Security Directory

R

Rexel

rexel.com

40

Rexel is a global leader in multichannel distribution for the energy sector, providing sustainable and innovative solutions to professional customers worldwide. The company operates in 17 countries with nearly 2,000 branches and a workforce of approximately 27,000 employees. Their business model focuses on supporting electricians, installers, commercial and industrial companies, and suppliers with a broad portfolio of energy-related products and services. The website reflects a mature digital presence with comprehensive content, investor relations, and sustainability commitments. Technically, the site is built on WordPress with modern SEO plugins and integrates multiple analytics and marketing tools. However, the absence of a valid SSL certificate and HTTPS support is a critical security deficiency that undermines user trust and data protection. The site implements strong cookie consent mechanisms and complies with GDPR requirements, but lacks explicit security policies or incident response information. Overall, Rexel's website demonstrates high professionalism and business credibility but requires urgent security improvements to align with best practices.

F

Fair Finance

fairfinance.org.uk

38

Fair Finance is a UK-based direct lender specializing in affordable personal loans up to £3000, targeting individuals including those with bad credit or on benefits. The company emphasizes social impact and financial advice, operating with FCA authorization. The website is built on WordPress with Elementor and integrates multiple marketing and analytics tools such as Google Analytics, Tag Manager, Hotjar, and Trustpilot for reputation management. Despite a professional design and clear business information, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security vulnerability. Privacy and terms of service pages are present and comprehensive, but no cookie consent mechanism is implemented despite tracking scripts being active. Contact information including phone and physical address is clearly provided, enhancing business credibility.

C

Continental Trading GmbH

wetrade4you.at

20

Continental Trading GmbH operates as a specialized retailer of used printing and finishing machines, rooted in Salzburg, Austria, with an international customer base. The website presents basic information about the business and its offerings but lacks comprehensive contact details and legal policies. The technical infrastructure relies on Apache web server with Plesk hosting, AngularJS framework, jQuery, and Bootstrap for frontend, and uses Google Analytics for visitor tracking with IP anonymization enabled. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to potential risks. No privacy or terms of service policies are present, indicating compliance gaps with GDPR and other regulations. Overall, the website is functional but exhibits outdated technology and security weaknesses that require urgent remediation.

O

OVIVO Inc.

ovivowater.com

40

Ovivo Inc. is a well-established global leader in sustainable water treatment solutions with over 150 years of expertise. The company provides a comprehensive portfolio of equipment, technology, and services targeting industrial, municipal, and electronics sectors. The website reflects a mature digital presence with multilingual support and rich content tailored for B2B audiences. Technically, the site is built on WordPress with modern SEO and analytics tools, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and HTTPS support. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Overall, Ovivo demonstrates strong business credibility and professionalism but must urgently address its SSL/TLS configuration to improve security posture and user trust.

L

Le Domaine Forget de Charlevoix

domaineforget.com

38

Le Domaine Forget de Charlevoix is a well-established international academy and festival specializing in music and dance, located in Quebec, Canada. The organization offers a variety of cultural and educational services including intensive training stages, a renowned summer festival, concerts, and accommodation facilities. Their target audience includes musicians, dancers, cultural tourists, and donors. The website reflects a professional and consistent brand with good content quality and clear navigation, primarily in French with English options. Technically, the site uses ASP.NET MVC framework hosted likely on Microsoft Azure, with integrated analytics and marketing tools such as Google Analytics, Facebook Pixel, and Google Tag Manager. However, the site lacks a valid SSL certificate, which is a critical security flaw, and does not implement advanced security headers or DNS security features. Privacy compliance is basic with cookie consent mechanisms but lacks explicit GDPR compliance indicators or a data protection officer contact. Overall, the website is functional and credible but requires urgent security improvements to protect user data and enhance trust.

Albert Berner Deutschland GmbH operates a comprehensive B2B e-commerce platform specializing in professional tools, chemicals, and related products primarily serving the automotive and industrial sectors in Germany. The company is well-established with a strong market position and a broad product catalog supported by detailed categorization and user-friendly navigation. Technically, the website employs modern JavaScript libraries, consent management tools, and extensive marketing and analytics integrations, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Despite this, the site maintains good privacy compliance with clear policies and consent mechanisms. Overall, the business is credible and professional, but urgent remediation of the SSL/TLS issue is recommended to enhance security and trust.

H

Hackabu Growth Consulting

hackabu.com

40

Hackabu Growth Consulting is a specialized digital marketing and growth consulting firm based in Austria, serving both B2C and B2B clients. The company offers a broad range of services including online marketing, marketing automation, performance marketing, programmatic advertising, social recruiting, AI consulting, and workshops. Their market position is that of a leading online marketing and growth consultancy with a strong focus on data-driven strategies and innovative technologies. The website is professionally designed, content-rich, and targets businesses seeking growth through digital channels. Technically, the site is built on WordPress with Elementor and uses various modern web technologies and optimization tools. However, a critical security issue is the absence of a valid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, the business credibility is high, supported by clear contact information, social media presence, and client logos. Strategic recommendations include immediate SSL implementation and enhancement of security configurations to protect user data and improve trust.

C

CPB Contractors

cpbcon.com.au

40

CPB Contractors is a well-established major contractor specializing in critical and complex infrastructure projects across Australia and New Zealand. The company operates as a subsidiary of the CIMIC Group and holds a leading market position in sectors such as transport, energy, and construction. Their website reflects a professional business model focused on large-scale infrastructure delivery, with key services including rail, tunneling, roads, water, and new energy projects. The target audience includes government agencies, industry partners, and prospective employees. Technically, the website is built on modern frameworks including Next.js and Material-UI, integrated with Sitecore CMS, and employs Google Analytics and Tag Manager for tracking. However, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts security and user trust. Mobile optimization and SEO are adequately addressed, but accessibility features are basic. From a security perspective, the absence of HTTPS and security headers represents a significant vulnerability. No explicit security policies or incident response contacts are published, and privacy compliance is limited despite the presence of a privacy policy. The site uses tracking technologies but lacks cookie consent mechanisms, indicating partial privacy compliance. Overall, the website is functional and professional but requires urgent security improvements, especially SSL implementation and enhanced privacy compliance, to reduce risk and improve trustworthiness.

G

GRAWE osiguranje a.d.o.

grawe.rs

40

GRAWE Srbija is a well-established insurance company operating in Serbia, offering a broad range of life and non-life insurance products including vehicle, property, and health-related insurance. The company is part of the larger GRAWE Group, which has a long tradition in the insurance sector. The website is professionally designed using TYPO3 CMS and integrates modern technologies such as Google Tag Manager and Cloudfront CDN. It provides clear navigation, comprehensive product information, and multiple contact channels including phone, email, and social media. Privacy and cookie policies are present and include consent mechanisms, indicating good compliance with GDPR requirements. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in HTTPS not being properly enabled. This significantly impacts the security posture and user trust. Security headers are well configured, but the lack of valid SSL and modern TLS protocols is a major vulnerability. No explicit security or incident response policies are published, and no vulnerability disclosure or security.txt files are found. Overall, the website is functional and credible but requires urgent remediation of SSL/TLS issues to improve security and trust.

K

Keller Limited

keller-uk.com

40

Keller Limited is a leading UK-based geotechnical specialist contractor providing expert services in piling, ground improvement, grouting, earth retention, and monitoring. The company holds a strong market position as a leader in the construction and infrastructure sectors, supported by multiple industry certifications and a clear parent company relationship with Keller Group. The website is professionally designed using Drupal 10, with good SEO, accessibility, and mobile optimization. However, the absence of an SSL certificate and HTTPS significantly impacts the security posture, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and clear privacy and cookie policies. Contact information is clearly presented, including phone numbers and physical addresses, alongside active social media channels.

I

Intersport

intersportnet.com

40

Intersport is a marketing and experiential marketing agency focused on bridging the gap between marketing campaigns and consumers to help brands create meaningful connections. The company targets brands seeking partnership consulting, platform development, experiential marketing, hospitality, and content creation services. The website is built on WordPress with a modern plugin stack including Yoast SEO, Essential Grid, and Contact Form 7, and integrates Google Analytics and Google Tag Manager for analytics and tracking. The site is mobile optimized and presents a professional design with clear navigation and social media presence. However, the lack of a valid SSL certificate and HTTPS support is a critical security shortfall, exposing users to potential risks. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is not fully evident. Contact information is comprehensive, including emails, phone numbers, and physical addresses. WHOIS data is consistent with the business claims, supporting legitimacy. Overall, the site demonstrates good business credibility and technical implementation but requires urgent security improvements.

L

lucesem® - Ihr Komplettanbieter für EDV!

lucesem.at

28

lucesem® is a well-established IT service provider based in Klagenfurt, Austria, offering a broad range of IT solutions including managed IT services, cloud services, VoIP telephony, repair services, and data recovery for both business and private customers. The company has a strong regional presence and serves local and international clients. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to its target audience. Technically, the site is built on WordPress with popular plugins and themes, leveraging modern web technologies and SEO best practices. However, the absence of a valid SSL certificate is a critical security shortfall, exposing users to potential risks and undermining trust. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. Overall, the business demonstrates credibility and professionalism but must urgently address its SSL/TLS configuration to improve security posture and user trust.

IMC-Austria operates as a small non-profit meditation center focused on Vipassana meditation in the Theravada Buddhist tradition. The website provides informational content about meditation courses, the tradition of Sayagyi U Ba Khin, and links to related international centers. The target audience includes individuals interested in meditation and spiritual growth. Technically, the website is basic and static, using JavaScript, CSS, and Google services such as Analytics and Custom Search. However, the site suffers from slow load times and lacks modern web technologies or CMS platforms. Security posture is weak due to the absence of HTTPS, no valid SSL certificate, and missing security headers, exposing visitors to potential risks. Privacy compliance is poor, with no privacy or cookie policies and no consent mechanisms for tracking. Business credibility is moderate based on consistent WHOIS data and clear organizational identity but is weakened by lack of contact information and security best practices. Overall, the website requires significant improvements in security, privacy compliance, and technical modernization to enhance trust and user experience.

V

Venionaire Capital AG

worldventureforum.info

43

World Venture Forum 2025 is a well-established international event focused on fostering global relations in the venture capital, crypto, family office, corporate innovation, and impact investing sectors. The event is held in Kitzbühel, Austria, and features a comprehensive program with multiple unique mountain chalet venues, keynote speakers, workshops, and networking opportunities. The business model revolves around event organization, ticket sales, and sponsorship packages, targeting investors, entrepreneurs, and industry leaders. The website is professionally designed with rich content, clear navigation, and strong branding consistency. Technically, the website is built on WordPress using Elementor and several event-related plugins. It integrates Google Analytics for tracking and uses Borlabs Cookie for cookie consent management. However, the site lacks HTTPS, which is a critical security flaw, and does not implement important security headers or modern TLS protocols. Performance is moderate to slow, and while mobile optimization and accessibility are good, the absence of SSL significantly impacts the security posture. Security-wise, the site has no SSL/TLS encryption, no HSTS, no OCSP stapling, and no secure cipher suites, exposing users to potential risks. There is no visible security policy or incident response information. Privacy compliance is good with a comprehensive privacy policy and cookie consent mechanism. Business credibility is supported by detailed company information, multiple contact methods, and trust indicators such as testimonials and partner listings. Overall, the site presents a strong business and content profile but requires urgent security improvements to protect users and enhance trust. Strategic recommendations include immediate SSL implementation, adding security headers, and enhancing incident response transparency.

G

granITIC

granitic.eu

26

granITIC is a small IT consulting and software development company specializing in software architecture, Oracle and Java development, and medical office software solutions. The company targets sectors such as healthcare, production, industry, trade, aeronautical, and lottery. The website presents basic information about the business and its services but lacks detailed contact information and advanced content features. Technically, the website is hosted on an Apache server running Ubuntu, with Google Analytics integrated for visitor tracking. However, the site lacks HTTPS support, has no valid SSL certificate, and does not implement modern security headers or privacy compliance mechanisms. Performance data is unavailable, but the site appears minimal and slow, with poor mobile optimization and accessibility. From a security perspective, the absence of HTTPS and security headers represents a critical vulnerability, exposing users to potential data interception and undermining trust. The lack of privacy and cookie policies further indicates non-compliance with GDPR and related regulations. DNS and SPF records are properly configured, reducing email spoofing risks. Overall, the website's risk profile is elevated due to missing fundamental security controls and privacy compliance. Strategic improvements in SSL implementation, security headers, and privacy policies are essential to enhance trustworthiness and regulatory adherence.

S

Sigma Phi Epsilon Fraternity

sigep.org

40

Sigma Phi Epsilon is a well-established national fraternity organization focused on building balanced men through leadership, brotherhood, and educational programs. The website serves a large audience including undergraduate members, alumni, and volunteers, providing resources such as scholarships, leadership development, and community engagement. The organization maintains a consistent brand and professional online presence with clear navigation and relevant content. Technically, the site is built on WordPress with modern plugins and hosted on WP Engine via Google Cloud infrastructure. However, the site currently lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Tracking technologies such as Google Analytics and Facebook Pixel are used extensively, but no cookie consent mechanism is implemented, indicating partial privacy compliance. Contact information and physical address are clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and comply with best practices.

Sulzer Ltd is a globally recognized leader in fluid engineering, specializing in the manufacturing and servicing of pumps, agitators, mixers, separation, and purification technologies. The company serves essential industries such as energy, manufacturing, and process industries, positioning itself as a key player in enabling sustainable and efficient industrial operations worldwide. Their website reflects a mature enterprise with comprehensive product and service offerings, strong branding, and a clear focus on sustainability and innovation. Technically, the website employs a modern technology stack including Apache server, Vue.js framework, and integrates multiple third-party analytics and marketing tools such as Google Analytics, Pardot, and Hotjar. The site is hosted with Azure DNS and demonstrates good SEO and mobile optimization practices. However, performance metrics are not explicitly available. From a security perspective, while the site implements several important security headers and content security policies, it critically lacks a valid SSL/TLS certificate and does not support HTTPS, which severely undermines its security posture. This exposes users to potential risks and reduces trustworthiness. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms, aligning with GDPR requirements. Overall, the website is professional and credible but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and improve its security score. Strategic recommendations include immediate SSL certificate installation, enabling modern TLS protocols, and enhancing security header configurations to protect users and maintain trust.

K

ktchng

ktchng.com

39

ktchng is a small Austrian-based technology and e-commerce company offering an augmented reality mobile app that enables users to scan products and environments to receive trend information, community content, and sales offers. The platform integrates a token reward system (KTC) that users can earn and redeem in the ktchng webshop and partner stores. The website is professionally designed with good content quality and consistent branding, targeting consumers interested in AR and digital shopping experiences. Technically, the site uses PHP backend with nginx, Amazon AWS hosting, CloudFront CDN, and integrates monitoring and analytics tools such as New Relic, Google Analytics, and Facebook Pixel. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security vulnerability. Privacy and cookie policies are present and GDPR compliant, with a cookie consent mechanism implemented. Contact information is clearly provided, including emails and phone numbers. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Broadcom Inc. is a global leader in technology, specializing in semiconductor products, enterprise software, and security solutions. The website reflects a professional and consistent brand presence targeting enterprise customers and technology professionals. The technical infrastructure leverages modern web technologies such as React and Cloudflare CDN, with extensive use of third-party marketing and analytics tools to support business operations and user engagement. However, the website currently suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of TLS protocol support, which significantly impacts its security posture. While security headers are well configured, the lack of HTTPS undermines user trust and data protection. Privacy compliance is basic, with a cookie consent mechanism present but no visible privacy policy or terms of service. Overall, the site demonstrates good business credibility but requires urgent security improvements to align with best practices.

S

STRG

strg.at

37

STRG is a well-established Austrian technology and research company specializing in custom software solutions, AI research, and digital transformation services. With over 20 years of experience, STRG offers a modular approach to software development, integrating AI and sustainability principles to optimize business processes across various industries including manufacturing, healthcare, finance, and media. The company maintains a strong market position supported by client testimonials, case studies, and industry partnerships. Technically, the website is built on WordPress with Elementor and employs modern web technologies and performance optimizations. However, the absence of a valid SSL certificate and HTTPS configuration is a critical security gap that undermines user trust and data protection. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Overall, STRG demonstrates a mature digital presence but must urgently address its SSL/TLS security to enhance its security posture and trustworthiness.

I

ICMPD

icmpd.org

40

ICMPD is an established international organization focused on migration policy development, capacity building, and research, serving 21 member states with a global project footprint. The website reflects a mature, professional entity with comprehensive content and strong branding consistency. Technically, the site uses modern CMS technology (eZ Platform) and integrates analytics tools like Google Analytics and Matomo, but suffers from poor SSL implementation and lacks critical security headers, impacting its security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the site is functional and content-rich but requires urgent security improvements to protect user data and enhance trust.

I

Immobilien Scout GmbH

immobilien.net

37

Immobilien.net is a well-established Austrian real estate platform operated by Immobilien Scout GmbH, offering a broad range of residential and commercial property listings. The website targets individuals and investors seeking to rent or buy properties in Austria, providing expert services and a knowledge portal. Technically, the site uses modern frontend technologies such as React and is hosted on AWS CloudFront CDN, ensuring good mobile optimization and SEO. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw, severely impacting the site's security posture. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, while the business and content quality are good, the lack of HTTPS significantly reduces trust and security.

I

ION Group

reval.com

40

ION Group operates the Reval treasury software platform, a SaaS solution designed to automate and optimize treasury operations for global corporations, financial institutions, and government entities. The platform offers advanced features including real-time cash visibility, machine learning for forecasting and fraud detection, and seamless integration with banking and ERP systems. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. Technically, the site is built on WordPress and leverages modern analytics and marketing tools, hosted behind Cloudflare for performance and security. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and disabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with GDPR-aligned cookie consent mechanisms. Overall, the site demonstrates high business credibility but requires urgent remediation of SSL issues to ensure secure user interactions.

W

Wismo Automotive A/S

peugeot.dk

40

Peugeot.dk is the official Danish website for Peugeot vehicles, operated by Wismo Automotive A/S, a medium-sized company under the Stellantis group. The site offers comprehensive information on passenger and commercial vehicles, including electric and hybrid models, leasing options, after-sales services, and digital tools such as a vehicle configurator and test drive booking. The website targets Danish consumers and businesses interested in Peugeot's automotive offerings. Technically, the site is built on Adobe Experience Manager with modern web technologies and integrates Google Analytics and Adobe marketing tools for data collection and user tracking. However, the site currently lacks a valid SSL certificate, which significantly impacts its security posture. While security headers like HSTS and X-Content-Type-Options are present, their configurations are suboptimal. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional, well-branded, and trustworthy but requires urgent attention to SSL certificate renewal and enhanced security configurations to improve user trust and data protection.

N

Nemak

nemak.com

35

Nemak is a large manufacturing company specializing in aluminum automotive components, with a strong focus on sustainability and decarbonization initiatives. The company targets automotive manufacturers, investors, suppliers, and job seekers, positioning itself as a global leader in its sector. The website reflects a professional corporate presence with good content quality and consistent branding. Technically, the site uses modern JavaScript libraries and frameworks hosted on Microsoft Azure, but lacks a valid SSL certificate, which is a critical security shortfall. The security posture is weak due to missing HTTPS, lack of security headers, and no published security policies. Privacy compliance is basic, with cookie consent implemented but no detailed GDPR compliance indicators. Contact information and social media presence are well established, supporting business credibility. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

K

Kindifarm

kindifarm.com

34

Kindifarm is a small, established Australian business specializing in mobile animal farm and petting zoo services primarily serving the Sydney region and nearby areas. The company offers educational and interactive animal displays for events such as birthday parties, school visits, aged care, and special requests. The website is built on WordPress with a modern tech stack including Elementor and Yoast SEO, hosted on WP Engine with Cloudflare CDN. However, the site lacks HTTPS, which is a critical security vulnerability. Privacy compliance is poor as no privacy or cookie policies are present. Contact information is clearly provided, and the business shows trust indicators such as licensing and insurance. Overall, the website is functional and professionally presented but requires urgent security and privacy improvements.

The website renatesanz.com serves as an online portfolio for the artist Renate Sanz, showcasing various artworks including paintings and sculptures. The site targets art enthusiasts and potential gallery visitors, providing exhibition information and artist biography. The business model is focused on personal branding and promotion of artistic work within a niche market. The website is primarily in German with options for English and Spanish, indicating a European and international audience. Technically, the site is built on Drupal 7, an outdated CMS version, and uses jQuery and Google Analytics for tracking. The hosting provider is kasserver.com. Performance is slow with basic mobile optimization and accessibility features. Security posture is weak due to lack of HTTPS, visible deprecated PHP warnings, and minimal security headers. No privacy or cookie policies are present, indicating poor GDPR compliance. Contact information is not explicitly provided on the site. Overall, the site shows basic professionalism but requires significant improvements in security, privacy compliance, and technical modernization.

BRAUN Maschinenfabrik Gesellschaft m.b.H. is a well-established Austrian manufacturing company specializing in steel cutting and grinding machines, hydraulic steel structures, and decommissioning technologies. Founded in 1848, the company holds a strong market position as a technology leader with a global presence, serving industrial clients primarily in the energy and manufacturing sectors. Their product portfolio includes customized solutions for cutting, grinding, and dismantling applications, supported by in-house engineering and automation capabilities. The website reflects a professional business with clear branding and relevant content targeting industrial customers. Technically, the website runs on an Apache server and uses JavaScript libraries including Google Analytics and Google Maps API. However, the site lacks HTTPS encryption, which is a critical security shortfall. Performance metrics are not available, but the site shows basic mobile optimization and SEO practices. The hosting provider is identified via DNS as esys.at, an Austrian hosting service. From a security perspective, the absence of a valid SSL/TLS certificate and HTTPS is a major vulnerability, exposing users to potential data interception. No advanced security headers or policies are implemented, and there is no visible incident response or vulnerability disclosure information. Privacy compliance is minimal, with no cookie consent mechanism detected, although a basic privacy policy and terms of service are present. Overall, the website demonstrates moderate business credibility and content quality but suffers from significant security and privacy compliance gaps. Strategic improvements in SSL deployment, security headers, and privacy mechanisms are recommended to enhance trust and protect users.

F

FH Oberösterreich

fh-ooe.at

29

FH Oberösterreich (FH OÖ) is a leading university of applied sciences in Austria, offering a wide range of bachelor and master degree programs across multiple campuses. The institution emphasizes praxis-oriented education, personal consultation, and maintains strong international partnerships. The website reflects a mature digital presence with comprehensive content, clear navigation, and multilingual support. Technically, the site uses modern frameworks such as Vue.js and Craft CMS, and integrates various analytics and marketing tools with user consent mechanisms. However, the security posture is weakened by the absence of a valid SSL certificate and lack of security headers, exposing users to potential risks. Privacy compliance is well addressed with detailed policies and cookie consent. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure communications.

Tungsten Automation Corporation, formerly known as Kofax, is a leading enterprise technology provider specializing in AI-powered workflow automation solutions. The company offers a broad portfolio of products including document and workflow automation, accounts payable and receivable automation, print and workplace automation, and PDF and eSignature solutions. Positioned as a market leader, Tungsten Automation is recognized by industry analysts such as Everest Group and IDC for its intelligent document processing capabilities. The company targets global enterprises seeking to streamline complex, data-intensive business processes and improve operational efficiency through AI and automation technologies. Technically, the website is built on a modern stack including Sitecore CMS, jQuery, and integrates multiple marketing and analytics tools such as Google Analytics, Visual Website Optimizer, and Eloqua. Hosting appears to be on Microsoft Azure. While the site demonstrates excellent content quality, branding consistency, and user experience, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS support, which severely impacts its security posture. Privacy policies and cookie consent mechanisms are present and GDPR compliant, supporting good privacy compliance. Overall, the site reflects a mature enterprise digital presence but urgently requires remediation of its SSL/TLS configuration to meet basic security standards.

C

CompaxDigital Software Development GmbH

compax.at

36

CompaxDigital Software Development GmbH is a technology company specializing in cloud-native Business Support Systems (BSS) and Operations Support Systems (OSS) software for telecommunications and related industries. The company offers a SaaS platform with agile delivery and operational support, targeting telecom service providers, MVNOs, ISPs, and enterprises requiring digital transformation solutions. Their market position is supported by partnerships with major telecom operators and industry memberships such as TM Forum. The website is professionally designed with rich content, customer logos, and whitepapers, reflecting a mature digital presence. Technically, the website is built on WordPress using the Divi theme and several plugins for enhanced functionality, hosted on WP Engine with Cloudflare CDN. However, performance is slow, and accessibility is basic. SEO is adequately implemented with proper meta tags and structured data. Mobile optimization is good. Security posture is weak due to the absence of a valid SSL certificate and HTTPS enforcement, lack of modern TLS protocols, and missing security headers like HSTS. No cookie consent mechanism is present despite the use of tracking scripts such as Google Analytics and HubSpot. No explicit security policies or incident response contacts are found. Overall, the website demonstrates strong business credibility and content quality but suffers from critical security shortcomings that should be addressed promptly to protect user data and improve trustworthiness.

Z

Zeus Petruzalek

petruzalek.com

26

Zeus Petruzalek is a well-established B2B manufacturer and distributor specializing in food packaging products and packaging machines. As part of the Zeus Group, it operates across multiple countries with a strong market presence in the manufacturing sector. The website demonstrates a professional and comprehensive digital presence with multilingual support and extensive product catalogs. Technically, the site is built on WordPress with WooCommerce and uses modern plugins and analytics tools, though performance metrics are not optimal. Security posture is weak due to the absence of a valid SSL certificate and HTTPS, exposing the site to risks and reducing trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is credible and professional but requires urgent security improvements to protect user data and enhance trust.

M

Mundipharma International Limited

mundipharma.com

40

Mundipharma International Limited operates a global healthcare website focused on pharmaceutical and consumer health products with a strong patient-centric approach. The website targets healthcare professionals, patients, and partners, providing corporate information, career opportunities, and media resources. The digital infrastructure is built on Drupal CMS with integrations including Google Analytics, Hotjar, and various marketing and tracking tools, hosted behind Cloudflare CDN. While the website content is professionally presented with good navigation and mobile optimization, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which are critical issues that must be addressed to ensure secure communications and user trust. Privacy and cookie policies are comprehensive and GDPR compliant, but no explicit security policy or incident response information is publicly available. Overall, the website is credible and professionally maintained but requires urgent SSL/TLS remediation to improve security and trust.

Y

YTMP3

jobrocker.com

37

The website jobrocker.com operates as an online YouTube to MP3 and MP4 conversion service branded as YTMP3. It targets a broad audience including casual listeners, educators, and content creators by providing a free, fast, and easy-to-use tool without requiring registration or payments. The site emphasizes speed, audio quality, and simplicity, positioning itself as a reliable alternative to other converters. Technically, the site uses standard web technologies with Cloudflare CDN and Google Analytics for tracking, but lacks HTTPS encryption, which is a significant security concern. The absence of cookie consent and privacy compliance mechanisms further impacts user privacy. The domain is very new, registered in early 2025, consistent with the site's recent launch. Security posture is weak due to missing SSL and security headers, and no incident response or security policy information is provided. Overall, the site offers functional service but requires urgent security improvements to protect users and enhance trust.

I

iService d.o.o.

iservice.hr

20

iService d.o.o. operates the website iservice.hr, providing fast and professional repair services for smartphones, tablets, Mac computers, and Apple devices, alongside retail sales of related accessories. The company targets both individual consumers and businesses, offering services such as quick repairs, free diagnostics, and warranty-backed parts. The business is well-positioned in the Croatian market with a strong reputation supported by certifications like Apple IRP and a 15-year operational history. Technically, the website uses a standard Apache server with modern marketing integrations including Google Analytics and Facebook Pixel, but lacks a valid SSL certificate, which is a significant security concern. The site is mobile-optimized with good SEO and user experience, though performance metrics indicate slow loading times. Security posture is weak due to missing HTTPS, lack of modern TLS protocols, and absence of key security headers. Privacy compliance is addressed with visible policies and cookie consent mechanisms, but no explicit security or incident response policies are found. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

D

DS Smith

dssmith.com

40

DS Smith is a leading international manufacturer specializing in sustainable packaging solutions, paper products, and recycling services. The company positions itself as a global leader in sustainability within the packaging industry, targeting businesses seeking eco-friendly and innovative packaging and recycling options. The website reflects a mature digital presence with comprehensive content, multi-language support, and strong branding consistency. Technically, the site uses modern web technologies including React, Google Tag Manager, Google Analytics, and Microsoft Application Insights, hosted behind Cloudflare for performance and security. However, the SSL certificate is currently invalid or missing, which undermines the security posture. The site implements strong security headers and content security policies but has a notable subdomain takeover vulnerability on shop.dssmith.com. Privacy and cookie policies are present with consent mechanisms, indicating good GDPR compliance. Contact information is primarily via forms and physical address, with no explicit emails or phone numbers on the homepage. Social media presence is robust and consistent with corporate branding.

T

Two Pi GmbH

two-pi.com

18

Two Pi GmbH is a specialized provider of signal processing intellectual property and firmware solutions for hearing aids and OTC hearing healthcare markets. The company offers audiology algorithm libraries, firmware for semiconductor platforms, and advisory services, with products tested in multiple medical and consumer product families. The website reflects a professional business presence targeting hearing healthcare companies and technology providers. Technically, the site is built on WordPress with standard plugins and uses Google Analytics for tracking. However, the absence of HTTPS and security headers significantly undermines the security posture. Privacy compliance is lacking, with no visible privacy or cookie policies or consent mechanisms. Business credibility is supported by consistent company information and professional content, but the lack of contact phone numbers and social media presence limits engagement channels. Overall, the site is functional and informative but requires urgent security and privacy improvements.

H

HumanWare

humanware.com

40

HumanWare is a globally recognized leader in assistive technology for people who are blind or have low vision, offering a wide range of products including electronic magnifiers, braille devices, and software solutions. The company operates under the parent company EssilorLuxottica and serves a diverse audience including students, workers, veterans, and eye care professionals. Their website is professionally designed with rich content and multilingual support, reflecting a mature digital presence. Technically, the site is built on WordPress with Elementor and integrates modern marketing and analytics tools such as Google Analytics and Facebook Pixel. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS configuration, which significantly impacts the site's security posture. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Overall, the business credibility and content quality are high, but urgent improvements in SSL/TLS security are recommended.

C

Coop Himmelb(l)au

coop-himmelblau.at

26

Coop Himmelb(l)au is a globally recognized architecture firm headquartered in Vienna, Austria, with additional offices in Tirana and Dubai. The firm specializes in innovative architectural design and urban planning, serving a diverse international clientele. Their portfolio includes a wide range of projects such as cultural institutions, residential buildings, office complexes, and mixed-use developments, highlighting their expertise and market presence in the real estate and architectural sectors. The website reflects a professional and comprehensive presentation of their work, targeting clients and stakeholders interested in cutting-edge architectural solutions. Technically, the website is built on a modern stack including Apache server, JavaScript frameworks, and analytics tools like Google Analytics and Matomo. It uses Kirby CMS inferred from URL patterns and asset paths, and is hosted on weber.cloud. The site is well-optimized for mobile devices and accessibility, with good SEO practices and clear navigation. However, performance metrics are moderate, indicating room for improvement in loading speed. From a security perspective, the site lacks HTTPS, which is a critical vulnerability. While some security headers are present, the absence of SSL/TLS encryption severely impacts the overall security posture. No incident response or security policy documents are found, and no vulnerability disclosure or security.txt files are present. Privacy compliance is good, with a comprehensive privacy policy and cookie consent mechanisms in place, including GDPR compliance indicators. Overall, the website is professionally designed and content-rich, supporting the firm's strong market position. However, the lack of HTTPS is a major security risk that must be addressed immediately to protect user data and maintain trust. Strategic recommendations include implementing SSL/TLS, enhancing security headers, and publishing security and incident response policies to improve the security maturity and compliance posture.

RHI Magnesita is a global leader in the refractory industry, providing high-grade refractory products, systems, and services primarily for steel, cement, glass, and non-ferrous metals industries. The company emphasizes sustainability and innovation, targeting industrial clients worldwide. The website reflects a mature digital presence with comprehensive content, structured data, and multi-language support. Technically, the site is built on WordPress with modern plugins and libraries, but suffers from critical security shortcomings due to an invalid SSL certificate and lack of HTTPS enforcement. Security headers are present but insufficient without proper TLS. Privacy compliance is well addressed with Cookiebot consent management and a detailed privacy policy. Overall, the site is professional and trustworthy but requires urgent SSL remediation to improve security posture and user trust.

R

Rydges Wholesale Foods

rydgeswholesale.com.au

24

Rydges Wholesale Foods is a Queensland-based wholesale food supplier specializing in fresh, high-quality bulk food supplies for a variety of food service businesses including restaurants, cafés, supermarkets, and catering companies. The company positions itself as a reliable partner offering competitive pricing, extensive product ranges, and tailored delivery solutions. Their website reflects a professional and consistent brand presence with clear contact information and customer testimonials, supported by certifications such as HACCP and Safe Food Queensland. Technically, the site is built on WordPress with WooCommerce, leveraging LiteSpeed server technology and caching for performance. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap, exposing users to potential risks. The site uses Google Analytics and Tag Manager for tracking but lacks a cookie consent mechanism, which may impact privacy compliance. Overall, the business appears legitimate and well-established locally, but urgent security improvements are needed to protect customer data and enhance trust.

The website represents the Landeskrankenhaus Feldkirch, a leading healthcare institution in Vorarlberg, Austria, serving as a regional specialty hospital and academic teaching hospital. It provides comprehensive medical services, education, research, and social care, targeting patients, visitors, and healthcare professionals. The organization is well-established with a history dating back to 1972 and operates under the Vorarlberger Krankenhaus-Betriebsgesellschaft.m.b.H. umbrella. Technically, the website uses a modern stack including nginx, Google Analytics, Matomo, and CookieHub for privacy compliance. The site is well-structured, mobile-optimized, and accessible, with good SEO practices. However, performance is slow, and no CMS or advanced frameworks were detected. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, exposing users to risks. While some security headers like HSTS are present, critical improvements are needed to secure communications and protect user data. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security enhancements to protect visitors and maintain compliance. Strategic recommendations include implementing HTTPS, enhancing security headers, and continuous security audits.

Insticore GmbH is a small Austrian digital agency specializing in digital marketing, web development, branding, and training services. The company targets a broad audience including small ventures, large businesses, and entrepreneurs, positioning itself as a comprehensive provider of digital solutions. The website is built on WordPress using the Divi theme and builder, with integrations for Google Analytics and HubSpot for marketing and analytics purposes. However, the site lacks HTTPS, which is a critical security shortfall. Security headers are partially implemented but the absence of SSL/TLS and modern security practices significantly lowers the security posture. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism or GDPR indicators. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and professional but requires urgent security improvements to protect user data and improve trust.

Silicon Austria Labs GmbH is a leading Austrian research center specializing in electronics-based systems, focusing on innovative technologies for a sustainable, smart, and connected future. The organization operates multiple locations in Austria and offers research projects, cooperation models, and R&D services, positioning itself as a key player in the technology research sector. The website reflects a professional and consistent brand image with clear communication of services and partnership opportunities. Technically, the site is built on TYPO3 CMS and integrates modern marketing and analytics tools such as Google Tag Manager and LinkedIn Insight Tag. However, the absence of HTTPS/SSL is a critical security flaw that undermines the site's security posture. Security headers are partially implemented, but the lack of encryption exposes users to risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and clear privacy policy. Business credibility is supported by certifications and transparent contact information. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

B

Bauer Media Group

bauermedia.co.uk

26

Bauer Media Group is a well-established UK-based media company operating across multiple sectors including audio broadcasting, publishing, and advertising services. The company targets a broad UK adult audience and maintains a strong market position with a portfolio of iconic brands. The website reflects a mature digital presence with comprehensive content, structured data, and good SEO practices. However, the technical infrastructure shows critical security gaps, notably the absence of a valid SSL/TLS certificate and lack of HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed through external policies and a consent management platform. Overall, the business credibility is strong, but the security weaknesses pose risks that should be urgently addressed.

O

Ojo de Pez

ojodepez.com.py

22

Ojo de Pez is a Paraguayan advertising agency specializing in creative, digital, and media services, with a 20-year history in the industry. The company targets businesses seeking to strengthen their brand identity and communication strategies. The website reflects a professional and consistent brand image with good content quality and user experience. However, the technical infrastructure shows significant gaps, notably the absence of HTTPS and a valid SSL certificate, which critically undermines security and user trust. The site uses common marketing and analytics tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag, but lacks visible cookie consent mechanisms and privacy policies, raising compliance concerns. Overall, the business appears legitimate and established, but the digital security posture requires urgent improvement.

W

WIG Wietersdorfer Holding GmbH

wietersdorfer.com

39

WIG Wietersdorfer Holding GmbH is a large, family-owned industrial enterprise based in Austria with a 125-year history. The company operates internationally with subsidiaries in multiple countries, focusing on sectors such as cement, lime, GFK and PP pipe systems, and industrial minerals. Their business model is centered on manufacturing and global distribution, targeting industrial and construction markets. The website reflects a mature digital presence with a professional design, clear navigation, and multilingual support. Technically, the site is built on WordPress with the Avada theme and uses common plugins for forms, multilingual content, and cookie management. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which is a critical issue that needs immediate remediation. Privacy compliance is well addressed with comprehensive policies and a robust cookie consent mechanism. Overall, the site demonstrates good business credibility and digital maturity but requires urgent security improvements to protect user data and maintain trust.

A

Air Liquide

airliquide.com

40

Air Liquide is a global leader in gases, technologies, and services for industry and healthcare, operating in 60 countries with a large workforce and millions of customers. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding. However, the technical security posture is weak due to an invalid SSL certificate and disabled TLS protocols, which poses significant risks to user trust and data security. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. The absence of direct contact information and vulnerability disclosure policies suggests areas for improvement in transparency and incident response readiness. Overall, the domain registration data aligns well with the business claims, indicating high legitimacy.

G

Grand Hotel Oslo

grand.no

33

Grand Hotel Oslo is a historic and iconic hospitality business located in the heart of Oslo, Norway. It offers premium hotel accommodations, multiple restaurants and bars, event hosting facilities, and spa services. The hotel targets tourists, business travelers, and event organizers, positioning itself as a luxury and culturally significant venue. The website reflects a professional and consistent brand image with clear business information and trust indicators such as environmental certification and social media presence. Technically, the site uses modern JavaScript libraries and integrates Google Analytics and Tag Manager for tracking, hosted likely on Microsoft Azure infrastructure. However, a critical security gap exists as the website lacks HTTPS/SSL encryption, exposing visitors to potential risks. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the website is functional and content-rich but requires urgent security improvements to protect user data and enhance trust.

M

Mayr-Melnhof Holz Holding AG

mm-holz.com

40

Mayr-Melnhof Holz is a leading European manufacturer in the wood industry, specializing in engineered wood products such as glued laminated timber and cross-laminated timber. With a history spanning over 170 years, the company holds a strong market position and offers a comprehensive range of wood construction solutions. The website reflects a mature digital presence with detailed product information, references, and a multilingual interface targeting architects, planners, and industry professionals. Technically, the site is built on TYPO3 CMS and employs modern JavaScript libraries like Owl Carousel and Google Analytics for user tracking. However, the site suffers from slow load times and lacks a valid SSL certificate, which significantly impacts its security posture. The absence of HTTPS and modern TLS protocols is a critical vulnerability that needs immediate remediation. Security-wise, the company has implemented SPF records and avoids subdomain takeover risks, but the lack of DNSSEC, HSTS, and OCSP stapling reduces its overall security maturity. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism, aligning with GDPR requirements. Overall, the website is professional and content-rich but requires urgent security improvements, especially regarding SSL/TLS configuration, to enhance trust and protect user data.