehensive legal services across multiple sectors including corporate governance, compliance, data protection, and emerging technologies such as AI and blockchain. The website is professionally designed, targeting business clients in Austria with content primarily in German. Technically, the site uses modern JavaScript frameworks and Adobe Experience Manager CMS, but suffers from critical SSL/TLS misconfigurations that undermine its security posture. Despite strong branding and privacy compliance mechanisms like OneTrust cookie consent, the lack of HTTPS and valid certificates is a major security concern. Overall, the site is credible and trustworthy but requires urgent security improvements.

A

Austrian Power Grid

apg.at

40

Austrian Power Grid (APG) operates the national electricity transmission grid in Austria, ensuring secure and reliable power supply across the country. The company is positioned as a key infrastructure provider in the energy sector, focusing on grid operation, expansion, and innovation to support Austria's energy transition. The website reflects a mature digital presence with comprehensive content, clear navigation, and multilingual support, targeting market participants, stakeholders, and the general public. Technically, the site is built on TYPO3 CMS with Vue.js components and integrates Matomo for analytics, indicating a modern and privacy-conscious technology stack. However, the SSL/TLS configuration is critically deficient, with no valid certificate and no modern TLS protocols enabled, which severely impacts security posture and user trust. Security headers are well implemented, including CSP, HSTS (though limited), and X-Frame-Options, demonstrating awareness of web security best practices. Privacy compliance is strong, with clear cookie consent mechanisms and a comprehensive privacy policy aligned with GDPR requirements. Business credibility is supported by consistent branding, social media presence, and detailed organizational information. Overall, while the business and content aspects are robust and professional, the lack of proper SSL/TLS implementation is a critical vulnerability that must be addressed urgently to protect users and maintain trust.

REWE International AG operates a comprehensive career website for its retail group in Austria, including brands such as BILLA, PENNY, BIPA, and ADEG. The company is a major employer offering diverse job opportunities across retail stores, logistics, and corporate offices. The website is professionally designed with clear navigation and rich content targeting job seekers interested in retail careers. Technically, the site uses modern frameworks like Nuxt.js and Vue.js, hosted likely on AWS infrastructure, and managed via the Storyblok CMS. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy and credible but urgently needs to address its SSL/TLS configuration to protect users and improve security.

D

Diageo

diageo.com

40

Diageo is a global leader in premium spirits and beer, operating in nearly 180 countries with a portfolio of over 200 brands. The website reflects a mature digital presence with comprehensive content targeting investors, consumers, and job seekers. The technical infrastructure leverages modern JavaScript frameworks and is hosted behind Cloudflare, indicating a robust platform. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. The site employs extensive analytics and marketing tools with consent mechanisms, but lacks explicit privacy and terms of service pages in the provided content. Overall, the business credibility and content quality are high, but security improvements are urgently needed.

E

Eppendorf SE

eppendorf.com

40

Eppendorf SE is a well-established, leading life sciences company specializing in the development and sale of laboratory instruments, consumables, and services globally. Their product portfolio spans liquid handling, bioprocessing, centrifugation, and more, targeting academic, commercial, pharmaceutical, and industrial laboratories. The website reflects a mature, professional digital presence with comprehensive content, clear navigation, and multi-regional support. Technically, the site employs modern JavaScript frameworks and integrates advanced marketing and analytics tools, although performance data is limited. Security posture is currently weak due to invalid or missing SSL/TLS certificates and lack of enabled TLS protocols, which is a critical risk. Privacy compliance is strong, with clear cookie and privacy policies and consent mechanisms in place. Overall, the site is trustworthy and credible but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

R

Raiffeisen Bank International

cashpresso.com

40

Cashpresso is a financial service platform provided by Raiffeisen Bank International AG, offering flexible credit and payment solutions such as installment payments and purchase on account. The website targets private and business customers primarily in Austria, providing a digital-first experience with quick online registration and management via mobile apps. The platform is well integrated with multiple partner shops and maintains a strong brand presence supported by awards and customer ratings. Technically, the site uses modern frameworks and Adobe Experience Manager CMS but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business appears legitimate and trustworthy, but the security posture requires urgent improvement to protect user data and maintain trust.

Z

Zahnarztpraxis Dr. Christian Pastor

zahnarzt-pastor.de

21

Zahnarztpraxis Dr. Christian Pastor is a small, local dental and oral surgery practice based in Beilstein, Germany. The website presents a professional image with a comprehensive range of dental services including prophylaxis, implantology, oral surgery, and aesthetic dentistry. The practice emphasizes patient-centered care and modern technology. Technically, the website is built using modern frameworks such as Nuxt.js and Vue.js, hosted by agenturserver.de, and includes cookie consent mechanisms and Google Tag Manager for analytics. However, the site lacks HTTPS encryption, which is a critical security flaw. Security headers are minimal, and no advanced security policies or incident response information is provided. The WHOIS data is consistent with the business claims, supporting legitimacy. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Sulzer Ltd is a globally recognized leader in fluid engineering, specializing in the manufacturing and servicing of pumps, agitators, mixers, separation, and purification technologies. The company serves essential industries such as energy, manufacturing, and process industries, positioning itself as a key player in enabling sustainable and efficient industrial operations worldwide. Their website reflects a mature enterprise with comprehensive product and service offerings, strong branding, and a clear focus on sustainability and innovation. Technically, the website employs a modern technology stack including Apache server, Vue.js framework, and integrates multiple third-party analytics and marketing tools such as Google Analytics, Pardot, and Hotjar. The site is hosted with Azure DNS and demonstrates good SEO and mobile optimization practices. However, performance metrics are not explicitly available. From a security perspective, while the site implements several important security headers and content security policies, it critically lacks a valid SSL/TLS certificate and does not support HTTPS, which severely undermines its security posture. This exposes users to potential risks and reduces trustworthiness. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms, aligning with GDPR requirements. Overall, the website is professional and credible but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and improve its security score. Strategic recommendations include immediate SSL certificate installation, enabling modern TLS protocols, and enhancing security header configurations to protect users and maintain trust.

G

General Motors

gm.com

40

General Motors (GM) is a globally recognized automotive manufacturer with a rich heritage dating back to 1908. The company operates multiple iconic vehicle brands including Chevrolet, Buick, GMC, and Cadillac, and is focused on innovation in electric vehicles, autonomous driving, and sustainability. GM targets consumers and businesses seeking reliable, innovative vehicles and related services. The website reflects a mature digital presence with comprehensive content, strong branding, and clear navigation, supporting its enterprise scale and market leadership. Technically, the site leverages modern frameworks such as Vue.js and Adobe Experience Manager, hosted via Akamai CDN, but suffers from a critical security gap due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy policies and terms of service are well documented, indicating good compliance practices, though cookie consent mechanisms are not explicitly detected. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

ProSiebenSat.1 PULS 4 GmbH is a leading private media company in Austria, specializing in TV broadcasting and digital advertising solutions. The company operates multiple TV channels and digital platforms, including the popular streaming service JOYN, and offers innovative advertising products such as TV-LOAD and Addressable TV. Their market position is strong, supported by a comprehensive portfolio and a focus on integrated advertising solutions. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, hosted on AWS with content managed via DatoCMS, providing a good user experience and mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies, and contact information is readily available. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

F

FH Oberösterreich

fh-ooe.at

29

FH Oberösterreich (FH OÖ) is a leading university of applied sciences in Austria, offering a wide range of bachelor and master degree programs across multiple campuses. The institution emphasizes praxis-oriented education, personal consultation, and maintains strong international partnerships. The website reflects a mature digital presence with comprehensive content, clear navigation, and multilingual support. Technically, the site uses modern frameworks such as Vue.js and Craft CMS, and integrates various analytics and marketing tools with user consent mechanisms. However, the security posture is weakened by the absence of a valid SSL certificate and lack of security headers, exposing users to potential risks. Privacy compliance is well addressed with detailed policies and cookie consent. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure communications.

P

Palmers Textil AG

palmers.at

33

Palmers Textil AG operates a well-branded e-commerce website focused on retailing lingerie, nightwear, and fashion apparel primarily targeting German-speaking European customers. The site leverages modern web technologies including Vue Storefront 2 and Magento backend, supported by AWS CloudFront CDN and various marketing and analytics tools such as Google Analytics and Facebook Pixel. Despite a professional presentation and comprehensive privacy and cookie policies, the website suffers from a critical security deficiency: the absence of a valid SSL/TLS certificate and HTTPS support, exposing users to potential data interception risks. Security headers are implemented but cannot compensate for the lack of encryption. The domain registration data aligns well with the business claims, indicating legitimacy and consistency. Overall, the website demonstrates good digital maturity but requires urgent security improvements to protect user data and enhance trust.

J

Josef Manner & Comp AG

manner.com

38

Josef Manner & Comp AG operates the website manner.com, a well-established Austrian confectionery brand specializing in Viennese wafer specialties since 1890. The website showcases a comprehensive product range, including wafers, baking products, gingerbread, and merchandise, targeting consumers interested in traditional confectionery. The brand maintains a consistent and professional online presence with rich content, social media integration, and e-commerce capabilities. Technically, the site uses modern technologies such as Vue.js, Algolia search, and Cookiebot for consent management, hosted likely on DigitalOcean. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, which is a critical issue that undermines user trust and data protection. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR consent mechanisms. Overall, the website is professional and credible but requires urgent security improvements to meet modern standards.

Raiffeisen Bank International AG operates as a leading business bank in Austria and Central and Eastern Europe, offering a broad range of financial services including corporate banking, investor relations, and sustainability-focused products. The website targets investors, corporate and institutional clients, job seekers, and private customers, reflecting a mature and comprehensive business model with a strong market position. Technically, the site is built on Adobe Experience Manager with Vue.js components, leveraging modern analytics and marketing tools such as Mouseflow, Google Tag Manager, and hCaptcha. However, a critical security weakness is present due to an invalid SSL certificate and lack of TLS protocol support, which undermines the otherwise strong security headers and policies implemented. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional, content-rich, and trustworthy but requires urgent remediation of SSL and TLS issues to ensure secure user interactions.

software4production GmbH is a specialized provider of innovative factory software solutions focused on Industry 4.0 and automation for medium-sized manufacturing enterprises. Their offerings include advanced manufacturing execution systems (MES), production planning and scheduling (PPS), and modules for data acquisition and intralogistics, all built on a robust Java/Jakarta IT architecture. The company holds a strong market position, evidenced by multiple industry awards and a comprehensive portfolio of services including consulting, training, and support. Technically, the website is built using modern frameworks such as Nuxt.js and Vue.js, hosted on infrastructure associated with udag.de. While the site demonstrates good design and navigation, it lacks a valid SSL certificate and proper HTTPS implementation, which is a significant security concern. Performance metrics are not available, indicating potential areas for improvement in loading speed and optimization. From a security perspective, the absence of HTTPS and modern TLS protocols, along with missing advanced security features like OCSP stapling and session resumption, lowers the site's security posture. However, the presence of some security headers and a comprehensive privacy policy indicates a baseline commitment to security and compliance. Overall, the website is professional and trustworthy in content and business representation but requires urgent security enhancements to protect user data and improve trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and implementing cookie consent mechanisms to enhance privacy compliance.

W

Wenatex Das Schlafsystem GmbH

wenatex.com

37

Wenatex Das Schlafsystem GmbH is a medium-sized Austrian company specializing in ergonomic sleep systems, including mattresses, slatted frames, pillows, and bedding accessories. With over 30 years of experience, the company emphasizes quality, innovation, and personalized customer consultation, positioning itself as a trusted brand in the sleep product retail and manufacturing sector. The website reflects a mature digital presence with modern technologies such as Nuxt.js and AWS hosting, providing a rich user experience with multimedia content and clear navigation. However, the absence of a valid SSL certificate significantly undermines the security posture, exposing users to potential risks. While privacy and cookie policies are present and GDPR compliant, the lack of explicit security policies and incident response information suggests room for improvement in security governance. Overall, the website is professional and trustworthy but requires urgent security enhancements to protect user data and maintain credibility.

Titan Machinery is a large, established full-service dealer specializing in agriculture and construction equipment, operating over 100 dealerships across multiple countries. The company offers new and used equipment sales, rentals, parts, service, and financing solutions, representing major CNH Industrial brands. The website is professionally designed using modern technologies such as ASP.NET and Vue.js, hosted behind Cloudflare for performance and security. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. Privacy and cookie policies are present but basic, and no direct contact information is visible on the homepage. Social media presence is strong, supporting brand trust. The domain is mature and well-protected, indicating a legitimate business. Overall, the website demonstrates good business credibility and technical implementation but requires urgent security improvements.

V

Vienna Insurance Group

vig.com

40

Vienna Insurance Group (VIG) is a leading insurance group in Central and Eastern Europe, operating through over 50 insurance companies and pension funds across 30 countries with approximately 30,000 employees. The website reflects a mature, enterprise-level business with a strong market position and comprehensive service offerings in insurance and reinsurance. The digital infrastructure is modern, leveraging JavaScript frameworks and a CMS (Umbraco), with good content quality and user experience. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS protocol support, which is a critical vulnerability for a financial services website. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of SSL/TLS issues to ensure secure communications.

Canto operates as a leading provider of digital asset management (DAM) solutions, offering a comprehensive SaaS platform designed to help businesses organize, edit, share, and analyze digital content efficiently. The company positions itself as an industry leader with a strong focus on enterprise customers, providing feature-rich tools that enhance content workflows and brand management. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website is built using modern web technologies including Vue.js and is hosted on Netlify, indicating a contemporary and scalable infrastructure. The site demonstrates good SEO and mobile optimization practices, although performance metrics are not explicitly available. Accessibility is basic but present. The use of structured data and meta tags supports search engine visibility. From a security perspective, the site has several critical shortcomings. Despite having security headers like X-Content-Type-Options and X-Frame-Options, the absence of a valid SSL certificate and lack of HTTPS support severely undermine the security posture. No TLS protocols are enabled, and HSTS is not enforced, exposing users to potential risks. Privacy and cookie policies are comprehensive and GDPR compliant, but no explicit contact emails or phone numbers are provided, relying instead on contact forms. Overall, while the business and technical aspects of the website are strong, the critical lack of SSL/TLS encryption represents a significant risk that must be addressed promptly. Strategic recommendations include immediate SSL certificate installation, enabling modern TLS protocols, and enforcing HSTS to protect user data and maintain trust. Enhancing contact transparency and expanding security frameworks would further strengthen the company's security and compliance posture.

S

Salzburger Nachrichten Medien GmbH & Co. KG

salzburg.com

35

Salzburger Nachrichten Medien GmbH & Co. KG operates a mature and well-established regional news website focused on Salzburg, Austria, and international news. The site offers a wide range of content including politics, economy, culture, sports, and local events, supported by various services such as job listings, real estate, e-paper, and podcasts. The company maintains a strong market position as a leading media provider in the region with a consistent and professional brand presence. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, leveraging GraphQL for data management. It uses Varnish caching and is hosted on Conova infrastructure. The site is well-optimized for mobile and SEO, with good accessibility features. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap. From a security perspective, the website lacks HTTPS, HSTS, and other essential security headers, which significantly lowers its security posture. While no critical vulnerabilities or malware were detected, the lack of encryption exposes users to potential risks. Privacy policies and cookie consent mechanisms are in place, indicating compliance with GDPR requirements. Overall, the website is content-rich and professionally managed but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, enabling security headers, and enhancing incident response capabilities.

J

Jungheinrich AG

jungheinrich.com

40

Jungheinrich AG is a globally leading company in the intralogistics sector, headquartered in Hamburg, Germany. The company specializes in manufacturing industrial trucks, warehouse and material flow technology, and providing logistics services. The website reflects a mature enterprise with a strong market position and comprehensive service offerings targeting businesses requiring intralogistics solutions. Technically, the website employs modern web technologies including Vue.js, CoreMedia CMS, and integrates multiple marketing and analytics tools such as Google Tag Manager, Marketo, and Cookiebot. However, a critical security issue is present due to an invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professionally designed, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

T

Trek Bicycle Corporation

trekbikes.com

40

Trek Bikes is a well-established global bicycle manufacturer with a strong presence in Finland, offering a wide range of bicycles and cycling accessories. The website targets Finnish consumers with localized content and a comprehensive product catalog. Technically, the site uses modern frontend technologies such as Vue.js and Tailwind CSS, and is hosted behind Cloudflare CDN with integrated marketing and analytics tools like Google Tag Manager and Cookiebot for cookie consent management. However, a critical security weakness is the lack of a valid SSL/TLS certificate and HTTPS support, exposing users to potential risks. The site includes comprehensive privacy and cookie policies, indicating good privacy compliance, but lacks visible security policies or incident response information. Overall, the business credibility is high, supported by a mature domain and consistent branding, but the security posture requires urgent improvement to protect user data and trust.

I

Ivoclar Vivadent

ivoclarvivadent.com

40

Ivoclar Vivadent operates a comprehensive and professionally designed website targeting dental professionals including dentists and technicians. The company offers innovative dental materials and digital equipment solutions, positioning itself as a leading enterprise in the healthcare sector. The website demonstrates strong digital maturity with modern JavaScript frameworks, extensive use of marketing and analytics tools, and a consistent brand presence. However, a critical security gap exists due to the absence of a valid SSL certificate and enabled TLS protocols, which significantly impacts the security posture and user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is content-rich and user-friendly but requires urgent security improvements to meet industry standards.

K

Kellner & Kunz AG

reca.co.at

33

Kellner & Kunz AG, part of the RECA Group, is a leading specialist in C-parts management with a strong presence across Europe. The company offers a comprehensive range of over 140,000 quality products and services tailored to industry and trade sectors, supporting customers in optimizing their work processes and gaining competitive advantages. Their business model focuses on B2B supply and service, leveraging an extensive network of subsidiaries and partners across multiple countries. Technically, the website is built on WordPress with modern technologies such as Vue.js for search, Algolia, and Factfinder integrations, providing a good user experience with responsive design and SEO optimization. However, the site suffers from a critical security issue due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts its security posture. Security headers are well implemented, and privacy policies are comprehensive and GDPR compliant, but the lack of proper SSL/TLS encryption is a major vulnerability. The site uses standard tracking tools like Google Analytics and Facebook Pixel with moderate user tracking levels and appropriate consent mechanisms. Overall, the website is professional and trustworthy in content and business representation but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL/TLS certificate installation, enabling HSTS, and improving security configurations.

E

ENGEL

engelglobal.com

40

ENGEL is a large, established manufacturing company specializing in injection moulding solutions, including machines, automation, and digital process optimization. The website reflects a professional B2B business model targeting manufacturing industries globally, with multi-language support and a comprehensive content offering. Technically, the site uses modern technologies such as Vue.js and Storyblok CMS, hosted on AWS CloudFront, with good SEO and mobile optimization. However, the lack of a valid SSL certificate and disabled TLS protocols represent significant security weaknesses. The site implements strong security headers and a content security policy but lacks incident response and security policy disclosures. Privacy compliance is addressed with GDPR-consent mechanisms and a detailed data protection page. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

PSI Software SE operates the website psimetals.com, providing specialized production management software solutions for the metals industry, including steel, aluminum, and copper manufacturing. Their flagship product, PSImetals, integrates SCM, APS, and MES functionalities to optimize production and logistics, with a strong emphasis on sustainability and decarbonization. The company targets industrial manufacturers seeking to improve operational efficiency and meet environmental standards. The website demonstrates a mature digital presence with comprehensive content, case studies, and customer references, reflecting a well-established market position. Technically, the site is built on TYPO3 CMS and leverages modern JavaScript libraries such as Vue.js, Axios, and Parsley.js for enhanced user experience and form validation. However, performance metrics are lacking, and the SSL/TLS configuration is critically deficient, with no valid certificate and no TLS protocols enabled, severely impacting security posture. The site includes privacy and cookie policies compliant with GDPR, and uses Google Analytics and Tag Manager for user tracking at a moderate level. Security-wise, while several security headers are implemented, the absence of a valid SSL certificate and HTTPS enforcement is a major vulnerability. DNS security features like DNSSEC and CAA are not enabled, and domain protection locks are missing, which could expose the domain to hijacking risks. No explicit incident response or security policy information is available on the site. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, enhancing DNS security, and publishing clear security and incident response policies.

D

Die Presse Verlags-Gesellschaft m.b.H. & Co KG

diepresse.com

40

Die Presse is a prominent Austrian media company operating a comprehensive online news portal offering premium journalism, podcasts, videos, and newsletters targeting German-speaking audiences primarily in Austria. The website demonstrates a mature digital infrastructure leveraging modern JavaScript frameworks (Vue.js), advanced consent management (Didomi), and multiple advertising and analytics platforms. However, the security posture is notably weak due to the absence of a valid SSL certificate and disabled TLS protocols, exposing users to potential risks. Privacy compliance is robust with clear policies and consent mechanisms in place. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect user data and maintain trust.