Security Directory

D

dm drogerie markt

dm-drogeriemarkt.at

40

dm drogerie markt is a leading retail company in Austria specializing in drugstore products with a strong online presence. The website serves as a platform for product search, store availability, and customer engagement, targeting Austrian consumers. The technical infrastructure leverages modern JavaScript frameworks and integrates multiple third-party services for analytics, marketing, and user consent management. However, the website currently lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are well implemented, but the absence of HTTPS severely impacts the overall security posture. Privacy compliance is minimal with no detected privacy or cookie policies in the provided content. Business credibility is strong given the consistent domain registration and professional website design.

Wind Tre S.p.A. is a major Italian telecommunications operator offering a comprehensive range of services including mobile telephony, fiber and fixed internet, energy supply, and insurance products. The company targets both private consumers and business customers in Italy, positioning itself as a one-stop provider for connectivity, energy, and insurance needs. The website reflects a mature, well-established enterprise with a strong brand presence and extensive service offerings. Technically, the site is built on Adobe Experience Manager with integrations of Adobe Target and Google Tag Manager for marketing and analytics. However, the main domain lacks a valid SSL/TLS certificate and does not support HTTPS, which is a significant security concern. The site includes comprehensive legal, privacy, and cookie policies, demonstrating good privacy compliance and transparency. Contact information is clearly provided, including verified company emails, phone numbers, and social media channels. Overall, the security posture is basic due to missing HTTPS and related configurations, but the business credibility and content quality are high.

W

Weingut Michael Schroth

weingut-schroth.de

34

Weingut Michael Schroth is a small regional winery located in Grünstadt-Asselheim, Germany, specializing in a variety of wines including Winzersekt, Chardonnay, and Riesling. The website serves primarily as a digital presence showcasing the winery's offerings and regional identity. The business model focuses on wine production and sales targeted at wine consumers interested in the Pfalz region's specialties. Technically, the website uses basic HTML, CSS, JavaScript, and Adobe Typekit fonts, with jQuery for scripting. Hosting appears to be provided by Ionos, but the site suffers from slow load times and minimal mobile optimization. Security posture is weak, with no SSL/TLS certificate, no HTTPS, and absence of security headers or DNS security features. Privacy and compliance policies are missing, and no contact information is provided on the landing page, limiting user trust and regulatory compliance. Overall, the site is functional but lacks modern security and privacy standards, which poses risks to visitors and the business's credibility.

I

IOSBET

shelfsailor.com

32

The website shelfsailor.com operates as an online slot gaming platform branded as IOSBET, targeting the Indonesian market. It offers online slot games with a system designed to increase winning chances daily. The site positions itself as a new entrant in the online gaming sector with a focus on Indonesian users, leveraging affiliate partnerships with established e-commerce platforms like Lazada. The business model revolves around online gaming services with promotional and affiliate marketing components. Technically, the site employs modern JavaScript frameworks including React and uses extensive tracking and analytics tools from Alibaba's ecosystem, indicating a moderate level of digital maturity. However, the site suffers from slow performance due to large page size and numerous resources, and it lacks mobile optimization and accessibility features. Security-wise, the absence of HTTPS and security headers significantly weakens its posture, exposing users to potential risks. No privacy or cookie policies are present, and contact information is missing, which raises compliance and trust concerns. Overall, the site is accessible without WAF or security challenges but requires urgent improvements in security, privacy compliance, and performance to enhance user trust and operational integrity.

K

Kering Eyewear S.p.A.

keringeyewear.com

40

Kering Eyewear S.p.A. is a prominent luxury eyewear company operating under the global Kering Group umbrella. Established in 2014 and headquartered in Italy, it designs, develops, and distributes eyewear for a portfolio of 14 prestigious brands, including proprietary and licensed luxury houses. The company positions itself as a market leader in the luxury eyewear segment, targeting discerning consumers and industry partners. The website reflects a high level of professionalism with rich multimedia content, clear navigation, and consistent branding across multiple languages and regions. Technically, the site leverages modern JavaScript libraries, Google Tag Manager for analytics, and OneTrust for cookie consent, hosted on Microsoft Azure infrastructure. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines user trust and data protection. Privacy and cookie policies are well implemented, indicating good GDPR compliance. Contact information is available, though no phone numbers are explicitly provided. Overall, the site demonstrates strong business credibility but requires urgent security improvements to meet modern standards.

G

Geiger.com

geiger.com

40

Geiger.com is a large, family-owned US-based distributor specializing in promotional products, corporate gifts, and imprinted apparel. The company positions itself as the largest family-owned promotional product distributor in the US, serving a broad business audience with a comprehensive product catalog and services including custom products, kitting, corporate programs, and expos. The website reflects a mature digital presence with extensive product categories, client brand logos, and active social media engagement. Technically, the website uses modern JavaScript frameworks such as Vue.js and Bootstrap 5, hosted likely on AWS infrastructure. Marketing and analytics tools include Google Tag Manager, Google Analytics, Osano CMP for consent management, Filestack for file handling, and Searchspring for search functionality. The site is mobile-optimized and accessible with good SEO practices, though performance metrics indicate slow loading. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. While some security headers are present, key TLS protocols and best practices like HSTS, OCSP stapling, and session resumption are not enabled. No incident response or vulnerability disclosure policies are found. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professionally designed and credible from a business standpoint but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL/TLS deployment, enabling modern security headers and protocols, implementing cookie consent, and publishing incident response information.

O

Oskar Schmidt GmbH

schmidtauto.at

33

Autohaus Schmidt, officially Oskar Schmidt GmbH, is a well-established automobile dealership and service provider based in Salzburg, Austria, with a history dating back to 1928. The company operates multiple locations and offers a wide range of services including new and used car sales, vehicle rental, servicing, repairs, and financing. Their market position is strong within the regional transportation sector, supported by authorized partnerships with major car brands such as Ford, Volvo, Peugeot, and Citroën. The website reflects a professional and consistent brand image targeting car buyers and service customers in Salzburg and surrounding areas. Technically, the website uses modern JavaScript, AWS CloudFront CDN, and Google Tag Manager for analytics and marketing. However, it lacks HTTPS, which is a critical security deficiency. The site includes cookie consent mechanisms and privacy policies compliant with GDPR, indicating a good level of privacy awareness. Performance data is unavailable, but the site appears mobile-optimized and SEO-friendly. From a security perspective, the absence of SSL/TLS encryption severely impacts the site's security posture, exposing users to potential risks. Other security headers and best practices are partially implemented but overshadowed by the lack of HTTPS. No incident response or vulnerability disclosure policies are present. The domain registration data aligns well with the business claims, enhancing trustworthiness. Overall, while the business and website demonstrate professionalism and good content quality, the critical lack of HTTPS significantly lowers the security score and overall risk profile. Strategic improvements in security infrastructure are essential to protect users and maintain trust.

B

Bombardier

bombardier.com

52

Bombardier is a mature enterprise specializing in the design, manufacture, and maintenance of ultra-long-range business jets and specialized defense aircraft. The company targets discerning individuals, businesses, and governments globally, maintaining a strong market position with a comprehensive portfolio of aircraft and support services. The website reflects a high level of professionalism, rich multimedia content, and consistent branding aligned with Bombardier's industry stature. Technically, the site leverages Drupal CMS, modern JavaScript frameworks, and monitoring tools like New Relic, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. However, the absence of HTTPS and security headers presents significant vulnerabilities. Overall, the domain registration is consistent with the business history, reinforcing legitimacy. Strategic improvements in SSL deployment and security configurations are essential to enhance trust and compliance.

dormakaba Holding is a globally recognized leader in smart and secure access solutions, providing a comprehensive range of products and services for secure access to buildings and rooms. The company operates internationally with a strong presence in multiple countries and serves diverse markets including security, technology, and manufacturing sectors. The website reflects a mature, well-established business with a clear focus on innovation, sustainability, and customer engagement. Technically, the site leverages modern frameworks such as Vue.js and Contentful CMS, ensuring a responsive and user-friendly experience across devices. Security measures are robust with multiple security headers and a comprehensive content security policy, although the SSL certificate is currently invalid, which is a critical issue that needs immediate attention. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, dormakaba demonstrates a strong security posture and business credibility, supported by transparent investor relations and active communication channels.

H

Hartlauer Handelsgesellschaft m.b.H.

hartlauer.at

40

Hartlauer Handelsgesellschaft m.b.H. operates a large retail and e-commerce platform focused on optics, photography, mobile phones, and hearing aids in Austria. With over 160 physical stores and a comprehensive online shop, it serves a broad consumer base with premium products and services including free eye tests and hearing aid trials. The website is professionally designed with excellent content quality and user experience, supported by a modern technology stack primarily based on Salesforce Commerce Cloud and integrated marketing and analytics tools. However, a critical security issue is present due to the lack of a valid SSL certificate and absence of HTTPS, severely impacting the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, and the company demonstrates strong business credibility with clear contact information and trust seals. Strategic security improvements are urgently needed to protect user data and maintain trust.

D

d:code:it Ltd

dcodeit.com

38

d:code:it Ltd is a digital design and development studio specializing in transforming enterprises, particularly in the financial services sector. The company targets global banks and enterprises, offering innovative financial solutions, trading applications, and management consulting services. Their market position is that of a niche, specialized provider with a strong focus on complex UI and fintech applications. The website reflects a professional and consistent brand image with detailed leadership information and a comprehensive privacy policy demonstrating GDPR compliance. Technically, the website is hosted on AWS infrastructure using Amazon S3 and CloudFront CDN, with modern JavaScript and SVG animations enhancing user experience. However, the site suffers from an invalid SSL certificate and lack of modern TLS protocols, which significantly impacts its security posture. Privacy compliance is well addressed in the policy, but no explicit cookie consent mechanism is present. Overall, the site is functional and professional but requires urgent security improvements to ensure trust and compliance.

L

LGT Private Banking

lgt.com

40

LGT Private Banking is a well-established global private bank with over 100 years of history, specializing in wealth management and investment solutions for wealthy clients. The website reflects a professional and consistent brand image, targeting high-net-worth individuals and financial intermediaries. The business model focuses on private banking services, investment solutions, and sustainability-oriented wealth management. Technically, the website uses modern web technologies and is hosted on a reputable CDN provider, but suffers from critical SSL/TLS misconfiguration, impacting security and user trust. Security headers are well implemented, but the lack of HTTPS is a major vulnerability. Privacy compliance is partially met with a clear privacy policy but lacks a cookie consent mechanism despite tracking scripts. Overall, the website is content-rich, professionally designed, and trustworthy, but requires urgent security improvements.

L

Life and Career Design Consulting GmbH

lifeandcareer.eu

40

Life and Career Design Consulting GmbH is a small Austrian consulting firm specializing in career development and interim management services. Their website, built on Squarespace, offers bilingual content in German and English, targeting professionals seeking coaching, training, and assessment services. The company maintains a professional online presence with clear contact information and active social media channels. Technically, the website uses standard Squarespace infrastructure and Typekit fonts but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The absence of privacy and terms of service policies indicates gaps in compliance. Security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Overall, the business appears legitimate and consistent with its domain registration data, but improvements in security and privacy compliance are necessary to enhance trust and user safety.

M

marketmind GmbH

marketmind.at

24

marketmind GmbH is a well-established marketing consulting agency founded in 1996 and based in Vienna, Austria. It operates primarily in the DACH region, serving clients across sectors such as energy, transport, banking, telecommunications, government, non-profit, retail, hospitality, and media. The company offers data-driven marketing research, consulting, and data science services with a strong focus on UX research, branding, segmenting, and customer experience. The website reflects a mature digital presence with detailed team profiles, client testimonials, and comprehensive service descriptions, positioning marketmind as a leading player in its market segment. Technically, the website is hosted on Microsoft IIS with ASP.NET technology and uses Cloudflare for DNS and nameservers. The site employs modern web technologies such as JSON-LD structured data, WebP images, and custom fonts. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. Performance metrics are not available, but the site is mobile-optimized and accessible with good SEO practices. From a security perspective, the absence of HTTPS and TLS protocols severely impacts the security posture. While some security headers like X-Content-Type-Options are present, the lack of HSTS, OCSP stapling, and session resumption mechanisms indicates room for significant improvement. Privacy compliance is well addressed with a clear privacy policy, cookie consent mechanism, and GDPR compliance indicators. The site uses marketing and analytics tools such as Google Analytics and LinkedIn Insight Tag with transparent disclosures. Overall, marketmind GmbH presents a professional and trustworthy business with excellent content quality and business credibility. The main risk lies in the missing HTTPS configuration, which should be addressed urgently to protect user data and improve trust. Strategic recommendations include implementing SSL/TLS, enhancing security headers, and maintaining ongoing compliance with privacy regulations.

C

Campofrío Food Group, S.A.U

campofrio.es

40

Campofrío Food Group, S.A.U is a well-established Spanish company specializing in the production and commercialization of meat products. It holds a strong market position in Spain with a diverse portfolio of brands and products, focusing on quality, innovation, and sustainability. The website demonstrates a high level of content quality, with detailed product information, recipes, and corporate social responsibility initiatives. Technically, the site uses modern frameworks such as Next.js and Drupal CMS, ensuring good mobile optimization and user experience. However, the absence of a valid SSL certificate significantly impacts the security posture, reducing the overall security score. Privacy policies and cookie consent mechanisms are comprehensive and GDPR compliant, reflecting a mature approach to data protection. The company is part of the larger Sigma Alimentos group, with several subsidiary brands and dedicated service platforms. Overall, the website is professional and trustworthy but requires urgent attention to its SSL configuration to enhance security and user trust.

A

AMETEK Grabner Instruments

grabner-instruments.com

40

AMETEK Grabner Instruments is a medium-sized business specializing in the development and manufacturing of automatic petroleum testing equipment, including vapor pressure testers, flashpoint testers, and fuel analyzers. The company operates globally with a strong market position as an innovator and thought leader in fuel analysis technology. Their website reflects a professional business model focused on manufacturing, sales, training, and technical support services for the petroleum and energy sectors. Technically, the website uses ASP.NET technology with JavaScript libraries and is hosted on AWS infrastructure. While the site is mobile optimized and has good content quality, it suffers from slow load times and lacks a valid SSL certificate, which impacts security posture significantly. Privacy compliance is well addressed with comprehensive cookie and privacy policies and a consent mechanism. Security best practices are partially implemented but require urgent improvements, especially regarding HTTPS and security headers. Overall, the domain registration data aligns well with the business claims, indicating a trustworthy and legitimate entity.

OeKB Gruppe is a central financial service provider based in Austria, supporting the Austrian economy with a broad range of services including export financing, capital market services, energy market services, development financing, and tourism services. The website presents a professional and comprehensive overview of their offerings, targeting Austrian businesses, investors, and financial institutions. The company holds a strong market position as a key financial institution in Austria. Technically, the website uses a custom CMS with JavaScript and Bootstrap frameworks, but suffers from slow load times and lacks modern security configurations such as a valid SSL certificate and TLS protocols. Mobile optimization and SEO are good, but accessibility is basic. The website lacks cookie consent mechanisms and some security best practices. Security posture is weak due to the absence of HTTPS, no security headers, and missing email authentication records like DMARC. DNSSEC is disabled and CAA records are malformed. These issues pose significant risks to user data confidentiality and trust. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect users and comply with modern standards. Strategic recommendations include implementing HTTPS, enabling security headers, and adding privacy and cookie consent mechanisms.

A

Austria Wirtschaftsservice Gesellschaft mbH

awsg.at

40

Austria Wirtschaftsservice Gesellschaft mbH (aws) is the official Austrian federal promotional bank dedicated to fostering innovation and economic growth within Austria. The website serves as a comprehensive portal for Austrian entrepreneurs and companies seeking funding, subsidies, and advisory services. It offers a broad range of programs targeting startups, SMEs, and established companies, with a strong emphasis on energy, sustainability, and internationalization. The site is well-branded, professionally designed, and provides clear navigation and rich content in German, targeting primarily Austrian businesses and innovators. Technically, the website is built on TYPO3 CMS and uses Apache as the web server. It integrates Matomo analytics for privacy-compliant user tracking and employs modern web technologies including CSP and various security headers. However, the SSL/TLS configuration is currently invalid or missing, which is a critical security concern. Performance metrics are not available, but the site appears mobile-optimized and accessible. From a security perspective, while several security headers are implemented, the lack of a valid SSL certificate and disabled TLS protocols significantly reduce the security posture. No explicit security or incident response policies are found on the site. Privacy compliance is strong, with a clear cookie consent mechanism and a comprehensive privacy policy in place, aligned with GDPR requirements. Overall, the site is a credible and professional government service platform with excellent content and user experience but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and improve trustworthiness.

R

RAITEC GmbH

grz.at

38

RAITEC GmbH is a prominent IT service provider specializing in delivering high-tech infrastructure and operational services to the financial sector in Austria. The company supports a large-scale environment with over 50 million daily online transactions, 35,000 client workstations, and extensive data storage capabilities. Their market position is strong as one of Austria's leading IT system houses focused on finance. Technically, the website is built on Adobe Experience Manager with modern JavaScript frameworks and tracking tools, providing a professional and accessible user experience. However, the critical lack of a valid SSL certificate and HTTPS support significantly undermines the security posture. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the business credibility and content quality are high, but urgent security improvements are needed to protect user data and trust.

R

ReinZeit Handels GmbH

reinzeit.com

40

ReinZeit Handels GmbH is an Austrian retail company specializing in eco-friendly cleaning and wellness products, including microfiber cloths, cleaners, laundry detergents, and wellness aroma products. The company emphasizes social responsibility, environmental protection, and Austrian quality standards, targeting consumers interested in sustainable and socially responsible products. Their business model includes direct sales through consultants and an online shop, supported by active social media channels and marketing efforts. Technically, the website is built on WordPress with WooCommerce, using popular plugins such as Yoast SEO and Borlabs Cookie for SEO and privacy compliance. The site is hosted on an Austrian IP and uses Apache server technology. However, performance metrics are not available, and the site is moderately optimized for mobile devices. From a security perspective, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical vulnerability. Although some security headers like HSTS and X-Frame-Options are present, the absence of TLS protocols and strong cipher suites significantly weakens the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professionally designed and trustworthy from a business perspective but requires urgent improvements in SSL/TLS security to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing security best practices.

The website datentechnik.com is currently a parked domain with no active business content or services. The page primarily serves as a placeholder indicating the domain is for sale, with advertising scripts and minimal user interface elements. The technical infrastructure is basic, hosted on Hetzner Online with nginx and Caddy servers, and uses third-party ad networks such as AdsDeli and Google Adsense Domains CAF. There is no valid SSL certificate, and the site does not support HTTPS, which significantly impacts security posture. Privacy compliance is minimal, with only a basic privacy policy accessible via a popup but no cookie consent or GDPR indicators. Business credibility is low due to lack of contact information or company details.

The Kammerorchester Arpeggione Hohenems is a small, non-profit cultural organization dedicated to classical and contemporary chamber music performances, primarily serving a regional Austrian audience. The website provides detailed event information, organizational background, and sponsorship acknowledgments, reflecting a well-established local cultural entity with a 35-year history. Technically, the site is built on the Jimdo CMS platform, hosted on Austrian infrastructure, and uses standard web technologies including JavaScript and CSS. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. While cookie consent mechanisms and privacy policies are present and GDPR compliant, the absence of visible contact emails, phone numbers, and security policies limits transparency and trust. Overall, the website is functional and informative but requires critical security improvements to enhance user trust and data protection.

K

KERN engineering careers GmbH

kern-partner.at

38

KERN engineering careers GmbH operates a professional recruiting website specialized in technology and IT sectors, primarily targeting job seekers and companies in Austria and German-speaking countries. The website offers job search, talent recruitment, and career consulting services, positioning itself as a trusted partner for technical and IT professionals. The site is built on TYPO3 CMS and hosted on a server using nginx, with DNS managed by DomainControl. Despite a professional design and comprehensive content, the website lacks a valid SSL certificate and does not serve content over HTTPS, which significantly impacts its security posture. Basic security headers like Content-Security-Policy and Strict-Transport-Security are present but insufficient without proper TLS support. Privacy compliance is addressed with a cookie consent mechanism and a detailed privacy policy in German. Contact is primarily via a web form, with no direct emails or phone numbers published. Social media presence on Facebook, LinkedIn, Xing, and Kununu supports business credibility.

Elekta is a global enterprise specializing in precision radiation medicine and cancer care solutions. Their website showcases a comprehensive portfolio of products including radiation therapy machines, stereotactic radiosurgery, oncology software, brachytherapy, and neurosurgery systems. The company targets clinicians, healthcare providers, and patients seeking advanced cancer treatment technologies. Elekta maintains a strong market position as a leader in healthcare technology with a professional and consistent brand presence. Technically, the website is hosted on AWS infrastructure using modern web technologies and includes advanced tracking and marketing tools such as Matomo and Pardot. However, the security posture is weakened by an invalid SSL certificate and disabled TLS protocols, which are critical issues that must be addressed to ensure secure communications. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the website is professional, trustworthy, and content-rich but requires urgent SSL/TLS remediation to improve security and user trust.

K

Kontron Technologies GmbH

secureguard.eu

23

Kontron Technologies GmbH is a medium-sized Austrian technology company specializing in Industrial IoT, digitalization, and smart energy solutions. With over 20 years of experience, they provide tailored software development, workforce management, and expert services to optimize business processes. The website is professionally designed, content-rich, and targets B2B clients seeking innovative technology solutions. Technically, the site runs on Drupal 10 with Apache but lacks a valid SSL certificate, exposing it to security risks. Cookie consent and privacy policies are well implemented, ensuring GDPR compliance. However, the absence of HTTPS and modern TLS protocols significantly weakens the security posture. Overall, the domain registration data aligns well with the business claims, indicating legitimacy. Strategic improvements in SSL deployment and security headers are recommended to enhance trust and protect user data.

W

WestRock

westrock.com

39

WestRock is a global leader in sustainable packaging manufacturing, operating across multiple countries with extensive packaging converting operations and paper mills. The company targets businesses requiring innovative and sustainable packaging solutions across diverse markets such as beverage, healthcare, foodservice, and retail. Their business model focuses on manufacturing and supplying a broad range of packaging products and services, supported by a strong digital presence and comprehensive content. Technically, the website leverages modern web technologies including Sitecore CMS, Coveo search, and Brightcove video players, indicating a mature digital infrastructure. However, the absence of a valid SSL/TLS certificate and HTTPS severely undermines the security posture, exposing users to risks and reducing trust. Privacy policies and cookie consent mechanisms are well implemented, reflecting good compliance practices. Overall, the site is professionally designed with clear navigation and strong branding, but critical security improvements are necessary to protect user data and enhance trust.

H

Hoval Aktiengesellschaft

hoval.com

40

Hoval Aktiengesellschaft operates as a leading provider of advanced indoor climate control solutions, specializing in heating, ventilation, and energy-efficient systems for a broad range of building types including residential, commercial, and industrial sectors. The company maintains a strong international presence with a well-structured website that clearly communicates its product offerings and corporate philosophy focused on sustainability and energy responsibility. Technically, the website leverages modern web technologies and SAP Commerce platform, supported by Google Tag Manager and OneTrust for privacy compliance. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses risks to user trust and data security. Privacy compliance is robust with clear policies and consent mechanisms in place. Overall, the website reflects a mature digital presence but requires urgent remediation of SSL and TLS issues to enhance security and trust.

BMW Group Careers website serves as a global recruitment portal for the BMW Group, a leading enterprise in the automotive transportation sector. The site offers extensive information about career opportunities worldwide, highlighting the company's commitment to innovation in autonomous driving, e-mobility, and AI. The website is well-branded, professionally designed, and targets job seekers globally with a focus on technology and automotive professionals. Technically, the site is built on Adobe Experience Manager and uses Akamai CDN and Google Maps API, reflecting a mature digital infrastructure. However, a critical security gap exists as the site lacks HTTPS, exposing users to potential risks. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. The absence of direct contact emails or phone numbers is noted, but social media channels are official and active. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and maintain trust.

CERHA HEMPEL Rechtsanwälte GmbH is a leading corporate law firm headquartered in Vienna, Austria, with a strong presence across Central and Eastern Europe. The firm offers a comprehensive range of legal services including corporate law, banking and finance, compliance, litigation, and specialized sectors such as FinTech and healthcare. Their website reflects a professional and well-structured digital presence, targeting corporate clients and legal professionals. The firm emphasizes its long history since 1921 and extensive expertise with over 200 lawyers. Technically, the website is built on TYPO3 CMS and served by nginx, but lacks a valid SSL certificate and HTTPS support, which is a critical security concern. The site is well-branded, content-rich, and includes social media integration, but performance data is incomplete and no cookie consent mechanism is detected. Security headers are minimal and no advanced security policies or incident response information is published. Overall, the website is professional and credible but requires urgent improvements in security infrastructure to protect user data and comply with modern standards.

ready2order GmbH is a medium-sized Austrian company providing cloud-based, finance-compliant cash register and POS systems tailored for small businesses in retail, gastronomy, and service sectors. Their offerings include software subscriptions and proprietary hardware, with a strong emphasis on compliance with Austrian RKSV regulations and ease of use. The website is professionally designed, content-rich, and targets small business owners seeking modern, flexible POS solutions. Technically, the site uses modern frameworks like Gatsby and React and is hosted behind Cloudflare DNS, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS and security headers, exposing users to potential risks. Privacy compliance is adequate with visible privacy and cookie policies, but no explicit security or incident response policies are found. Overall, the business appears legitimate and well-positioned in its market, but urgent improvements in SSL/TLS configuration and security practices are recommended to enhance trust and protect users.

The website ae-net.info represents a small independent consulting business operated by Torsten A�, offering services in project management, marketing, coaching, and business consulting primarily targeting German-speaking clients. The business has a mature domain with 20 years of registration, consistent with the claimed experience and service offerings. The website content is static, primarily informational, and presented in German, with no interactive forms or contact details explicitly provided on the homepage. Technically, the site is hosted on Apache via IONOS SE, uses outdated HTML standards, and lacks modern web technologies or CMS platforms. Performance is slow, and mobile optimization is poor. Security posture is weak due to the absence of HTTPS and security headers, exposing visitors to potential risks. No privacy or cookie policies are present, indicating poor privacy compliance. Overall, the site reflects a basic digital presence with limited technical and security maturity.

COS is a well-established international fashion brand specializing in modern, sustainable wardrobe essentials for women and men. The website reflects a strong brand identity with comprehensive content, multi-market localization, and a focus on sustainability. The technical infrastructure is modern, leveraging Next.js and React frameworks, hosted via Akamai CDN, and integrated with Storyblok CMS. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support and disabled TLS protocols, which severely impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Business credibility is high due to consistent branding, social media presence, and comprehensive legal documentation. Strategic improvements in security infrastructure are essential to protect user data and enhance trust.

The website chavabeijk.nl represents a personal artist site for soprano Chava Beijk, providing information about her musical repertoire, collaborations, and contact details for concerts and singing lessons. The site targets classical music enthusiasts, concert organizers, and students interested in vocal training. The business model is focused on personal promotion and service offerings in the niche classical music sector, with a small scale and localized presence in the Netherlands. Technically, the site is hosted on an Apache server with basic JavaScript for UI interactions and is hosted by Mijndomein. The site lacks modern frameworks, CMS, or advanced performance optimizations, resulting in slow loading and poor mobile optimization. No analytics or tracking technologies are detected, indicating minimal digital maturity. From a security perspective, the site lacks HTTPS and a valid SSL certificate, exposing users to potential risks. No advanced security headers or policies are implemented, and no privacy or cookie policies are present, indicating poor compliance with GDPR and modern privacy standards. The DNS configuration is basic with SPF but lacks DNSSEC and CAA records. Overall, the security posture is weak, with critical recommendations needed to improve encryption and security headers. Overall, the site is functional for its purpose but requires urgent improvements in security and privacy compliance to enhance trustworthiness and protect visitors. The lack of HTTPS is a critical issue that significantly lowers the security score and overall AI rating.

NEVEON Holding GmbH is a large, leading integrated foam manufacturer specializing in polyurethane flexible and composite foams with a broad portfolio serving comfort, mobility, and specialty sectors. The company operates globally with 44 locations across 13 countries and is part of the Greiner Group. The website is professionally designed using TYPO3 CMS and hosted behind Cloudflare, offering good mobile optimization and accessibility. However, the absence of a valid SSL certificate and HTTPS significantly weakens the security posture. Security headers are partially implemented, but critical SSL/TLS configurations are missing, exposing the site to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies, and contact information is readily available. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

M

Maschinenring Schweiz

maschinenring.ch

26

Maschinenring Schweiz is a Swiss umbrella organization dedicated to fostering inter-company collaboration in agriculture. It connects members, organizes purchasing cooperatives, and offers various services to support agricultural businesses. The website is professionally designed using TYPO3 CMS and hosted on Hostpoint, with a clear structure and multilingual support. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. Privacy and cookie policies are well implemented with consent mechanisms, and social media presence is established on Facebook and Instagram. Overall, the site reflects a medium-sized, established non-profit entity with a strong community focus but requires urgent security improvements.

N

NCT Heidelberg

nct-heidelberg.de

40

NCT Heidelberg is a prominent German healthcare and research institution specializing in oncology. The website serves multiple audiences including patients, physicians, and researchers, offering comprehensive information on patient care, clinical studies, and cancer research programs. The site is well-structured and professionally designed, reflecting its institutional nature and affiliations with major German research and medical organizations. Technically, the website is built on TYPO3 CMS and integrates modern consent management tools like Usercentrics, alongside Matomo for privacy-focused analytics. However, the absence of a valid SSL certificate is a critical security flaw that undermines user trust and data protection. Security headers are partially implemented, but DNSSEC and proper CAA records are missing, indicating room for improvement in DNS security. Privacy compliance is strong with clear GDPR mechanisms in place. Overall, the site demonstrates good business credibility and content quality but requires urgent security enhancements to meet modern standards.

O

OBLIN Rechtsanwälte GmbH

oblin.at

26

OBLIN Rechtsanwälte GmbH is a specialized international law firm focusing on arbitration, litigation, and dispute resolution based in Austria and Germany. The firm targets businesses engaged in cross-border disputes and white collar crime matters, positioning itself as a leading boutique legal service provider with a strong international network and multiple awards. The website reflects a professional and consistent brand image with comprehensive content about their expertise and team. Technically, the website is built on TYPO3 CMS and served via Apache, with good mobile optimization and SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Security headers are partially implemented, but modern TLS protocols and HSTS are missing. Privacy compliance is partially met with a privacy policy present but no cookie consent mechanism. Overall, the site demonstrates good business credibility but requires urgent security improvements.

S

Schäfer Shop Deutschland

schaefer-shop.de

36

Schäfer Shop Deutschland is a well-established e-commerce retailer specializing in office furniture, office supplies, and warehouse equipment, serving primarily business customers across Europe. With over 50 years of experience, the company offers a comprehensive product range exceeding 85,000 items, emphasizing quality, service, and fast delivery. The website reflects a mature digital presence with professional design, clear navigation, and multi-language support for various European markets. Technically, the site employs modern marketing and analytics tools including Usercentrics for consent management, Google Tag Manager, and Adobe Experience Cloud, ensuring compliance with privacy regulations and effective user tracking. However, a critical security concern is the absence of a valid SSL certificate and lack of HTTPS support, which significantly undermines the site's security posture and user trust. Despite this, the site maintains strong trust indicators such as ISO certifications, Trusted Shops membership, and sustainability awards. Overall, while the business and technical maturity are high, immediate remediation of SSL/TLS issues is essential to secure the platform and protect customer data.

U

Under The Milky Way

underthemilkyway.com

38

Under The Milky Way is a well-established global digital film distribution company with a strong market presence and partnerships with major VoD platforms. Their website reflects a professional business focused on digital distribution and marketing services, supported by a proprietary software solution for revenue optimization. Technically, the site is built on Squarespace with modern web technologies and includes basic SEO and mobile optimization. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy compliance is partially addressed with a cookie banner and privacy policy, but lacks comprehensive GDPR indicators and terms of service. Overall, the business appears legitimate and credible, but security posture requires urgent improvement.

N

Novotech

novotech-cro.com

40

Novotech is a globally recognized full-service clinical research organization (CRO) specializing in supporting biotech and small to mid-sized pharmaceutical companies with clinical trial services and scientific advisory. The company has a strong market position in the Asia-Pacific region and globally, supported by multiple industry awards and a comprehensive portfolio of services including medical consulting, patient recruitment, clinical operations, biometrics, virtual trials, and laboratory services. The website reflects a mature digital presence with multilingual support, professional design, and clear navigation tailored to its target audience of biopharmaceutical sponsors. Technically, the website is built on Drupal 10 and hosted on Pantheon, utilizing modern web technologies and third-party integrations such as OneTrust for cookie consent and Google Tag Manager for analytics. The site is mobile-optimized and accessible, with good SEO practices and structured data for enhanced search visibility. From a security perspective, while the site implements several important HTTP security headers and content security policies, it critically lacks a valid SSL certificate and does not support any TLS protocols, severely impacting the security posture and user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Business credibility is high, supported by consistent branding, professional content, and trust indicators. Overall, the site presents a professional and trustworthy front for Novotech but urgently requires remediation of its SSL/TLS configuration to ensure secure communications and compliance with modern security standards.

Raiffeisen-Landesbank Tirol AG is a regional financial institution serving private and corporate clients primarily in Tirol, Austria. The website presents a comprehensive portfolio of banking services including private banking, corporate banking, online banking, loans, savings, insurance, and real estate services. The company positions itself as a trusted regional partner with a strong emphasis on sustainability and customer service. Technically, the website is built on Adobe Experience Manager with modern JavaScript frameworks such as Angular and includes advanced tracking and consent management tools. However, the security posture is weak due to the absence of a valid SSL certificate and lack of TLS protocol support, which is a critical issue for a financial institution. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

The Lucille Werner Foundation is a small Dutch non-profit organization dedicated to improving the visibility and inclusion of people with disabilities through media, events, and labor market initiatives. The website reflects this mission with clear content and navigation but lacks critical compliance elements such as privacy and cookie policies. Technically, the site is built on the JouwWeb CMS platform and hosted on Google Cloud infrastructure, but it suffers from an invalid SSL certificate, resulting in no proper HTTPS security. Security headers are partially implemented, and minimal user tracking is done via Plausible Analytics, indicating some privacy awareness. Overall, the security posture is weak due to missing HTTPS and lack of advanced security configurations. The domain registration data aligns well with the business claims, supporting legitimacy. Strategic improvements in SSL configuration, privacy compliance, and contact transparency are recommended to enhance trust and security.

R

RIWOG Real Estate Management GmbH

riwog.at

36

RIWOG Real Estate Management GmbH operates as a medium-sized real estate group based in Austria, offering comprehensive property brokerage, management, and related services. The website targets property buyers, sellers, and investors primarily in Austria with some international presence in Greece and Spain. The business model focuses on real estate marketing, development, and client services including financing and valuation. The company maintains a professional online presence with clear branding and detailed legal disclosures, supporting its market position as a reputable real estate service provider. Technically, the website is built on SilverStripe CMS with modern JavaScript frameworks and integrates common marketing and analytics tools such as Google Analytics and Facebook Pixel. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms implemented. Security best practices are partially implemented but critical improvements are needed in SSL/TLS configuration and security headers. Overall, the website is functional and professional but requires urgent security enhancements to protect user data and improve trust.

I

InfoMatrix Technologies Pvt. Ltd.

infomatrix.com

23

InfoMatrix Technologies Pvt. Ltd. is a small Indian IT services company specializing in web design, software development, ecommerce solutions, SEO, and hosting services primarily targeting clients in Noida and Delhi/NCR. The company has an established regional presence with repeat business and a focus on customer satisfaction. Technically, the website is built on an outdated Joomla 1.5 CMS platform hosted on Apache servers without HTTPS enabled, which exposes users to security risks. The site includes basic SEO and accessibility features but lacks modern performance optimizations and mobile responsiveness. Security posture is weak due to absence of SSL/TLS, missing security headers, and no published security or incident response policies. Privacy compliance is minimal with no cookie consent mechanism despite use of Google Analytics tracking. Overall, the website presents a basic professional front but requires significant improvements in security, privacy, and technical modernization to meet current standards.

The website neuestens.de is currently a parked domain landing page primarily aimed at domain resale. It does not present any active business, products, or services. The content is minimal, mostly advertising links and scripts related to domain parking monetization. The site is hosted on Hetzner Online infrastructure and uses parkingcrew nameservers. The technical infrastructure is basic with no CMS or advanced frameworks detected. The site lacks HTTPS, which is a critical security deficiency. Privacy compliance is minimal, with only a basic privacy policy linked via a popup and no cookie consent mechanism. No contact or business information is provided, limiting trust and credibility. Overall, the site is low quality and low trustworthiness, suitable only as a domain parking placeholder.

dLocal is a mature, Nasdaq-listed fintech company specializing in payment processing solutions tailored for emerging markets across Africa, Asia, and Latin America. The company offers a comprehensive suite of services including payins, payouts, fraud management, and invoice collection, serving over 700 merchants with access to 900 payment methods. The website reflects a strong market position with professional branding, extensive content, and trusted partnerships with major global companies. Technically, the site uses modern JavaScript libraries and consent management tools, but suffers from a critical lack of a valid SSL certificate, severely impacting its security posture. Privacy and cookie policies are well implemented with GDPR compliance indicators. Overall, the site is professional and trustworthy but must urgently address its SSL/TLS configuration to ensure secure user interactions.

The Doppelmayr Group website for the Automated People Mover system presents a business focused on transportation solutions, specifically cable liner automated people movers designed to manage high visitor flows efficiently. The company appears to be a large, established entity in the transportation sector based in Austria, with a consistent brand presence and clear business focus. The website content is basic but includes well-structured SEO metadata and social sharing tags, indicating some digital marketing maturity. Technically, the site uses modern frameworks such as Nuxt.js and WordPress CMS, hosted behind Cloudflare CDN. However, the absence of a valid SSL certificate and lack of HTTPS severely undermine the security posture. Performance metrics are unavailable, but the presence of many prefetch and preload scripts suggests an attempt at optimization, though the lack of HTTPS is a critical flaw. Mobile optimization and accessibility are basic, with room for improvement. Security analysis reveals significant vulnerabilities: no SSL/TLS encryption, no HSTS, no DMARC, DNSSEC, or CAA records, and no security.txt or vulnerability disclosure policies. Tracking and advertising scripts are present without accompanying privacy or cookie policies, indicating poor privacy compliance. No contact or incident response information is provided, limiting transparency and trust. Overall, the website's risk profile is elevated due to missing HTTPS and privacy compliance gaps. Strategic improvements in security infrastructure, privacy policies, and contact transparency are recommended to enhance trust and compliance.

Post Office Limited operates a comprehensive UK-wide network providing postal, financial, travel, insurance, and identity services. The website reflects a mature digital presence with extensive service offerings and strong brand consistency. The company leverages multiple external partners for financial and travel services, integrating them seamlessly into their platform. Technically, the site uses Magnolia CMS, Akamai CDN, and common JavaScript libraries like jQuery, ensuring a robust infrastructure. However, the SSL/TLS configuration is critically flawed with an invalid certificate and no enabled TLS protocols, exposing users to security risks. Additionally, a subdomain takeover vulnerability exists on api.postoffice.co.uk, which could be exploited if not remediated. Privacy and cookie policies are comprehensive and GDPR compliant, supporting strong privacy practices. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

G

Georg Fritzmeier GmbH & Co. KG

fritzmeier.com

30

The Fritzmeier Group is a large German manufacturing company specializing in driver cabs, composite parts, tooling, and environmental technology solutions primarily serving the Off-Highway and On-Highway industries. Their diversified business model includes multiple subsidiaries focused on specialized product areas such as cabs, composites, technology, and environmental solutions. The company maintains a strong market position with approximately 2,200 employees and a presence at major industry events. Technically, the website is built on TYPO3 CMS and served via Apache, with a moderate performance profile and good mobile optimization. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, despite the presence of security headers and a content security policy. Privacy compliance is good with a comprehensive privacy policy and terms of service, but lacks a cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

N

NovaTaste Austria GmbH

wiberg.eu

40

WIBERG, operated by NovaTaste Austria GmbH, is a well-established international spice and culinary product supplier targeting professional chefs, gastronomy, and catering sectors. The company offers a comprehensive range of high-quality products, supported by a professional and content-rich website that includes detailed product information, recipes, and sustainability commitments. Technically, the website is built on modern frameworks such as Next.js and React, hosted likely on Microsoft Azure, and demonstrates good design and user experience. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. While several security headers are implemented, the lack of HTTPS undermines these protections. Privacy compliance is good with a comprehensive privacy policy, but no explicit cookie consent mechanism was detected. Overall, the website is credible and professional but requires urgent security improvements to protect user data and enhance trust.