Security Directory

T

Teach For Austria

teachforaustria.at

25

Teach For Austria is a small non-profit NGO focused on promoting educational fairness in Austria through its Social Leadership Program and fellowship initiatives. The organization targets potential fellows, educators, and partners interested in improving educational outcomes for children and youth. The website presents a professional and consistent brand image with rich content about its programs, partner networks, and impact statistics. Technically, the site uses a basic but modern stack including Apache server, JavaScript, CSS, and SVG graphics, with analytics provided by Plausible. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Security headers are minimal but present, and no advanced security policies or incident response contacts are found. Privacy compliance is limited, with no cookie consent mechanism detected, though a privacy policy page exists. Social media presence is strong, linking to multiple official channels. Overall, the website is functional and professional but requires urgent security improvements to protect user data and build trust.

U

UNIVERSAL Eisen und Stahl GmbH

universal-stahl.com

39

UNIVERSAL Eisen und Stahl GmbH is a German medium-sized full-service steel trading company specializing in heavy plates and advanced processing services. It operates as part of the Salzgitter AG group, leveraging a large inventory and extensive logistics capabilities to serve industrial clients across Europe. The company emphasizes sustainability and quality, certified under ISO 9001, and promotes innovative green steel production initiatives such as SALCOS®. Technically, the website is built on TYPO3 CMS and uses Matomo for analytics, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and HTTPS support. Security headers are partially implemented, but modern TLS protocols and HSTS are missing, exposing the site to risks. Privacy compliance is well addressed with cookie consent and GDPR-aligned policies. Overall, the business is credible and professionally presented, but the lack of HTTPS significantly undermines security posture.

O

Oracle

sun.com

40

Oracle's website for hardware solutions presents a comprehensive and professional digital presence showcasing its enterprise-grade hardware products optimized for Oracle Database and cloud integration. The site targets IT professionals and enterprises seeking scalable, high-performance infrastructure solutions. The content is rich, well-structured, and supported by multimedia and customer success stories, reflecting Oracle's strong market position in technology and cloud services. Technically, the site leverages Oracle's own content management system, Akamai CDN, and modern JavaScript frameworks, ensuring good performance and accessibility. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts the security posture and trustworthiness from a technical perspective. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR compliance. Overall, the site demonstrates high business credibility but requires urgent remediation of its SSL configuration to meet modern security standards.

The website overthefuckingtop.com serves as a login gateway redirecting users to Instagram's official login page, which is owned and operated by Meta Platforms, Inc. It primarily facilitates user authentication for Instagram services. The site exhibits professional branding consistent with Instagram and Meta, targeting Instagram users who need to log in to access their accounts. The business model revolves around social media platform user authentication, supporting Instagram's global social networking services. Technically, the site employs modern web technologies including React, JavaScript, and GraphQL, hosted on Meta's infrastructure. Performance is moderate with good mobile optimization and basic accessibility features. Security headers are well implemented, including strict content security policies and frame denial, but the absence of a valid SSL certificate is a critical vulnerability that undermines the security posture. Privacy and cookie policies are not found on this domain, which is typical for a login redirect page but limits privacy compliance. Overall, the domain is legitimate and consistent with Instagram's operations, but the lack of SSL must be addressed to ensure secure user interactions.

Compass Group is a global leader in the hospitality sector, specializing in foodservice and support services for corporate and institutional clients. The company operates at an enterprise scale with a strong market position. However, the website content is currently inaccessible due to a security challenge page, which prevents a full content and user experience analysis. The technical infrastructure shows use of Akamai for hosting and JavaScript for client-side operations, but lacks a valid SSL certificate and modern TLS protocols, resulting in no HTTPS support. Security posture is weak due to missing SSL, lack of security headers, and absence of HSTS and OCSP stapling. DNS and WHOIS data confirm legitimate domain ownership consistent with the Compass Group brand and UK location. Overall, the website is protected by a WAF or security mechanism that blocks direct content access, limiting the ability to assess privacy policies, contact information, and other compliance aspects.

S

Sto SE & Co. KGaA

sto.com

33

Sto SE & Co. KGaA is a global enterprise specializing in facade systems, insulation, acoustic surfaces, and floor coatings with over 50 years of industry experience. The company targets architects, builders, and developers seeking sustainable and aesthetic building solutions. Their website reflects a mature digital presence with comprehensive content, localized contacts, and professional branding. Technically, the site uses a custom Sto framework with modern JavaScript and CSS but lacks a valid SSL certificate, resulting in insecure HTTP connections and a weak security posture. Privacy and cookie policies are well implemented with consent mechanisms, and marketing tools like Salesforce Marketing Cloud and Usercentrics CMP are integrated. Security headers are configured but undermined by missing HTTPS. Overall, the site is professional and trustworthy but requires urgent SSL/TLS implementation to improve security and user trust.

D

DACHSER

dachser.com

40

DACHSER is a well-established global logistics provider with a strong market position and comprehensive service offerings across multiple transport and warehouse networks. The website reflects a mature digital presence with multilingual support, rich content, and clear corporate governance and compliance information. Technically, the site uses modern tracking and consent management technologies but suffers from critical SSL certificate issues that undermine its security posture. Security headers and policies are well implemented, but the lack of valid HTTPS and modern TLS protocols is a significant risk. Overall, the site is professional and trustworthy but requires urgent remediation of SSL and TLS configurations to ensure secure user interactions and maintain compliance. Strategic recommendations include fixing SSL certificates, enabling modern TLS, and enhancing security mechanisms such as OCSP stapling and session resumption.

J

J. Hornig

jhornig.com

65

J. Hornig operates a mature and professional e-commerce website specializing in coffee and tea products, including specialty blends, accessories, and barista courses. The company targets both individual consumers and business clients such as gastronomy and office sectors. The website is built on the Shopify platform, leveraging multiple third-party apps for enhanced customer experience, marketing, and reviews. Technically, the site is well-implemented with modern technologies, fast performance, and strong security headers including HSTS and CSP. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms in place. However, direct contact information like emails or phone numbers is not explicitly listed, relying on contact forms instead. The domain is well-registered with a reputable registrar and shows no signs of suspicious activity. Overall, the site demonstrates a strong security posture and good business credibility, making it a trustworthy platform for customers.

W

Wiesner-Hager Möbel GmbH

wiesner-hager.com

32

Wiesner-Hager Möbel GmbH is a medium-sized Austrian company specializing in office furniture, interior design, and office consulting services. The company targets businesses and organizations requiring innovative and sustainable office and contract furniture solutions, including hospitality and healthcare sectors. The website presents a professional and comprehensive portfolio of products and services, supported by international design collaborations and a commitment to sustainability. Technically, the website is built on the Pimcore CMS platform with modern JavaScript and CSS technologies, but suffers from a lack of HTTPS encryption, which significantly impacts its security posture. Security headers are partially implemented, but the absence of a valid SSL certificate and modern TLS protocols exposes the site to risks. Privacy compliance is well addressed with a clear privacy policy, cookie consent via Cookiebot, and GDPR adherence. The WHOIS data confirms the legitimacy and consistency of the domain registration with the business claims. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

U

UPM Raflatac

upmraflatac.com

65

UPM Raflatac is a global leader in manufacturing high-performance labeling materials, serving brands, designers, and printers worldwide. The company operates a mature and well-established business with a strong emphasis on sustainability and innovation in packaging solutions. Their digital presence reflects a professional and comprehensive approach, offering extensive customer tools and multilingual support. Technically, the website leverages modern frameworks such as Vue.js, integrates advanced analytics and marketing tools, and is hosted securely via Cloudflare with robust security headers and HTTPS enforcement. The security posture is strong, though improvements like enabling HSTS could enhance protection. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain registration and WHOIS data confirm the legitimacy and consistency of the business identity.

S

SPAX International GmbH & Co. KG

spax.com

40

SPAX International GmbH & Co. KG is a well-established German manufacturer specializing in screws and fastening technology, producing large volumes daily for a global market. Their website reflects a mature digital presence with comprehensive product information, multilingual support, and digital tools for professionals in construction and woodworking. The company demonstrates strong branding consistency and trust indicators including certifications and detailed contact information. Technically, the site is built on Adobe Experience Manager with modern marketing and consent management tools, offering good user experience and SEO optimization. However, a critical security issue exists due to an invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the business credibility and content quality are high, but urgent remediation of SSL/TLS issues is recommended to ensure secure user interactions and maintain trust.

Arjo is a well-established global healthcare company specializing in medical devices and solutions aimed at improving mobility and care for patients with reduced mobility and age-related health challenges. The company operates in over 100 countries with a large workforce and offers a broad portfolio including patient handling equipment, medical beds, hygiene solutions, disinfection products, and prevention systems for pressure injuries and venous thromboembolism. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design tailored to healthcare providers and institutions. Technically, the website leverages modern web technologies including Episerver CMS, Azure hosting, and multiple analytics and marketing tools such as Google Analytics, Siteimprove, Hotjar, and Microsoft Application Insights. The site is hosted on Microsoft Azure with Cloudflare CDN, ensuring global availability and performance. However, performance metrics were not available, and accessibility is rated as basic, suggesting room for improvement. From a security perspective, the site implements several important HTTP security headers and a detailed Content Security Policy. Nevertheless, the SSL certificate is currently invalid or missing, which is a critical vulnerability that undermines user trust and data security. HSTS is configured but not fully enabled, and session resumption mechanisms are absent. No known vulnerabilities or malware were detected, and no WAF or blocking mechanisms interfere with site access. Overall, the website demonstrates strong business credibility and privacy compliance with clear policies and consent mechanisms. The main risk lies in the SSL certificate issue, which should be addressed promptly to maintain security posture and user confidence. Strategic recommendations include renewing the SSL certificate, enabling full HSTS, and enhancing accessibility and performance monitoring.

W

www.english-teacher-college.at

english-teacher-college.at

38

The website www.english-teacher-college.at operates as a specialized media platform providing comprehensive reviews, guides, and affiliate marketing services focused on online casinos in Austria. It targets Austrian online casino players by offering detailed casino ratings, bonus information, game variety, payment methods, and customer support evaluations. The site maintains a consistent brand presence with professional content and trust indicators such as DMCA protection and author credentials. Technically, the site is hosted behind Cloudflare and uses modern web technologies including JavaScript and Google Tag Manager, but lacks a valid SSL certificate, resulting in no HTTPS support and weak security posture. This absence of HTTPS and modern TLS protocols is a critical security gap that undermines user data protection and trust. Privacy and cookie policies exist but are basic in compliance, and no direct company contact emails or phone numbers are provided, though social media channels are linked. Overall, the site is functional and content-rich but requires urgent security improvements to enhance user trust and compliance.

K

KaVo Dental

kavo.com

40

KaVo Dental is a well-established manufacturer of dental devices and instruments with over 110 years of history, serving dentists and dental technicians worldwide. The company offers a broad portfolio including treatment units, handpieces, and laboratory equipment, positioning itself as a pioneer and innovator in the dental healthcare sector. The website reflects a professional and comprehensive digital presence with multiple language support and rich content tailored to dental professionals. Technically, the site is built on Drupal 10 with modern web technologies, providing good user experience and SEO optimization. However, the security posture is weakened by the absence of a valid SSL certificate and proper HTTPS configuration, which is a critical issue that must be addressed to protect user data and maintain trust. Privacy and cookie policies are present and appear compliant with GDPR standards. Overall, the site demonstrates strong business credibility and professionalism but requires urgent security improvements.

VGN Medien Holding GmbH is a leading Austrian magazine publisher with a broad portfolio of print and digital media brands. Founded in 1992, it serves a wide Austrian audience with content spanning politics, lifestyle, business, and entertainment. The company operates multiple media brands and offers advertising and content marketing services. Technically, the website uses modern web technologies including nginx, JavaScript, and Google Analytics, but lacks a valid SSL certificate, which is a critical security shortfall. Security headers are implemented but without proper HTTPS, the site is vulnerable to interception and trust issues. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional and content-rich but requires urgent security improvements to align with best practices and user trust expectations.

The website acleddata.com is currently inaccessible due to a Cloudflare security challenge page requiring human verification via Turnstile captcha. This prevents access to any substantive content or business information. The site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. The technical infrastructure relies on Cloudflare services for DNS and security, but the absence of a valid certificate and security headers indicates a poor security posture. No privacy, cookie, or terms of service policies are present, and no contact or business details are available on the landing page. Overall, the site appears to be in a blocked or pre-launch state, limiting the ability to assess its business credibility or compliance status.

M

matthias-hander

matthias-hander.com

22

The website matthias-hander.com currently serves as a minimal placeholder with an 'UPDATE SOON' message and very limited content. It appears to be a personal or portfolio site with no clear business model or services presented. The domain is mature, registered since 2008, but the website itself lacks substantive content or professional presentation. Technically, the site is hosted on an Apache server with no SSL/TLS encryption, exposing visitors to security risks. The site uses a basic JavaScript analytics tool (Slimstat) but lacks modern performance and accessibility optimizations. Security posture is weak due to absence of HTTPS, security headers, and other best practices. Privacy compliance is minimal, with only a basic privacy page linked but no cookie consent or GDPR indicators. Overall, the site presents a low trust profile and requires significant improvements to meet modern security, privacy, and usability standards.

S

SCHMIDT Groupe

cuisines-schmidt.com

29

SCHMIDT Groupe operates a comprehensive and professionally designed website focused on custom interior design solutions including kitchens, furniture, and bathrooms. The company is a leading French manufacturer with a strong market position and a large-scale retail business model. The website demonstrates a mature digital infrastructure with modern JavaScript frameworks, extensive use of analytics and marketing tools, and a clear focus on user experience and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented, indicating good compliance with GDPR requirements. Overall, the site is content-rich and trustworthy but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

C

Cookie-Information

gorelate.com

28

The website gorelate.com currently serves a minimal content page focused on cookie information with a cookie consent popup implemented via JavaScript. The site lacks any substantive business or contact information, privacy policy, or terms of service. Technically, the site is served over HTTP without a valid SSL/TLS certificate, exposing it to security risks and reducing trustworthiness. The DNS configuration is basic with no DNSSEC and a misconfigured CAA record. Security headers are minimal, and no modern security protocols or cipher suites are enabled. Overall, the site demonstrates very low digital maturity and security posture, with no evident compliance with GDPR or other privacy regulations. Business credibility is low due to lack of identifiable company information or trust signals.

The website ebv.com is part of Avnet's EBV Elektronik division, a mature and established technology distributor with a domain age of 29 years. The site is currently inaccessible due to a Web Application Firewall (WAF) security challenge implemented by Akamai, which blocks direct content access and requires CAPTCHA validation. This limits the ability to analyze the website's content, policies, and user experience. The domain registration is consistent with the business entity, registered transparently without privacy protection, and matches the parent company Avnet. However, the SSL/TLS configuration is critically lacking, with no valid certificate detected and no modern TLS protocols enabled, posing a significant security risk. The site uses Akamai CDN and tracking technologies such as Marketo and Salesforce for marketing and analytics purposes. Overall, the website's security posture is weak due to missing HTTPS and blocked content, while business credibility remains high due to domain maturity and corporate affiliation.

K

Kraus & Naimer

krausnaimer.com

38

Kraus & Naimer is a globally recognized leader in the manufacturing of cam switches and industrial switchgear, offering a broad portfolio of products including main switches, control switches, and customized solutions. The company emphasizes mass customization and international certifications, serving a diverse industrial clientele worldwide. Their website reflects a professional and consistent brand presence with clear navigation and relevant content tailored to industrial customers. Technically, the website is built on TYPO3 CMS and served via Apache, incorporating modern JavaScript libraries and privacy-focused analytics (Matomo). However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and user trust. Privacy compliance is well addressed with visible cookie consent mechanisms and comprehensive privacy policies. Security-wise, while some security headers are implemented, the lack of HTTPS and modern TLS protocols is a significant vulnerability. No explicit security or incident response policies are published, which could be improved to enhance trust and compliance. Overall, the site is functional and professional but requires urgent security upgrades to meet modern standards and protect user data. Strategically, Kraus & Naimer should prioritize SSL certificate installation and TLS configuration, enhance security policy transparency, and continue leveraging privacy-compliant analytics to maintain regulatory compliance and customer trust.

J

Jacqueline Pehlemann

jacquelinepehlemann.de

36

Jacqueline Pehlemann is a small architecture and interior design office based in Berlin, specializing in residential and hospitality projects such as apartments and hotels. The website serves as a portfolio showcasing detailed project descriptions and high-quality images, targeting clients interested in bespoke architectural and interior design services. The business operates primarily through professional service offerings with a local market focus. Technically, the website is hosted on the Cargo platform, utilizing standard web technologies including HTML5, CSS3, JavaScript, and jQuery. However, the site lacks HTTPS support, which is a critical security deficiency. Security headers are minimal, and no advanced DNS security features like DNSSEC or CAA are implemented. Privacy compliance is weak, with no cookie consent mechanisms and only a basic privacy policy page found. Contact information is not explicitly provided on the site, which may hinder user trust and engagement. Overall, the site demonstrates good content quality and professional design but requires significant improvements in security and privacy to meet modern standards.

A

ASSA ABLOY

assaabloyentrance.com

40

ASSA ABLOY Entrance Systems is a global enterprise specializing in manufacturing and supplying advanced entrance solutions including automatic, commercial, industrial, and digital doors. The company positions itself as a leader in secure and efficient access solutions, targeting businesses and industries requiring high-quality entrance systems. The website reflects a mature digital presence with a professional design and comprehensive product information, supporting its market leadership claims. Technically, the site uses modern web technologies and a proprietary CMS platform, with good SEO and mobile optimization. However, the lack of a valid SSL certificate and HTTPS support is a critical security weakness, exposing users to potential risks. Security headers are well implemented, but the absence of encryption and privacy policies reduces trust and compliance. Overall, the site demonstrates strong business credibility but requires urgent security improvements to align with best practices and regulatory requirements.

A

Avantor, Inc.

vwr.com

40

VWR.com is the online presence of Avantor, Inc., a large enterprise specializing in providing life science products and service solutions. The website targets life science professionals and organizations globally, offering a broad range of scientific supplies and services. The business model is primarily B2B, with a strong market position as an established global supplier in the healthcare sector. The site uses localized subdomains to serve different countries, indicating a mature international presence. Technically, the website employs a variety of modern JavaScript libraries and tracking tools, including Google Analytics, Hotjar, and Cloudflare for CDN and security. However, the site lacks a valid SSL certificate and does not enable modern TLS protocols, which is a significant security concern. The content is professionally presented with good navigation and branding consistency, but mobile optimization and accessibility are basic. From a security perspective, while the site implements a comprehensive Content Security Policy and some security headers, the absence of HTTPS and modern TLS support severely impacts the security posture. No incident response or vulnerability disclosure information is provided, and no explicit contact details are available on the landing page, limiting transparency. Overall, the website is functional and professional but requires urgent improvements in SSL/TLS implementation and privacy compliance mechanisms to enhance trust and security. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, implementing cookie consent mechanisms, and providing clear contact and security policy information.

F

FH Kärnten gemeinnützige Gesellschaft mbH

fh-kaernten.at

40

FH Kärnten is a public higher education institution in Austria offering a wide range of Bachelor, Master, and continuing education programs focused on technology, health, social sciences, and management. The institution emphasizes practical orientation, international cooperation, and sustainable development. The website reflects a mature digital presence with comprehensive content, clear navigation, and consistent branding targeting prospective and current students. Technically, the site is built on TYPO3 CMS and served by Apache, but critically lacks a valid SSL certificate and HTTPS support, which undermines security and user trust. Security headers are partially implemented, but the absence of TLS protocols and HSTS reduces the site's security posture. Privacy compliance is moderate with a clear privacy policy but no cookie consent mechanism despite tracking scripts. Overall, the site is professional and credible but requires urgent security improvements to protect user data and enhance trust.

STADA is a leading German pharmaceutical company specializing in high-quality medicines, including consumer healthcare products, generics, and specialty pharmaceuticals. The company holds a strong market position as the fourth largest consumer healthcare company in Europe and is recognized as a Top Employer in Germany. Their website reflects a professional and comprehensive digital presence targeting consumers, healthcare professionals, and partners. Technically, the site uses modern JavaScript libraries, consent management tools, and is built on the Umbraco CMS platform. However, the website suffers from a critical security issue: the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines user trust and security. Performance is also suboptimal with slow load times and a large page size. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is high with detailed contact information and consistent WHOIS data. Overall, while the business and content quality are excellent, the security posture requires urgent improvement to protect users and maintain trust.

Hawle Beteiligungsgesellschaft m.b.H. is a well-established Austrian manufacturer specializing in water supply valves and related products, serving a global market with a strong European manufacturing base. The company emphasizes sustainability, quality, and innovation, with a broad product portfolio including gate valves, butterfly valves, and digital water management solutions. The website reflects a mature digital presence with multi-language support and professional branding. Technically, the site uses modern JavaScript frameworks (Vue.js), Pimcore CMS, and integrates analytics and consent management tools, indicating a good level of digital maturity. However, a critical security weakness is the lack of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the security posture and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business appears credible and trustworthy, but urgent improvements in SSL/TLS deployment are recommended to secure user interactions and data.

The Spencer Stuart Portal website serves as a client or internal portal for Spencer Stuart, a global executive search and leadership advisory firm. The site is minimalistic, primarily acting as a loading or shell page that dynamically loads resources and scripts from local bundles and external services such as Pendo for analytics. The business focus is on executive search and leadership consulting, targeting enterprise clients and internal users. The portal likely supports client engagement and administrative functions rather than public marketing. Technically, the site is hosted on Amazon S3 with CloudFront CDN, leveraging AngularJS framework and JavaScript for dynamic content loading. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. The absence of modern TLS protocols, security headers, and privacy policies further weakens the security posture. Performance data is unavailable, but the site appears slow and basic in design and user experience. Security evaluation reveals no WAF or blocking mechanisms, but the lack of HTTPS and security best practices exposes the site to risks. No privacy or cookie policies are present, and no contact or legal information is provided, limiting trust and compliance. Pendo analytics is integrated, indicating moderate user tracking without visible privacy compliance measures. Overall, the site is functional as a portal shell but requires urgent improvements in security, privacy compliance, and content completeness to meet enterprise standards and user trust expectations.

The website lobster.media is currently a parked domain landing page primarily monetized through advertising networks such as Google Adsense and Parklogic. It lacks substantive business content, contact information, or any clear business model beyond domain parking. The technical infrastructure is minimal, hosted on Hetzner Online with a Caddy server, but critically lacks a valid SSL certificate and HTTPS support, exposing visitors to security risks. The site does not implement privacy or cookie consent mechanisms and provides no security or incident response policies. Overall, the site demonstrates very low digital maturity and business credibility, with poor content quality and minimal technical sophistication.

The website porsche-inter-auto.ro is a parked domain landing page primarily offering the domain for sale. It lacks any active business content, contact information, or services. The domain is registered with Salestrar Ltd and hosted on Hetzner Online infrastructure, but no SSL certificate or HTTPS support is present, which severely impacts security posture. The site relies on advertising scripts and domain parking monetization. Overall, the digital maturity is low with minimal technical sophistication and poor privacy compliance. Security best practices are not implemented, exposing the site to risks and reducing trustworthiness. Strategic recommendations include implementing HTTPS, adding privacy and cookie policies, and improving domain security configurations.

B

Burton Snowboards

burton.com

40

Burton Snowboards is a well-established leader in the snowboarding retail industry, offering a comprehensive range of products including snowboards, boots, bindings, apparel, and accessories. Founded in 1977, the company has a strong brand presence and a loyal customer base, supported by a professional e-commerce platform that targets snowboarding enthusiasts and outdoor sports consumers. The website demonstrates excellent content quality, clear navigation, and consistent branding, reflecting a mature digital presence. Technically, the site leverages modern e-commerce technologies such as Salesforce Commerce Cloud (Demandware), Cloudflare CDN, and integrates multiple marketing and analytics tools including Google Analytics, OneTrust, and Yotpo. However, the current SSL certificate is invalid or missing, which poses a critical security risk and impacts user trust. Security headers are implemented but HSTS is not fully enabled, indicating room for improvement in HTTPS enforcement. Privacy compliance is strong with clear policies and consent mechanisms in place. Overall, the website is professional and trustworthy but requires urgent attention to SSL configuration to enhance security posture.

S

StreamBreak Interactive GmbH

streambreak.tv

56

StreamBreak Interactive GmbH operates a niche technology platform focused on enhancing live streaming experiences by providing interactive minigames and ads that engage viewers during breaks. The company targets streamers, eSports organizers, and advertisers, offering a dashboard for analytics and community interaction. Founded in 2017 and based in Austria, StreamBreak has established a consistent brand presence and has been recognized with awards such as the Twitch Extension Winner in 2019. Technically, the website is built using modern web technologies including Bootstrap and JavaScript, hosted on Uberspace with DNS managed by world4you.at. While the site supports modern TLS protocols and has HSTS enabled, performance is suboptimal with a slow page load time. Mobile optimization and SEO are good, but accessibility is basic. No CMS is detected, indicating a custom or static site. From a security perspective, the site employs HTTPS with strong protocols but lacks DNSSEC, CAA records, and domain protection locks, which are recommended to enhance DNS and domain security. OCSP stapling and certificate transparency are also not implemented. Privacy compliance is basic with a cookie banner and privacy policy present, but no terms of service or explicit GDPR compliance statements. Contact information is limited to an email address. Overall, the website is professional and trustworthy with minor security and performance improvements needed. The domain registration data aligns well with the business claims, supporting legitimacy. Strategic recommendations include improving DNS security, enhancing performance, and expanding privacy and security policies to strengthen compliance and user trust.

B

B&A Insurance Consulting

baic.cz

40

B&A Insurance Consulting is a Czech Republic-based IT consulting and software development company specializing in SAP systems and insurance sector applications. With over 16 years of market presence, the company serves insurance and banking clients, particularly within the VIG group, offering SAP implementation, maintenance, and custom software development services. The website reflects a professional and consistent brand with clear business focus and client testimonials supporting its market position. Technically, the site uses modern frameworks and technologies but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security. Privacy compliance is basic but present, with GDPR policies and cookie consent mechanisms implemented. Overall, the company demonstrates credible business operations but requires urgent improvements in security posture to protect its digital presence and client trust.

R

Regus

regus.com

40

Regus is a well-established global provider of flexible workspace solutions, including office space, coworking, virtual offices, and meeting rooms. With a mature domain age of 29 years and a strong market presence as part of the IWG Group, Regus serves a broad audience of businesses seeking flexible and scalable workspace options. The website is professionally designed, leveraging modern technologies such as Next.js and Sitecore CMS, and offers comprehensive content and clear navigation to support user engagement. However, the current lack of a valid SSL certificate and disabled TLS protocols represent significant security vulnerabilities that must be addressed promptly to ensure secure communications and maintain user trust. Privacy and cookie policies are present and indicate good compliance with GDPR requirements. Overall, the site demonstrates a strong business credibility and digital maturity but requires immediate security improvements.

A

ANWR Norden AB

anwr.se

38

ANWR Norden AB operates as a leading organization in the voluntary shoe retail sector in the Nordic region, founded in 1919 in Hamburg, Germany. The company connects shoe retailers with top brands and offers a portfolio of services tailored to the needs of trade and industry, including financial services through its own bank, DZB Bank. The website reflects a medium-sized enterprise with a clear business model focused on membership services and retail support. Technically, the website uses standard web technologies and a consent management platform but suffers from slow load times and lacks modern CMS or frameworks. Security posture is weak due to the absence of a valid SSL certificate and modern TLS protocols, despite the presence of HSTS headers. The lack of DMARC, DNSSEC, and other DNS security features further reduces security maturity. Privacy compliance is basic with a privacy policy present but no strong GDPR indicators. Overall, the site is functional but requires significant improvements in security and performance to meet modern standards.

C

Corteva Commercial

pioneer.com

40

Pioneer.com represents the global seed brand of Corteva Commercial, a large agricultural manufacturing company. The website provides seed products, agronomic expertise, and local data support aimed at farmers and agricultural professionals worldwide. The site is built on Adobe Experience Manager and uses Adobe's digital marketing and analytics tools, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy and terms pages exist but are basic, and no cookie consent mechanism is implemented, which may raise compliance concerns in regulated jurisdictions. Contact information is limited to a contact form without direct emails or phone numbers, reducing accessibility for users seeking support. Overall, the site is professional and content-rich but requires urgent security and privacy improvements.

E

Evelyn Partners

tilney.co.uk

40

Evelyn Partners is a well-established UK-based wealth management firm offering a comprehensive range of financial planning and investment management services. The company positions itself as a leader in the UK market with significant assets under management and a broad client base including individuals, families, entrepreneurs, and professional partners. Their website reflects a mature, professional business with strong branding, clear service offerings, and multiple client engagement channels including forms and contact options. Technically, the website leverages modern JavaScript frameworks and is hosted on Microsoft Azure, with good SEO and accessibility practices. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses a critical risk to user trust and data security. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and credible but requires urgent remediation of SSL issues to ensure secure client interactions.

A

Anyline GmbH

anyline.io

40

Anyline GmbH is a mature technology company specializing in AI-powered mobile data capture and OCR scanning solutions, primarily serving industries such as automotive, retail, logistics, enforcement, and energy. The company offers a broad portfolio of products including tire scanning, vehicle identification, barcode scanning, license plate scanning, meter reading, and ID scanning. Their market position is strong with over 10 years of experience and a global customer base including Fortune 500 companies. Technically, the website is built on WordPress with modern JavaScript libraries and integrates translation and consent management tools. However, the site suffers from a lack of HTTPS due to an invalid SSL certificate, resulting in a basic security posture. Privacy compliance is supported by a cookie consent mechanism and a privacy policy, though terms of service and incident response policies are not evident. Overall, the website is content-rich and professionally designed but requires critical security improvements to protect user data and enhance trust.

B

Bose

bose.com

40

Bose.com is the official e-commerce website of Bose Corporation, a leading premium audio equipment brand. The site offers a wide range of products including headphones, earbuds, speakers, soundbars, and home theater systems, targeting consumers seeking high-quality audio solutions. The business model focuses on direct-to-consumer sales supported by comprehensive customer service and product support. The website demonstrates a strong brand presence with consistent messaging and professional design, reflecting Bose's market position as a trusted leader in the audio retail sector. Technically, the website is built on Salesforce Commerce Cloud, hosted on AWS infrastructure, and integrates multiple modern marketing and analytics technologies such as Google Tag Manager, Bazaarvoice, Qualtrics, and Forter. While the site is mobile-optimized and accessible, performance is somewhat slow, and there is room for improvement in technical implementation, particularly in SSL configuration and security headers. From a security perspective, the site currently lacks a valid SSL certificate, which is a critical issue impacting user trust and data protection. No security headers are detected, and advanced security policies or incident response information are not publicly available. Privacy and cookie policies are present and include consent mechanisms, indicating good privacy compliance. WHOIS data confirms the domain's legitimacy and consistency with the brand's identity. Overall, Bose.com is a professionally managed, content-rich e-commerce platform with strong business credibility but requires urgent improvements in SSL and security configurations to enhance its security posture and user trust.

P

pc-web: it-solutions GmbH

pc-web.at

21

pc-web: it-solutions GmbH is an Austrian IT service provider specializing in IT solutions, software development, cloud computing, telephony, and online solutions. The company targets businesses and organizations seeking tailored and secure IT services. Their market position is that of an established regional provider with a medium-sized operation founded in 2023. The website presents a professional and comprehensive overview of their services, supported by customer testimonials and structured data indicating legitimacy. Technically, the website uses modern JavaScript frameworks and analytics tools but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with cookie consent and a comprehensive privacy policy. Overall, the security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Strategic improvements in SSL configuration and security headers are recommended to enhance trust and protect users.

The website sber.at currently hosts a default Plesk server page with minimal content focused on describing the Plesk hosting panel software. It does not represent a distinct business or service and lacks any custom branding or business-specific information. The technical infrastructure is basic, served by nginx without HTTPS enabled, and hosted via easyname.eu nameservers. The site lacks performance optimization and SEO features. Security posture is weak due to the absence of SSL/TLS, security headers, and privacy policies. No contact or business information is provided, limiting trust and credibility. Overall, the site appears to be a placeholder or default hosting page rather than an active business website.

CEVA Logistics is a leading global supply chain management and freight company offering a broad range of logistics services including air, ocean, ground, contract logistics, and customs brokerage. The company operates worldwide with a large workforce and is part of the CMA CGM Group. The website demonstrates a mature digital presence with comprehensive content, multiple language support, and active news and career sections. Technically, the site uses modern frameworks like Nuxt.js and Vue.js and is hosted behind Cloudflare, but critically lacks a valid SSL certificate and proper HTTPS configuration, which severely impacts its security posture. Security headers are well implemented, but the absence of TLS protocols and session resumption reduces security effectiveness. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy from a business perspective but requires urgent security improvements to protect user data and maintain trust.

C

CommScope

commscope.com

36

CommScope is a leading global provider of broadband, enterprise, and wireless network infrastructure solutions. The company offers a broad portfolio of products and services including broadband access systems, cable assemblies, connectors, networking systems, and video processing solutions. Their website reflects a mature enterprise with a strong market position, targeting telecommunications professionals, enterprises, and government agencies. The site is well-structured, multilingual, and professionally designed, showcasing their extensive product lines and corporate information. Technically, the website uses modern JavaScript frameworks, cloud hosting via Cloudflare, and integrates multiple marketing and analytics tools such as Google Tag Manager, Microsoft Application Insights, and OneTrust for cookie consent. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture and user trust. Security headers are partially implemented but lack completeness, and no explicit security or incident response policies are publicly disclosed. Overall, the website demonstrates strong business credibility and digital maturity but requires urgent remediation of SSL/TLS issues to ensure secure communications and compliance.

Waters Corporation is a leading enterprise in the technology sector specializing in analytical system solutions, software, and services for scientific research, particularly in liquid chromatography and mass spectrometry. The company targets scientists and laboratories globally, offering a comprehensive portfolio of products and services that position it as a market leader. The website reflects a mature digital presence with consistent branding, rich content, and extensive navigation options tailored to its B2B audience. Technically, the website leverages modern web technologies including React and Adobe Experience Manager, supported by Akamai CDN for performance. The site is mobile-optimized and SEO-friendly, with structured data enhancing search visibility. However, performance metrics are moderate, indicating room for optimization. From a security perspective, while several best practices are implemented such as security headers and cookie flags, the absence of a valid SSL certificate and lack of HTTPS enforcement significantly weaken the security posture. This exposes the site to risks and undermines user trust. Privacy compliance is strong, with comprehensive policies and consent mechanisms in place. Overall, Waters Corporation's website demonstrates high business credibility and digital maturity but requires urgent remediation of SSL and HTTPS issues to enhance security and trustworthiness. Strategic improvements in security infrastructure will align the site with enterprise-grade standards and protect its valuable user base.

H

Helvetia Versicherungen

helvetia.de

40

Helvetia Versicherungen is a well-established insurance provider in Germany offering a broad range of insurance and pension products for private and corporate customers. The company emphasizes customer service, sustainability, and innovative insurance solutions, supported by over 160 years of experience. The website is professionally designed, content-rich, and targets German-speaking customers with clear navigation and comprehensive service information. Technically, the site uses Adobe Experience Manager CMS and Cloudflare for DNS and CDN services, with Adobe DTM for marketing analytics. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Security headers are properly configured, but the lack of HTTPS and modern TLS protocols is a major vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies, and GDPR compliance is evident. Business credibility is high, supported by awards and customer reviews. Overall, the site is trustworthy but urgently needs to address its SSL/TLS configuration to ensure secure user interactions.

R

Raiffeisen Bank International

stepicceecharity.org

53

Stepic CEE Charity is a non-profit initiative founded in 2006 by Herbert Stepic, affiliated with Raiffeisen Bank International AG, focused on supporting socially disadvantaged groups in Central and Eastern Europe through education and social projects. The website presents a professional and well-structured digital presence with clear donation calls and comprehensive privacy compliance via OneTrust CMP. However, the absence of a valid SSL/TLS certificate significantly undermines the security posture, exposing users to risks. The charity demonstrates good trust indicators and business credibility but lacks published terms of service and phone contact details. Overall, the digital infrastructure uses modern technologies such as Vue.js and Adobe Experience Manager, hosted on Fastly, with moderate user tracking and advertising transparency.

SALT. Optics is a premium eyewear brand specializing in high-quality sun and optical glasses, leveraging Japanese craftsmanship and luxury materials. The company operates primarily through an e-commerce platform powered by Shopify, targeting consumers who value timeless design and superior lens technology. The website is professionally designed with clear navigation, product showcases, and informative content including blog posts and company philosophy. Technically, the site uses modern web technologies and integrates multiple marketing and analytics tools, but lacks a valid SSL certificate, which critically impacts its security posture. Security headers are well implemented, but the absence of HTTPS undermines user trust and data protection. Privacy and cookie policies are present, indicating some compliance with GDPR and related regulations. Overall, the site presents a moderate risk due to missing HTTPS, but otherwise demonstrates a solid business and technical foundation.

W

wild GmbH

wild.as

29

wild GmbH is a technology and design company specializing in creating award-winning digital products such as websites, apps, and digital content for modern brands, startups, and enterprises. The company positions itself as an innovative partner combining design, technology, and business strategy. Their website reflects a professional and consistent brand image with extensive project showcases and active social media presence. Technically, the website uses modern JavaScript libraries and image CDN services but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security. The absence of HTTPS and security headers exposes the site to potential risks. Privacy compliance is partially addressed with a cookie consent banner and privacy policy, though GDPR compliance is not clearly demonstrated. No direct contact information is provided on the site, which may affect user trust. WHOIS data confirms the domain is active and registered without privacy protection, consistent with the business profile. Overall, the site is content-rich and professionally designed but requires urgent security improvements to meet modern standards.

W

Worthington Enterprises

worthingtonindustries.com

38

Worthington Enterprises is a publicly traded enterprise specializing in the acquisition, design, and manufacturing of innovative building and consumer products, as well as sustainable energy solutions. The company recently separated from Worthington Steel, forming two independent entities focused on differentiated growth strategies. The website reflects a professional corporate presence with clear branding and investor relations information. Technically, the site uses modern JavaScript libraries and Google Tag Manager for analytics but suffers from a critical lack of valid SSL/TLS configuration, exposing users to security risks. Privacy and cookie policies are well implemented, supporting GDPR compliance. Overall, the site is content-rich and professionally maintained but requires urgent security improvements to protect visitors and maintain trust.

H

H World International

deutschehospitality.com

40

H World International is a large hospitality group operating multiple hotel brands with a focus on cultural diversity, tradition, and sustainable growth. The company targets hotel guests, business partners, franchisees, and job seekers, offering hotel accommodation, franchising, business travel, and development services. The website is professionally designed with clear navigation and good content relevance, supporting the company's market position as an established international hospitality group. Technically, the site uses standard web technologies and is hosted on Amazon AWS, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Security headers are partially implemented, but the absence of TLS protocols and HSTS reduces the site's security posture significantly. Privacy compliance is supported by a comprehensive privacy policy, but no cookie consent mechanism is present. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and maintain trust.