Security Directory

P

Porsche Inter Auto

porschewiennord.at

38

Porsche Inter Auto is a prominent automotive dealership network in Austria, representing multiple Volkswagen Group brands including VW, Audi, Porsche, ŠKODA, SEAT, and CUPRA. The company offers a comprehensive range of services including new and used car sales, vehicle servicing, financing, and accessories. Their market position is strong within the Austrian automotive retail sector, supported by a large network of dealer locations and a high volume of customer reviews indicating strong customer satisfaction. Technically, the website is built on the Plone CMS platform using Python and Zope, with Cloudflare providing hosting and CDN services. The site integrates modern web technologies such as Google Tag Manager, OneTrust for cookie consent, Leaflet and Google Maps for location services, and Swiper for interactive content. The site is well-structured, mobile-optimized, and includes rich content and structured data for SEO. From a security perspective, the site currently lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. Other security headers like HSTS are missing, and no advanced SSL/TLS features are enabled. However, the site does implement some security headers such as X-Frame-Options and uses Cloudflare for some level of protection. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the site is professionally designed and content-rich but requires urgent security improvements to enable HTTPS and strengthen SSL/TLS configurations. Addressing these issues will significantly enhance user trust and compliance with modern security standards.

L

La Bistrot Agency / No Name

agencenoname.com

18

La Bistrot Agency (No Name) is a small French marketing agency specializing in 360° activation strategies primarily for FMCG clients. The company offers a range of services including promotional activations, digital marketing, licensing, video production, packaging management, and print. The website reflects a mature business with 18 years of domain age and a consistent brand presence. Technically, the site runs on WordPress 4.7.29 with PHP 7.0 and uses various JavaScript libraries for UI effects and Google Maps integration. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts security posture. No advanced security headers or privacy compliance mechanisms such as cookie consent banners are present. Contact information is not explicitly provided on the homepage, though social media links to Facebook and Twitter are available. Overall, the site is functional with good content quality and navigation but requires urgent security and privacy improvements.

A

Andreas Knapp

knapp.de

33

The website knapp.de represents Andreas Knapp, a publicly appointed and sworn expert specializing in real estate valuation and related expert services in Germany. The business operates in a niche market providing property valuation, expert reports, and legal valuation services primarily targeting clients requiring official property assessments. The website content is minimal and primarily informational, focusing on the expert's credentials and service offerings without extensive interactive features or modern web design elements. Technically, the website is outdated, employing legacy technologies such as jQuery 1.7.1 and a frameset layout, which negatively impacts user experience, SEO, and accessibility. Performance is poor with a high load time and large page size. Critically, the site lacks a valid SSL certificate and does not support HTTPS, exposing visitors to security risks. No modern security headers or compliance mechanisms such as privacy or cookie policies are present, indicating a low level of digital maturity and GDPR compliance. From a security perspective, the absence of HTTPS and security headers, combined with no evidence of incident response or vulnerability disclosure policies, presents significant risks. The domain registration data aligns with the business claims, showing consistent and legitimate ownership without privacy protection. However, the lack of security best practices and compliance documentation suggests the need for urgent improvements to protect user data and enhance trust. Overall, the website scores low on security and privacy compliance, with basic content quality and business credibility. Strategic recommendations include immediate SSL implementation, updating the technology stack, adding privacy and cookie policies, and improving security headers and compliance frameworks to align with modern standards.

BMW Group Careers website serves as a global recruitment portal for the BMW Group, a leading enterprise in the automotive transportation sector. The site offers extensive information about career opportunities worldwide, highlighting the company's commitment to innovation in autonomous driving, e-mobility, and AI. The website is well-branded, professionally designed, and targets job seekers globally with a focus on technology and automotive professionals. Technically, the site is built on Adobe Experience Manager and uses Akamai CDN and Google Maps API, reflecting a mature digital infrastructure. However, a critical security gap exists as the site lacks HTTPS, exposing users to potential risks. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. The absence of direct contact emails or phone numbers is noted, but social media channels are official and active. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and maintain trust.

A

Adapt Centre

adaptcentre.ie

37

The ADAPT Centre is a prominent Irish research centre specializing in AI-driven digital content technology, collaborating with leading academic institutions such as Trinity College Dublin, Dublin City University, University College Dublin, and Dublin Institute of Technology. It serves a diverse audience including industry partners, researchers, and the public, focusing on advancing AI research, fostering innovation, and supporting enterprise collaboration. The centre is well-positioned in the technology research sector with strong government funding and industry partnerships. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, jQuery, and various plugins for enhanced functionality such as Gravity Forms and FacetWP. Hosting is managed by WP Engine with Cloudflare CDN providing content delivery and some security features. While the site is mobile-optimized and SEO-friendly, performance data is missing, and some accessibility features are basic. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS properly, which is a critical vulnerability. Other security headers and best practices are partially implemented, but the absence of HTTPS and HSTS significantly lowers the security posture. No explicit security or incident response policies are found on the site, and cookie consent mechanisms are missing, indicating partial privacy compliance. Overall, the website is professional and trustworthy in terms of business credibility and content quality but requires urgent improvements in security infrastructure to protect user data and comply with best practices. Strategic recommendations include implementing valid SSL/TLS certificates, enabling modern TLS protocols, and adding privacy and security policies to enhance compliance and user trust.

D

DAXNER GmbH

daxner.at

40

DAXNER GmbH is a medium-sized Austrian manufacturing company specializing in bulk material technology and engineering solutions for various industrial sectors including food, chemical, and non-food industries. The company has a strong market position as an internationally leading provider with a comprehensive portfolio of products and services such as engineering, production, assembly, and control technology. Their website reflects a professional and well-structured digital presence with excellent content quality and SEO optimization. Technically, the site is built on WordPress with modern plugins and scripts, but lacks a valid SSL certificate and proper HTTPS configuration, which is a significant security concern. Security headers are well implemented, but the absence of TLS protocols and session resumption reduces the overall security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information and social media presence enhance business credibility. Overall, the website is trustworthy and professional but requires urgent improvements in SSL/TLS security to protect user data and improve trust.

D

Deutsche Vermögensberatung Bank Aktiengesellschaft

dvag.at

30

Deutsche Vermögensberatung Bank Aktiengesellschaft (DVAG) is a well-established family-owned financial advisory company operating primarily in Austria, offering financial coaching, private customer financial services, and career opportunities as financial advisors. The website is professionally designed with comprehensive content, clear navigation, and strong branding consistency. It targets private customers and prospective financial advisors, positioning itself as a trusted leader in the Austrian financial advisory market. Technically, the site uses modern web components and multimedia integrations but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is strong, with detailed GDPR-compliant policies and cookie consent mechanisms. The business information is transparent and consistent with WHOIS data, reinforcing legitimacy. However, the lack of HTTPS and security headers significantly lowers the security posture and overall trustworthiness score.

F

Fercam S.p.A.

fercam.com

40

FERCAM S.p.A. is a well-established logistics and transport company with over 75 years of experience, offering a broad range of services including road, air, and ocean freight, integrated logistics, customs consulting, and specialized transport services. The company operates primarily in Europe with presence in Asia and Africa, targeting businesses requiring comprehensive supply chain solutions. The website demonstrates a good level of digital maturity with multi-language support, structured navigation, and integration of modern analytics and marketing tools. However, the absence of HTTPS and a valid SSL certificate significantly weakens the security posture, exposing users to potential risks. Privacy and cookie policies are present and supported by consent mechanisms, indicating compliance with GDPR standards. Overall, the site is professional and trustworthy but requires urgent security improvements.

C

COLOP Stempelerzeugung Skopek Gesellschaft m.b.H. & Co. KG

colop.com

28

COLOP Stempelerzeugung Skopek Gesellschaft m.b.H. & Co. KG is a well-established Austrian manufacturer specializing in stamps and marking solutions with a global footprint. Founded in 1981, the company operates multiple subsidiaries worldwide and offers a broad range of products including traditional stamps, mobile printing devices, and creative arts and crafts stamps. Their business model combines manufacturing with e-commerce and partner distribution, targeting both professional and creative markets. The website reflects a professional and comprehensive digital presence with strong branding and content quality.

Julius Meinl is a well-established premium coffee and tea company with a rich heritage dating back to 1862. The company operates globally, targeting both business customers such as coffee houses, hotels, and restaurants, as well as home consumers. Their offerings include high-quality coffee and tea products, professional equipment, and tailored services including training. The website reflects a strong brand identity consistent with their market position as a premium hospitality supplier. Technically, the site is built on Microsoft IIS with ASP.NET and Kentico CMS, hosted on Azure, and integrates modern analytics and marketing tools. However, the site suffers from a critical security issue due to an invalid SSL certificate, resulting in no HTTPS availability, which significantly impacts user trust and security posture. Privacy compliance is partial, with no visible cookie consent mechanism despite tracking scripts. Contact information is primarily via forms and social media, with no explicit emails or phone numbers published. Overall, the site is professional and content-rich but requires urgent security improvements.

E

Exmanco

exmanco.com

24

Exmanco is a regional Austrian automotive service provider and retailer specializing in tires, rims, auto parts, and vehicle maintenance services. Operating multiple branches in Austria, the company targets vehicle owners seeking professional and affordable automotive repair and parts. The website is built on WordPress with WooCommerce and uses the Enfold theme, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support represents a significant security risk. The site includes cookie consent mechanisms and structured data for SEO but lacks comprehensive privacy and security policies. Contact information and physical addresses are clearly provided, supporting business credibility.

A

ARCOTEL Hotels

arcotelhotels.com

35

ARCOTEL Hotels is a medium-sized hospitality group operating multiple hotels across Austria and Germany, focusing on urban locations and sustainable hospitality practices. The website presents a professional and consistent brand image with comprehensive content about their services, sustainability certifications, and direct booking advantages. Technically, the site uses a mix of legacy and modern technologies, including PHP 5.6.40, Bootstrap 4, and various JavaScript libraries, hosted on Amazon CloudFront CDN. However, the absence of a valid SSL certificate and use of outdated PHP versions represent significant security risks. Privacy and cookie policies are well implemented with consent mechanisms, and analytics usage is moderate with Google services. Overall, the site is functional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

Jimmy Choo's official website serves as a high-end e-commerce platform offering luxury shoes, bags, accessories, and beauty products for men and women globally. The site demonstrates a strong brand presence with comprehensive content, clear navigation, and extensive marketing integrations. The technical infrastructure leverages Salesforce Commerce Cloud, Cloudflare CDN, and multiple marketing and analytics tools, indicating a mature digital ecosystem. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to potential risks and undermining trust. Privacy and cookie policies are well implemented, reflecting compliance with GDPR and other regulations. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL configuration to ensure secure user interactions.

W

Ward Howell International

ward-howell.com

31

Ward Howell International is a globally recognized executive search firm, established in 1951, offering a broad range of leadership and talent management services. The company positions itself as a premier strategic partner for organizations seeking transformative leaders, with a strong global presence and diverse industry coverage. Their website reflects a professional and content-rich platform targeting organizations in need of executive search and leadership advisory services. Technically, the site is built on WordPress with modern plugins and integrations, including interactive maps and advanced search capabilities. However, the absence of a valid SSL certificate and HTTPS implementation significantly undermines the site's security posture. While privacy and cookie policies are comprehensive and GDPR compliant, the lack of explicit contact emails and phone numbers limits direct communication channels. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

Marriott Hotels is a globally recognized hospitality brand offering a wide range of hotel and resort accommodations, loyalty rewards, and premium guest experiences. The website reflects a mature digital presence with professional design, rich content, and integration of modern technologies such as React, Brightcove video, and Adobe DTM for analytics and marketing. However, the site currently lacks a valid SSL certificate, which is a critical security flaw that undermines user trust and data protection. Privacy and terms of use policies are present and comprehensive, supporting GDPR compliance. Overall, the business is well-established with consistent branding and a strong market position, but the technical security posture requires urgent improvement to meet industry standards.

ChargePoint, Inc. operates the be.ENERGISED platform, a modular SaaS solution designed to support businesses in building and expanding electric vehicle (EV) charging services. The website targets enterprises, fleet operators, partners, and EV drivers primarily in Germany and Europe, offering comprehensive services including charge point operation, software integration, billing, roaming, and white-label solutions. The company holds a strong market position with significant penetration among Fortune 50 companies and a large active charging network. Technically, the site is built on Drupal 10 and hosted on Pantheon, with integrations such as Google Tag Manager and Google Maps API enhancing functionality. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, despite the presence of some security headers and GDPR-compliant privacy and cookie policies. Overall, the site demonstrates high content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and maintain trust.

H&M is a globally recognized fashion retailer offering online shopping services with a focus on sustainable fashion at competitive prices. The website serves a broad international audience with multiple language and regional options, reflecting its enterprise scale and global market position. The technical infrastructure leverages ASP.NET technology and Akamai CDN services, with integration of Google Maps APIs for enhanced user experience. However, the website currently lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical security deficiency. Security headers are well implemented but cannot compensate for the absence of encrypted communication. Privacy and cookie policies are not evident on the landing page, indicating potential compliance gaps. Overall, the site demonstrates good content quality and business credibility but requires urgent security improvements to protect user data and enhance trust.

I

Informa Connect Australia

informa.com.au

40

Informa Connect Australia is a leading event organiser specializing in conferences, exhibitions, and corporate training services primarily targeting business professionals in Australia. As part of the global Informa PLC group, it holds a strong market position with a large-scale operational footprint. The website reflects a professional business model focused on event management and corporate learning, supported by a consistent brand presence and trust indicators such as testimonials and social media engagement. Technically, the site is built on WordPress with WooCommerce and uses modern web technologies and frameworks, although performance metrics are unavailable. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, despite the presence of some security headers and Cloudflare protection. Privacy compliance is moderate with clear privacy and cookie policies and consent mechanisms, but lacks explicit GDPR compliance indicators or security policies. Overall, the site is functional and credible but requires urgent improvements in security infrastructure to protect user data and enhance trust.

B

bulthaup

bulthaup.com

22

bulthaup is a premium kitchen brand specializing in high-quality kitchen concepts and living space solutions. The company operates a multilingual WordPress-based website that serves as a platform for product information, dealer location, and appointment scheduling. The site targets affluent consumers and businesses seeking bespoke kitchen solutions, positioning itself as a premium retail brand with a global dealer network. Technically, the website employs modern JavaScript libraries and WordPress plugins, including hCaptcha for form security and Cookiebot for cookie consent management. However, the site lacks a valid SSL certificate and modern TLS support, which significantly weakens its security posture. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Overall, the website is professional and content-rich but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

V

Vapiano Franchising s.r.o.

vapiano.com

37

Vapiano is an established international hospitality brand specializing in fresh handmade pasta, pizza, and salads served in a casual dining environment. Founded in 2002, the company operates a franchise business model with over 155 global restaurants. The website reflects a professional brand presence with consistent design and clear navigation targeting consumers seeking quality Italian cuisine in a relaxed setting. Technically, the site is built on WordPress hosted on WP Engine and protected by Cloudflare, utilizing common web technologies such as jQuery, Google Tag Manager, and Google Maps API. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks and reducing trust. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site demonstrates good business credibility but requires urgent security improvements to meet modern standards.

L

Linde Material Handling Austria

linde-mh.at

40

Linde Material Handling Austria is a leading provider of material handling equipment and solutions, including forklifts, automated vehicles, and digital fleet management products. The company targets businesses requiring efficient logistics and warehouse operations, offering new, used, and rental equipment alongside comprehensive service packages. The website reflects a mature digital presence with professional design, clear navigation, and extensive content tailored to its audience. Technically, the site uses JavaScript, jQuery, and tracking tools like etracker and SalesViewer, hosted likely on Microsoft Azure. However, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture, exposing users to risks. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Business credibility is strong, supported by certifications and consistent domain registration data. Overall, the site is functional and professional but requires urgent security improvements to protect users and maintain trust.

B

BAUR GmbH

baur.at

29

BAUR GmbH is a well-established Austrian company specializing in high-precision testing and measurement technology for electrical energy distribution systems, with a strong market position as a leader in cable fault location, cable testing, and insulating oil testing. The company operates internationally with multiple subsidiaries across Europe, the Americas, and Africa, offering products, services, and training to ensure reliable energy supply. Technically, the website is built on a modern JavaScript stack with RequireJS, jQuery, and various UI libraries, hosted on an Apache server. However, the primary domain baur.at lacks HTTPS, which is a significant security concern, although the main content is served securely on baur.eu. Security headers are partially implemented, but the absence of SSL/TLS and modern protocols reduces the security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website demonstrates good business credibility and technical maturity but requires urgent security improvements to protect user data and enhance trust.

Axians ICT Austria GmbH is a medium-sized ICT company based in Austria, operating under the VINCI Energies group. The company offers a broad portfolio of IT infrastructure, cloud solutions, data analytics, security, and collaboration services. The website reflects a professional and well-structured digital presence with comprehensive content and strong branding consistency. Technically, the site is built on WordPress with modern libraries and SEO tools, but suffers from critical security issues due to the lack of a valid SSL certificate and HTTPS support. Privacy compliance is well addressed with clear cookie and privacy policies and user consent mechanisms. Overall, the company demonstrates a strong market position in the Austrian ICT sector but should urgently address its security posture to protect user data and maintain trust.

PTM EDV-Systeme GmbH operates the website mscrm-addons.com, providing specialized add-ons and solutions for Microsoft Dynamics 365 and Power Platform users. The company offers a mature product portfolio addressing document creation, capacity management, and activity handling, targeting businesses using Microsoft technologies. The website demonstrates a professional presence with clear business information, customer testimonials, and partner programs, positioning itself as a trusted provider in the technology sector. Technically, the site is built on ASP.NET with the DNN CMS platform and integrates modern JavaScript libraries and Google services for analytics and user interaction. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support and exposing users to potential risks. Privacy compliance is addressed with cookie consent and a privacy policy, and contact channels are well established. Overall, while the business and content quality are strong, the lack of HTTPS significantly impacts the security posture and user trust.

E

eMAGNETIX Online Marketing GmbH

emagnetix.at

26

eMAGNETIX Online Marketing GmbH is a well-established digital marketing agency based in Austria, specializing in tailored online marketing solutions including SEO, performance advertising, content marketing, and data analytics. With over 15 years of experience and a strong client base including tourism sector businesses, the company holds premium partnerships with major platforms such as Google, Microsoft, and Meta, reinforcing its market position. The website reflects a professional and consistent brand image with comprehensive service offerings and clear contact channels. Technically, the site is built on WordPress with modern JavaScript libraries and integrates multiple marketing and analytics tools. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business demonstrates strong credibility and digital maturity but must urgently address its SSL/TLS configuration to ensure secure user interactions and maintain trust.

A

applics GmbH

applics.at

26

applics GmbH is a small Austrian technology company specializing in the development of web-based solutions including web applications, webshops, and corporate websites. The company targets business clients seeking to optimize and digitize their processes and online presence. Their market position is supported by a portfolio of notable clients and detailed project case studies, indicating a stable regional presence since at least 2015. Technically, the website is built on WordPress with PHP 7.4 and uses common web technologies such as jQuery and Google Maps API. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. The site lacks modern security headers and cookie consent mechanisms, which may expose it to compliance risks under GDPR. Business contact information is clearly provided, including phone, email, physical address, and a contact form, enhancing credibility. Overall, the website is professionally designed and SEO optimized but requires urgent security improvements.

G

Gebauer & Griller

griller.at

40

Gebauer & Griller (GG Group) is a well-established international family-owned manufacturing group specializing in high-quality wires, cables, and wiring systems for automotive and industrial applications. The company positions itself as a leading provider in energy and data transmission sectors, emphasizing customized solutions, innovation, and strong partnerships. The website reflects a professional digital presence with comprehensive content, including corporate videos, social media integration, and detailed product and corporate information. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and integrates third-party services such as Google reCAPTCHA, Google Maps, Vimeo, and Flockler social feeds. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical security concern. Security headers are partially implemented, but important features like HSTS and OCSP stapling are missing. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Contact information is comprehensive, including multiple global office addresses, emails, and phone numbers. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

BRAUN Maschinenfabrik Gesellschaft m.b.H. is a well-established Austrian manufacturing company specializing in steel cutting and grinding machines, hydraulic steel structures, and decommissioning technologies. Founded in 1848, the company holds a strong market position as a technology leader with a global presence, serving industrial clients primarily in the energy and manufacturing sectors. Their product portfolio includes customized solutions for cutting, grinding, and dismantling applications, supported by in-house engineering and automation capabilities. The website reflects a professional business with clear branding and relevant content targeting industrial customers. Technically, the website runs on an Apache server and uses JavaScript libraries including Google Analytics and Google Maps API. However, the site lacks HTTPS encryption, which is a critical security shortfall. Performance metrics are not available, but the site shows basic mobile optimization and SEO practices. The hosting provider is identified via DNS as esys.at, an Austrian hosting service. From a security perspective, the absence of a valid SSL/TLS certificate and HTTPS is a major vulnerability, exposing users to potential data interception. No advanced security headers or policies are implemented, and there is no visible incident response or vulnerability disclosure information. Privacy compliance is minimal, with no cookie consent mechanism detected, although a basic privacy policy and terms of service are present. Overall, the website demonstrates moderate business credibility and content quality but suffers from significant security and privacy compliance gaps. Strategic improvements in SSL deployment, security headers, and privacy mechanisms are recommended to enhance trust and protect users.

I

iService d.o.o.

iservice.hr

20

iService d.o.o. operates the website iservice.hr, providing fast and professional repair services for smartphones, tablets, Mac computers, and Apple devices, alongside retail sales of related accessories. The company targets both individual consumers and businesses, offering services such as quick repairs, free diagnostics, and warranty-backed parts. The business is well-positioned in the Croatian market with a strong reputation supported by certifications like Apple IRP and a 15-year operational history. Technically, the website uses a standard Apache server with modern marketing integrations including Google Analytics and Facebook Pixel, but lacks a valid SSL certificate, which is a significant security concern. The site is mobile-optimized with good SEO and user experience, though performance metrics indicate slow loading times. Security posture is weak due to missing HTTPS, lack of modern TLS protocols, and absence of key security headers. Privacy compliance is addressed with visible policies and cookie consent mechanisms, but no explicit security or incident response policies are found. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

M

Mayer & Co Beschläge GmbH

maco.at

35

Mayer & Co Beschläge GmbH operates the website maco.at, presenting itself as a leading manufacturer of window, door, and sliding door hardware, including intelligent sensor solutions for smart homes. The company targets B2B customers such as manufacturers and distributors, offering a comprehensive portfolio of products and digital services including partner portals and technical support. The website is professionally designed, multilingual, and rich in content, reflecting a mature digital presence. Technically, the site uses Kentico CMS, jQuery, and integrates Matomo analytics with a consent-based tracking approach, demonstrating a commitment to privacy compliance. However, a critical security gap exists as the maco.at domain lacks a valid SSL certificate and HTTPS support, exposing users to potential risks. The site includes comprehensive privacy and cookie policies, terms of service, and clear contact information, enhancing business credibility. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain compliance.

E

EVN

evn.at

40

EVN is a large Austrian energy provider specializing in electricity, gas, heating, water, photovoltaic solutions, and e-mobility services. The website targets private customers, businesses, agriculture, and municipalities, offering a comprehensive range of energy-related products and services. The company maintains a professional and consistent online presence with clear navigation and rich content. Technically, the site uses Kentico CMS, Cloudflare CDN, and integrates analytics tools like eTracker and Microsoft Application Insights. However, the security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, which critically impacts secure communications. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented. Overall, the site is trustworthy and professional but requires urgent improvements in SSL/TLS configuration to ensure user security.

B

Benedict Industries

benedict.com.au

40

Benedict Industries is a leading supplier and recycler of quarry, recycled, and landscape products primarily serving the New South Wales region in Australia. The company operates multiple quarry and recycling locations, offering services such as waste recycling, resource recovery, supply and delivery of bulk materials, and free trailer hire. Their products are used in major infrastructure and civil projects, positioning them as a key player in the regional construction and waste management sectors. The website reflects a professional business with clear contact information, industry certifications, and a focus on sustainability and quality. Technically, the website is built on WordPress using the Divi theme and WooCommerce for product management. It integrates various modern web technologies and third-party services including Google Fonts, Google Maps API, and several social media platforms. However, performance data is lacking, and the site currently lacks a valid SSL certificate, which is a critical security shortfall. Mobile optimization and SEO appear to be well implemented, though accessibility is basic. From a security perspective, the site has several HTTP security headers configured, but the absence of HTTPS and TLS protocols severely undermines its security posture. No incident response or vulnerability disclosure information is present, and cookie consent mechanisms are missing, indicating gaps in privacy compliance. The domain registration is consistent with the business claims, registered through Melbourne IT without privacy protection, and the domain age aligns with the company's operational history. Overall, while the business and website demonstrate professionalism and market presence, urgent improvements in security infrastructure, particularly SSL/TLS deployment and privacy compliance, are recommended to enhance trust and protect user data.

I

IDEMIA

idemia.com

40

IDEMIA is a global leader in biometrics and cryptography, providing advanced technology solutions that enable secure payments, identity verification, connectivity, and public safety. The company serves governments, enterprises, and financial institutions worldwide, positioning itself as a trusted partner with a strong market presence and extensive customer references. The website reflects a mature digital infrastructure with modern JavaScript libraries, SEO best practices, and a professional design that supports a positive user experience. However, the current lack of a valid SSL certificate and HTTPS implementation significantly impacts the security posture, exposing the site to potential risks. Privacy policies and cookie consent mechanisms are well implemented, and a Data Protection Officer contact is provided, indicating good privacy compliance. Overall, the site demonstrates high business credibility but requires urgent improvements in SSL/TLS security to align with best practices and user trust expectations.

I

INFORMIO Software GmbH

informio.at

23

INFORMIO Software GmbH is a small Austrian technology company specializing in ERP business software solutions, including Microsoft Dynamics ERP, Informio BELVEDERE, and B2B portals. The company positions itself as a certified business partner offering consulting, project management, and implementation services primarily targeting medium and large enterprises as well as SMEs. Their website reflects a professional and consistent brand image with clear service offerings and contact information. Technically, the website is built on Microsoft IIS with ASP.NET and uses modern frontend libraries such as Bootstrap and jQuery. However, the site lacks HTTPS encryption, which is a critical security shortfall. The cookie consent mechanism is implemented, and privacy policy is present but basic. Social media presence is active on Facebook, Twitter, and LinkedIn, supporting marketing and engagement efforts. Overall, the digital maturity is moderate but requires urgent security improvements.

A

Axians ICT Austria GmbH

axians.at

40

Axians ICT Austria GmbH is a well-established IT service provider in Austria, offering a broad range of IT solutions including cloud services, cyber security, enterprise networks, and SAP consulting. The company targets business customers across various industries and emphasizes a human-centric approach to technology. Technically, the website is built on WordPress with modern libraries and integrates analytics and marketing tools such as Matomo and HubSpot. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. Privacy compliance is strong, with comprehensive policies and consent mechanisms in place. Overall, the website is professional and trustworthy but requires urgent improvements in its SSL/TLS configuration to enhance security and user trust.

T

TTX

ttx.com

40

TTX is a well-established transportation company specializing in railcar pooling and maintenance services across North America. Founded in 1955, it operates a large fleet and extensive maintenance network, serving the rail industry with innovative logistics solutions. The website reflects a mature business with comprehensive service offerings and a clear market position. Technically, the site is built on WordPress with modern libraries and integrates Google Maps and analytics, but suffers from an invalid SSL certificate and lack of HTTPS enforcement, which impacts security posture. Security headers are present, but critical SSL/TLS configurations are missing, exposing the site to potential risks. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professional and trustworthy but requires urgent SSL and security improvements to meet modern standards.

R

redmail Logistik & Zustellservice GmbH

redmail.at

36

redmail Logistik & Zustellservice GmbH is an established Austrian media distribution and logistics service provider specializing in the delivery of print advertising such as flyers and brochures. The company operates multiple offices across Austria and offers an online booking platform for print and delivery services. Their market position is supported by recognized certifications and a professional web presence. Technically, the website is built on WordPress with common plugins and modern design elements, but suffers from a critical lack of HTTPS and proper SSL/TLS configuration, exposing users to security risks. Privacy policies and cookie consent mechanisms are in place, reflecting GDPR compliance. Overall, while the business is credible and well-presented, the security posture requires urgent improvement to protect customer data and maintain trust.

S

SOPREMA

soprema.com

29

SOPREMA is a well-established global manufacturer specializing in waterproofing, insulation, and roofing products with a broad international footprint. The company operates through numerous subsidiaries and sales offices worldwide, targeting construction professionals and distributors. The website reflects a multinational business model with a focus on manufacturing and distribution. Technically, the website runs on Apache with PHP backend and Magento CMS, integrating Google Maps for location display. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which severely impacts its security posture. No privacy or cookie policies are present, indicating poor privacy compliance. Contact information is comprehensive and professional, supporting business credibility. Overall, the site requires urgent security improvements to protect user data and enhance trust.

O

Oberbank AG

oberbank.at

40

Oberbank AG is a well-established regional bank operating primarily in Austria and neighboring countries, offering a broad range of financial services including retail banking, corporate banking, savings, investments, financing, and online/mobile payment solutions. The website reflects a mature digital presence with comprehensive content tailored to private and corporate customers, supported by a modern technology stack based on Liferay and JavaServer Faces. The site demonstrates strong privacy compliance with detailed cookie consent mechanisms and GDPR-aligned privacy policies. However, the security posture is weakened by an invalid or missing SSL certificate and lack of TLS protocol support, which poses significant risks to secure communications. No explicit security or incident response policies are published, indicating room for improvement in transparency and readiness. Overall, the site is professional and trustworthy but requires urgent remediation of SSL issues to ensure secure user interactions.

K

Klapty

klapty.com

62

Klapty is a Swiss-based online platform specializing in the creation, sharing, and exploration of virtual tours in 360°, VR 360, and 3D. Established in 2019, it serves a diverse audience including real estate professionals, photographers, and tourism-related businesses. The platform offers a comprehensive suite of services such as virtual tour creation, embedding, QR code generation, and a marketplace for professional photographers. Technically, the website employs modern web technologies including jQuery, Bootstrap, and various analytics and monitoring tools, hosted behind Cloudflare for performance and security. Security measures include HTTPS with a valid SSL certificate, SPF and DMARC email policies, and basic domain protection, though improvements like HSTS and DNSSEC are recommended. The site demonstrates strong business credibility with consistent branding, extensive content, and active social media presence. However, the absence of a cookie consent mechanism and explicit security policies suggests areas for compliance enhancement. Overall, Klapty presents a mature, professional, and trustworthy digital presence with moderate performance that could benefit from technical optimizations and enhanced privacy controls.

L

LU Matemātikas un informātikas institūts

latnet.lv

40

The website latnet.lv represents the academic network laboratory of the University of Latvia's Institute of Mathematics and Computer Science, operating under the brand SigmaNet. It provides domain registration, email hosting, and internet connectivity services primarily targeting academic institutions and educational organizations in Latvia. The organization has a long-standing history dating back to 1993, positioning itself as a trusted academic network operator with a medium-sized operational scale. The website content is well-structured, informative, and consistent with the institutional identity, offering clear contact information and social media presence. From a technical perspective, the site uses legacy JavaScript libraries such as jQuery 1.9.1 and jQuery UI 1.12.0, integrates Google Maps API for location display, and employs parallax effects for visual enhancement. The hosting is managed by SigmaNet itself, reflecting an in-house academic infrastructure. Performance is moderate with basic mobile optimization and accessibility features. SEO is basic but sufficient for the target audience. Security posture is a significant concern due to the absence of HTTPS/SSL certificate, exposing users to potential data interception risks. Although SPF and DMARC DNS records are configured correctly, the lack of DNSSEC and CAA records reduces DNS security. No security policies or incident response contacts are published, and no cookie consent mechanism is implemented, which may impact GDPR compliance. The site uses Google Analytics for user tracking without visible consent banners. Overall, the website is credible and trustworthy from a business perspective but requires urgent security improvements to protect user data and comply with modern security standards. Strategic recommendations include implementing HTTPS, enhancing DNS security, publishing security policies, and introducing privacy compliance mechanisms.

N

Nelio Software

neliosoftware.com

40

Nelio Software is a mature and established WordPress-focused technology company specializing in marketing optimization plugins such as A/B testing, content management, session recordings, popups, and forms. The company targets WordPress site owners and marketers seeking to improve engagement and conversions through data-driven tools. Their market position is strengthened by their WordPress VIP Technology Partner status and a consistent brand presence. Technically, the website is built on WordPress with modern JavaScript libraries and SEO optimizations, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the business credibility is high, supported by testimonials and active social media engagement.

N

Nelio Software

nelioabtesting.com

40

Nelio Software operates a mature and professionally maintained website offering a native A/B testing and conversion optimization service specifically designed for WordPress users. The company holds a reputable position in the WordPress ecosystem, evidenced by its WordPress VIP Technology Partner status and comprehensive service offerings including heatmaps, popups, and analytics. The website demonstrates excellent content quality, clear navigation, and strong branding consistency, targeting marketers, eCommerce businesses, publishers, and agencies seeking to optimize their WordPress sites. Technically, the site is built on WordPress with modern plugins and integrations such as Yoast SEO, Nelio A/B Testing, and Nelio Popups. Hosting is provided by SiteGround, and the site employs standard web technologies including jQuery and Google Tag Manager. While performance and mobile optimization are good, the SSL certificate is expired, and security best practices like HSTS and DNSSEC are not implemented, which lowers the overall security posture. Security-wise, the site uses HTTPS with TLS 1.3 and 1.2 protocols and shows no signs of known SSL vulnerabilities or exposed sensitive data. However, the expired SSL certificate and lack of domain protection mechanisms present risks that should be addressed promptly. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place, aligning with GDPR requirements. Overall, the website is trustworthy and professional but requires immediate attention to SSL certificate renewal and enhanced domain security measures to maintain its credibility and protect user data. Strategic improvements in security headers and domain protection will further strengthen its security posture and business reputation.

A

Andrés Corson

supresenciaproducciones.com

40

The website supresenciaproducciones.com serves as a promotional platform for Pastor Andrés Corson's religious books and ministry activities, targeting Spanish-speaking Christian audiences primarily in Colombia. It offers book purchase options through affiliate links and free chapter downloads, supported by social media integration and a newsletter signup. Technically, the site is built on GravCMS, hosted on AWS infrastructure, and uses modern frontend libraries like Bootstrap and jQuery. However, the site lacks HTTPS, exposing visitors to security risks, and does not provide privacy or cookie policies, indicating poor compliance with data protection regulations. Security headers are minimal, and no incident response or vulnerability disclosure information is present. Overall, the site is functional and professionally designed but requires urgent security and compliance improvements.

W

Wegmans Food Markets

wegmans.com

40

Wegmans Food Markets is a well-established grocery retail company with a strong online presence offering grocery delivery, pickup, pharmacy, meals, and catering services. The website is professionally designed, mobile-optimized, and provides comprehensive content and navigation for its users. Technically, the site leverages modern frameworks such as Next.js and React, hosted on Vercel, and integrates multiple third-party services for analytics, marketing, and user experience enhancements. However, a critical security gap exists as the website lacks a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding and legitimate domain registration data.

Y

Y Combinator

workatastartup.com

54

Work at a Startup is a specialized job platform operated by Y Combinator, designed to connect job seekers with startup opportunities at YC-backed companies. The platform leverages Y Combinator's strong brand and network to provide a curated job marketplace focused on engineering, product, design, and remote roles. The website offers a single-profile application system, event listings, and testimonials to enhance user trust and engagement. Technically, the site uses modern JavaScript frameworks such as React and integrates third-party services like Google Analytics and Algolia for search functionality. Hosting is provided via AWS infrastructure, ensuring scalability. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. The site lacks security headers and cookie consent mechanisms, indicating room for improvement in privacy compliance. Overall, the business credibility is strong given the association with Y Combinator, but the security posture requires urgent attention to protect user data and maintain trust.

C

Casavo Management S.p.A.

casavo.com

59

Casavo Management S.p.A. operates a mature and professional PropTech platform focused on simplifying the real estate transaction process for home sellers and buyers primarily in Italy and France. The company leverages technology such as machine learning algorithms for instant home valuation, combined with human consultancy and support services including mortgage assistance and professional home enhancement. Their market position is supported by significant funding, a growing presence in multiple European cities, and strong brand recognition through media coverage and verified customer testimonials. Technically, the website is built on modern frameworks like Next.js and React, hosted via Cloudflare, and integrates various third-party services for analytics and consent management. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture and user trust. Privacy compliance is robust, with clear GDPR-aligned policies and consent mechanisms in place. Overall, while the business model and digital maturity are strong, immediate remediation of security vulnerabilities is essential to protect user data and maintain credibility.

M

Moventis S.A.

moventis.es

40

Moventis S.A. is a well-established transportation company specializing in collective passenger transport by road, operating primarily in Spain with regional and European services. The company offers a broad range of services including urban and interurban transport, coach rental, and ITS solutions. The website reflects a mature digital presence with comprehensive content, consistent branding, and clear business information targeting travelers and clients seeking transport services. Technically, the site is built on Drupal 7 with a variety of modern JavaScript libraries and integrates Google Analytics and Tag Manager for tracking. However, the site suffers from slow load times and lacks some advanced security headers and mechanisms such as HSTS, DNSSEC, and OCSP stapling. Privacy policies are present and GDPR compliance is indicated, though no active cookie consent mechanism is implemented. The WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the website is professional and trustworthy but could benefit from performance and security enhancements.

B

Banca Agricola Commerciale

baclife.sm

39

Banca Agricola Commerciale (BAC) is a well-established financial institution based in San Marino, providing a broad range of banking, investment, and insurance services to both private individuals and businesses. The website reflects a mature and professional presence with comprehensive business information, news updates, and customer resources. The company operates subsidiaries such as BAC Life S.p.A. and BAC Investments, indicating a diversified financial services group. The target audience is primarily local customers in San Marino, with services tailored to their needs including online and mobile banking solutions. Technically, the website is built on WordPress with modern plugins like Yoast SEO and Cookiebot for compliance and marketing. It integrates Google Tag Manager and Google Maps API, showing a moderate level of digital maturity. However, performance metrics are missing, and some technical debt is evident, especially in the SSL/TLS configuration. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability exposing users to potential data interception. While some security headers are present, the absence of HTTPS and DNSSEC reduces the overall security posture significantly. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is credible and professional but requires urgent improvements in SSL/TLS security to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing DNS and domain protections.

B

Banca Agricola Commerciale

bacinvestments.sm

40

Banca Agricola Commerciale (BAC) is a well-established financial institution based in San Marino, providing a broad range of banking and financial services to both private individuals and businesses. The website reflects a mature and professional organization with a strong local presence and a history dating back to 1920. The business model focuses on traditional banking services complemented by digital tools such as mobile apps and online account management. BAC maintains a consistent brand image and offers comprehensive information about its products, subsidiaries, and news updates. Technically, the website is built on WordPress with modern web technologies and includes SEO and accessibility features, although performance is moderate. Security posture is a significant concern due to the absence of a valid SSL certificate and HTTPS support, which exposes users to risks and undermines trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain registration data supports the legitimacy of the business, but technical security improvements are urgently needed.