Security Directory

G

Gerhard Trittenwein

bindertrittenwein.com

37

Gerhard Trittenwein operates a specialized IT consulting and project management business focused on complex IT, change management, and digital transformation projects. The company emphasizes lean and agile methodologies to deliver early and visible results, targeting organizations facing challenging IT projects. The website presents a professional image with clear service offerings and contact information, supported by over 30 years of experience. Technically, the site uses Mono CMS with external CDNs and integrates Google Analytics and ConsentManager for tracking and cookie consent. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw, exposing visitors to risks and undermining trust. Privacy policies and cookie consent mechanisms are in place, indicating GDPR awareness, but no security policy or incident response information is provided. Overall, the business appears legitimate and consistent with its domain registration and DNS records, but urgent improvements in security posture are needed.

L

Linde PLC

the-linde-group.com

40

Linde PLC is a leading global industrial gases and engineering company focused on delivering innovative solutions to support customers across various sectors including clean energy and sustainability. The website reflects a mature, enterprise-level business with comprehensive content covering their expertise, sustainability initiatives, investor relations, and corporate governance. The technical infrastructure leverages modern tools such as Sitecore CMS, Azure Application Insights, and OneTrust for compliance, indicating a digitally mature platform. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of modern TLS protocol support, which exposes the site to potential risks and impacts user trust. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security and compliance.

Docolution GmbH is a specialized Austrian company providing tailored document management and output management solutions, focusing on quality assurance, accessibility, and customer communication. Their business model targets organizations requiring professional document handling and communication services, supported by consulting and software development. The website reflects a professional presence with clear service offerings and contact information, but lacks some standard compliance documents such as privacy policy and terms of service. Technically, the site uses modern web technologies including JavaScript, jQuery, and Google Analytics, and is mobile optimized with good accessibility features. However, the absence of HTTPS and a valid SSL certificate is a critical security shortfall, exposing users to risks and undermining trust. Security headers are minimal, and no advanced security policies or incident response contacts are published. Overall, the site is functional and credible but requires urgent improvements in security and privacy compliance to meet modern standards.

A

APILayer

apilayer.net

40

APILayer is a mature and reputable API marketplace founded in 2015, offering a wide range of APIs across multiple categories such as finance, geolocation, marketing, and developer tools. The platform targets developers and engineering teams seeking scalable, easy-to-integrate API solutions. The website is professionally designed with excellent content quality, clear navigation, and strong branding consistency. Technically, the site uses modern web technologies including OAuth for authentication, Google Tag Manager for analytics, and Cloudflare for CDN and security headers. However, a critical security issue is the absence of a valid SSL certificate and proper HTTPS configuration, which severely impacts the security posture and trustworthiness of the site. Privacy and legal policies are comprehensive and hosted on the parent company domain, indicating corporate governance. Social media presence and client testimonials add to the trust signals. Overall, while the business and content aspects are strong, the security configuration requires urgent remediation to ensure safe user interactions and compliance.

M

moodley design group

moodley.at

37

Moodley design group is a medium-sized, Austria-based consultancy specializing in brand and business transformation through strategy, design, and technology services. The company targets businesses and organizations seeking to accelerate their brand transformation and growth, especially in challenging times. Their market position is that of an established design and strategy consultancy with an international presence, offering services including brand transformation, product design, and digital product and service design. The website content is professionally crafted, with clear navigation and strong branding consistency, targeting a professional audience. Technically, the website is built on a modern stack including nginx, JavaScript, Vimeo embeds, and uses Usercentrics for consent management and Google Tag Manager for analytics. The CMS appears to be Statamic. However, performance metrics are missing, and the site lacks HTTPS, which is a critical security shortfall. Mobile optimization and SEO are good, but accessibility is basic. From a security perspective, the absence of a valid SSL certificate and HTTPS is a major vulnerability, exposing users to risks. No advanced security headers or policies are implemented, and no incident response or vulnerability disclosure information is available. Cookie consent and privacy policies are present and GDPR compliant, indicating good privacy practices. Overall, the website is professional and trustworthy in business presentation but requires urgent security improvements, especially enabling HTTPS and enhancing security headers, to protect users and improve trustworthiness. Strategic recommendations include immediate SSL installation, security header implementation, and enhanced incident response transparency.

P

Paris Lodron Universität Salzburg

uni-salzburg.at

35

Paris Lodron Universität Salzburg is a large, well-established public university in Austria, founded in 1622. It offers a broad range of academic programs across six faculties and serves approximately 18,000 students. The university maintains a strong regional and international research presence and provides extensive student services and community engagement. The website reflects a mature digital presence with comprehensive content, clear navigation, and consistent branding. Technically, the site is built on WordPress with common web technologies such as jQuery and CSS. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, exposing users to potential risks. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. The university demonstrates trustworthiness through certifications and active social media engagement.

The website 'mmmmm.org.uk' represents a small personal or artistic portfolio associated with Adrian Fisher and Luna Montenegro under the name 'montenegrofisher'. It primarily showcases artistic works, films, and CV information, targeting art enthusiasts and collaborators. The business model is portfolio-based with a niche market presence in the UK. Technically, the site is basic, built with static HTML, CSS, and JavaScript, hosted by Pickaweb, and uses Google Analytics for visitor tracking. However, the site suffers from slow load times and lacks mobile optimization and accessibility features. Security posture is weak due to the absence of HTTPS, no security headers, and no advanced security configurations. Privacy compliance is poor with no privacy or cookie policies present. WHOIS data indicates a legitimate UK registration consistent with the website's nature. Overall, the site is functional but requires significant improvements in security, privacy, and technical performance to enhance trust and professionalism.

H

HEROLD Business Data GmbH

ichbinderherold.at

35

HEROLD Business Data GmbH operates a professional career portal focused on online media and marketing services for Austrian businesses. The company is well positioned as a leading website producer and Google Premium Partner with a strong employer brand. The website content is rich, professionally designed, and targets job seekers and SMEs in Austria. Technically, the site uses Mono CMS and integrates modern tracking and consent management tools but lacks HTTPS, which is a critical security gap. The security posture is weak due to the absence of SSL/TLS encryption and missing security headers. Privacy compliance is good with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy but requires urgent security improvements to protect user data and enhance trust.

K

K&K Provitrum GmbH

kkprovitrum.at

39

K&K Provitrum GmbH is a specialized machinery and material dealer serving the glass industry in Central, Eastern, and Southeastern Europe. The company offers a comprehensive portfolio of glass processing machines, tools, and consumables, targeting a range of customers from small workshops to large industrial enterprises. Their website reflects a professional and consistent brand presence with clear business and contact information. Technically, the website is built on an Apache server with custom CMS elements and uses modern web technologies, but suffers from slow performance and lacks a valid SSL certificate, which is a significant security concern. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols exposes the site to risks. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. Overall, the website scores moderately on content quality and business credibility but is penalized heavily for security shortcomings.

S

SIGAL UNIQA

sigal.com.al

40

SIGAL UNIQA is a leading regional insurance group operating primarily in Albania, Kosovo, and North Macedonia, offering a comprehensive portfolio of insurance products including life, health, property, automobile, and marine insurance. The company is well-established since 1999 and is part of the larger UNIQA Insurance Group, which enhances its market credibility and operational scale. The website reflects a professional and well-branded digital presence with clear navigation and extensive content tailored to its target audience of individuals and businesses seeking insurance solutions. Technically, the site is built on WordPress with modern plugins and integrations, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and lack of HTTPS support, which poses risks to user data confidentiality and trust. The company demonstrates commitment to security governance through ISO 27001:2022 certification and implements privacy and cookie policies compliant with GDPR standards. Marketing and analytics tools such as Google Analytics, Facebook Pixel, and Mailchimp are actively used, indicating a mature digital marketing strategy. Overall, while the business and content aspects are strong, urgent improvements in SSL/TLS configuration are necessary to enhance security posture and user trust.

W

wunderweiss

wunderweiss.com

40

Wunderweiss is a specialized agency based in Austria focusing on software and design development, with a strong emphasis on AI applications integrated into CMS systems, UI/UX consulting, and corporate branding. The company targets businesses seeking innovative technology and design solutions, positioning itself as an expert in user-oriented design and AI-driven application development. The website presents a professional and consistent brand image with detailed project showcases and clear service offerings. Technically, the website employs modern web technologies including jQuery, Django Framework, and Wagtail CMS, hosted behind Cloudflare. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no proper HTTPS support. This significantly impacts the security posture and user trust. Performance metrics are not available, but the site shows good mobile optimization and basic accessibility features. Security-wise, the site implements several important HTTP security headers such as X-Frame-Options and Referrer-Policy, but lacks a valid SSL certificate, OCSP stapling, and session resumption. There is no visible incident response or vulnerability disclosure information. Privacy compliance is partially addressed with a comprehensive privacy policy, but no cookie consent mechanism is present. Overall, the website is professionally designed and credible from a business perspective but requires urgent remediation of its SSL configuration to improve security and trust. Strategic recommendations include fixing HTTPS, implementing cookie consent, and adding security and incident response policies.

Ookla, LLC is a well-established enterprise in the telecommunications and technology sector, known for its network intelligence and performance measurement solutions. The website indicates that Mosaik was acquired by Ookla in 2018, integrating its wireless network intelligence and mapping products into Ookla's portfolio. The company targets enterprise customers including network operators, regulators, and hardware manufacturers, offering a broad suite of products such as Speedtest, Downdetector, and Ekahau. The market position is strong, supported by a large enterprise size and backing by parent company Ziff Davis. Technically, the website is built using the Eleventy static site generator and leverages modern JavaScript and CSS technologies. Hosting is on AWS infrastructure, and the site integrates multiple marketing and analytics tools including Google Tag Manager, HubSpot, and LinkedIn Insight Tag. The site is mobile optimized with good SEO practices, though accessibility features are basic. From a security perspective, the site implements several important HTTP security headers such as X-Frame-Options and Content Security Policy. However, the absence of a valid SSL certificate and lack of HTTPS enforcement are critical vulnerabilities that significantly reduce the security posture. No cookie consent mechanism was detected despite the use of tracking scripts, indicating partial privacy compliance. Overall, the website is professional and trustworthy in content and business credibility but requires urgent improvements in SSL/TLS configuration and privacy compliance to enhance security and user trust.

The website remax-impuls.at appears to represent a small Austrian business, likely in the real estate sector given the domain name, but no explicit business information or content is accessible due to a security challenge page blocking direct access. The site employs a bot detection script and redirects users after a delay, indicating a Web Application Firewall or similar security mechanism is in place. Technically, the site is served by nginx and hosted under the citc.at domain infrastructure, but critically lacks a valid SSL certificate and HTTPS support, exposing it to security risks and reducing user trust. Security headers such as X-XSS-Protection, X-Frame-Options, and X-Content-Type-Options are present, but without HTTPS, these provide limited protection. No privacy, cookie, or terms of service policies are found, and no contact or business details are visible on the landing page. Overall, the site’s security posture is weak, and the lack of accessible content prevents a full business or technical assessment.

BMW Thailand operates an official, comprehensive website offering premium automotive products and services tailored to the Thai market. The site showcases new and certified pre-owned BMW vehicles, financial services, digital offerings, and after-sales support, positioning BMW as a leading premium automotive brand in Thailand. The website is built on Adobe Experience Manager and delivered via Akamai CDN, reflecting a mature digital infrastructure. However, the current SSL/TLS configuration is critically flawed, with no valid certificate and disabled TLS protocols, exposing users to security risks. Security headers are partially implemented but require improvements, especially enabling X-XSS-Protection and modern TLS versions. Privacy and cookie policies are present and comprehensive, supporting GDPR compliance. Contact information is primarily via forms and chat, with no explicit emails or phone numbers found. Overall, the site is professional and trustworthy but must urgently address SSL issues to ensure secure user interactions.

E

Extreme Networks

enterasys.com

39

Extreme Networks is a leading enterprise technology company specializing in AI-powered cloud networking solutions that simplify and secure IT infrastructure. The company holds a strong market position as a Gartner Magic Quadrant Leader for wired and wireless LAN infrastructure. Their key services include the Extreme Platform ONE™, network fabric, cloud-based network management, and comprehensive security solutions. The website demonstrates a high level of digital maturity with modern technologies, responsive design, and rich content tailored for enterprise IT professionals and partners. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS, which is a critical issue that must be addressed to ensure secure communications and trust. Privacy compliance is well managed with comprehensive policies and consent mechanisms in place. Overall, the website is professional, trustworthy, and well-structured but requires immediate improvements in SSL/TLS configuration to enhance security.

B

BUWOG GROUP GMBH

buwog.at

40

BUWOG Group GmbH operates as a leading full-service provider in the Austrian residential real estate market, offering property search and management services. The website reflects a professional and consistent brand presence, targeting Austrian customers interested in housing solutions. Technically, the site is built on the Ibexa DXP CMS platform, leveraging modern JavaScript libraries and CDN services for content delivery and performance monitoring. However, the critical security weakness is the lack of a valid SSL certificate, resulting in no HTTPS support despite the presence of security headers like HSTS. This exposes users to potential risks and undermines trust. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Overall, the site is functional and professional but requires urgent remediation of SSL issues to improve security posture and user trust.

E

ECE Projektmanagement G.m.b.H. und Co. KG

ece.de

34

ECE Projektmanagement G.m.b.H. und Co. KG operates a professional and comprehensive website focused on real estate development and management, particularly shopping centers, work & live spaces, and residential projects. The company positions itself as a large player in the German real estate market with a strong portfolio and innovative projects. The website is built on TYPO3 CMS and includes rich content, a contact form, social media integration, and a cookie consent mechanism compliant with GDPR. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security flaw. Security headers are partially implemented but the SSL/TLS configuration is severely lacking, exposing the site to risks. The WHOIS data is consistent with the business claims, showing no privacy protection or suspicious registrations. Overall, the site is professional and trustworthy from a business perspective but requires urgent security improvements to protect user data and enhance trust.

G

Greiner Bio-One International GmbH

gbo.com

40

Greiner Bio-One International GmbH is a large, globally active company specializing in biotechnology, medical devices, in vitro diagnostics, and research products. The company operates with a strong customer focus and maintains a diversified portfolio with production sites in multiple countries. Their website reflects a mature digital presence with comprehensive product information, news, and resources targeted at healthcare and research professionals. Technically, the site is built on TYPO3 CMS and hosted behind Cloudflare, but suffers from critical security shortcomings including the absence of a valid SSL certificate and disabled TLS protocols, which significantly impact its security posture. Privacy and legal compliance are well addressed with clear policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

Raiffeisen Landesbank Kärnten is a prominent regional bank in Austria, specializing in comprehensive financial services for private and corporate clients. The website reflects a mature digital presence with extensive service offerings including corporate banking, private banking, investment, insurance, and online banking solutions. The bank emphasizes personalized service and regional economic support, positioning itself as a trusted partner for businesses and individuals in Carinthia. Technically, the site is built on Adobe Experience Manager with modern JavaScript frameworks and includes advanced cookie consent management. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. Privacy policies and legal documents are well presented, supporting GDPR compliance. Overall, the site is professional and trustworthy but urgently requires remediation of its SSL/TLS configuration to ensure secure communications and maintain customer trust.

The website sideshoreonline.nl is currently a parked domain page managed by Sedo Domain Parking service, with no active business content or services offered. The site primarily displays advertisements and related search links, targeting general internet users seeking information. The domain appears recently registered and lacks any identifiable company or organizational presence. Technically, the site uses basic HTML and JavaScript with Sedo and Google Adsense scripts but lacks modern CMS or frameworks. Performance is slow, and mobile optimization is minimal. Security posture is weak due to the absence of HTTPS and critical security headers, exposing visitors to potential risks. Privacy compliance is minimal with only a basic cookie consent banner and a generic privacy policy hosted externally by Sedo. Overall, the site lacks trust indicators, contact information, and business legitimacy, resulting in a low credibility and security score.

B

Bit Inc

bit-inc.net

39

Bit Inc is a small technology integration company based in the United States, specializing in network system integration services including copper and fiber cabling, WiFi systems, surveillance, access control, and distributed audio/video solutions. The company positions itself as a reliable service provider with a focus on quality and customer service, partnering with reputable vendors and offering warranties. The website is built on the Wix platform, utilizing modern web technologies such as React and various Wix apps for enhanced user experience. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security vulnerability. Additionally, no privacy or cookie policies are present, indicating compliance gaps. Contact information is clearly provided, supporting business credibility. Overall, the site demonstrates good content quality and business professionalism but requires urgent security and compliance improvements.

The website analyzed is a Microsoft Learn documentation page dedicated to Azure Migrate, a cloud migration service by Microsoft. It provides detailed, up-to-date information about new features, updates, and capabilities of Azure Migrate, targeting IT professionals and enterprises planning cloud migration. The site is part of the Microsoft Learn platform, reflecting a mature and well-established business with a strong market position in cloud services. Technically, the site leverages Microsoft Azure hosting and content delivery networks, uses modern JavaScript libraries, and integrates analytics and marketing tools such as Azure Monitor and Adobe Target. The content is well-structured, accessible, and optimized for SEO and mobile devices, providing an excellent user experience. However, a critical security issue is present: the SSL/TLS certificate is invalid or missing, and no TLS protocols are enabled, despite the presence of strict security headers like HSTS. This significantly undermines the security posture and trustworthiness of the site. Privacy policies and cookie consent mechanisms are comprehensive and GDPR compliant, consistent with Microsoft's standards. Overall, the site demonstrates high business credibility and technical maturity but requires urgent remediation of SSL/TLS configuration to ensure secure communications and maintain trust.

The website avnet.com is currently inaccessible due to a security challenge page that blocks direct access to its content. Avnet is a well-known global technology solutions provider specializing in electronic components distribution and supply chain services. The domain registration data confirms the legitimacy and consistency of the domain with the business entity. However, the lack of a valid SSL certificate and the presence of a security challenge page severely limit the ability to analyze the website's content, security posture, and compliance. The technical infrastructure indicates use of Akamai CDN services, but no modern TLS protocols or strong cipher suites are enabled, resulting in a basic and insecure SSL configuration. Overall, the website's security posture is weak due to missing HTTPS and blocked content, and no privacy or cookie policies are detectable on the landing page.

P

POLOPLAST GmbH & Co KG

poloplast.com

40

POLOPLAST GmbH & Co KG is a well-established Austrian manufacturer specializing in plastic pipe systems with a strong presence across Europe. The company emphasizes sustainability, innovation, and quality, offering a broad range of products including multilayer pipe systems, building drainage, and wastewater disposal solutions. Their market position is that of a technology leader with a large operational scale and a parent company affiliation with Wietersdorfer. The website reflects a professional business with clear contact information and comprehensive privacy and cookie policies, supporting GDPR compliance. Technically, the website is built on TYPO3 CMS and uses modern web technologies including Bootstrap for responsive design. However, the site suffers from slow performance and lacks HTTPS support, which is a critical security concern. The absence of SSL/TLS encryption and security headers exposes the site to potential risks and undermines user trust. Analytics and tracking tools such as Google Analytics and LeadFeeder are used with appropriate cookie consent mechanisms. Security posture is weak due to the lack of HTTPS and security headers, though no active vulnerabilities or malware were detected. Privacy compliance is strong with clear policies and consent banners. Business credibility is high given the detailed company information and social media presence. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate implementation of a valid SSL certificate, addition of security headers, performance optimization, and enhancement of incident response information to strengthen security culture and compliance.

S

Suntory Global Spirits

beamsuntory.com

40

Suntory Global Spirits is a leading global manufacturer and marketer of premium spirits, including whiskey, tequila, vodka, and gin. The company emphasizes quality craftsmanship, sustainability, and cultural heritage, targeting a global audience of premium spirit consumers and industry professionals. The website is professionally designed, content-rich, and consistent with the brand's market position and values. Technically, the site uses Drupal 10 CMS with modern JavaScript libraries and Google Tag Manager for analytics and marketing. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Privacy and cookie policies are comprehensive and GDPR compliant, supporting good privacy compliance. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and maintain trust.

L

Linde Material Handling Austria

linde-mh.at

40

Linde Material Handling Austria is a leading provider of material handling equipment and solutions, including forklifts, automated vehicles, and digital fleet management products. The company targets businesses requiring efficient logistics and warehouse operations, offering new, used, and rental equipment alongside comprehensive service packages. The website reflects a mature digital presence with professional design, clear navigation, and extensive content tailored to its audience. Technically, the site uses JavaScript, jQuery, and tracking tools like etracker and SalesViewer, hosted likely on Microsoft Azure. However, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture, exposing users to risks. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Business credibility is strong, supported by certifications and consistent domain registration data. Overall, the site is functional and professional but requires urgent security improvements to protect users and maintain trust.

C

Clariant Ltd.

clariant.com

40

Clariant Ltd. is a leading global specialty chemicals company focused on delivering innovative and sustainable chemical solutions across multiple industries including energy, manufacturing, and plastics. The website reflects a mature enterprise with comprehensive content, strong branding, and a clear business model targeting industrial customers, investors, and job seekers. Technically, the site is built on a modern CMS platform (Sitecore) and integrates multiple marketing and analytics tools, demonstrating a high level of digital maturity. However, the absence of a valid SSL/TLS certificate and disabled TLS protocols represent a critical security weakness that undermines user trust and data protection. While security headers and privacy policies are well implemented, the lack of HTTPS significantly lowers the overall security posture. Strategic improvements in SSL deployment and enhanced incident response documentation would strengthen the site’s security and compliance standing.

A

Active Solution

activesolution.at

36

Active Solution GmbH is a medium-sized Austrian technology and engineering company specializing in IT and engineering consulting, project execution, and recruitment services. With 17 years of experience and a portfolio of reputable clients, the company positions itself as a dedicated and passionate service provider for IT professionals and engineers. The website reflects a professional and consistent brand image targeting IT and engineering talent and clients. Technically, the site is built on TYPO3 CMS and uses modern JavaScript and CSS, but lacks HTTPS, which is a critical security gap. The presence of cookie consent and Google Analytics indicates some privacy awareness, though no explicit security or incident response policies are published. Overall, the company demonstrates moderate digital maturity but requires urgent improvements in security infrastructure to protect user data and enhance trust.

VML is a globally recognized marketing and communications agency operating under the parent company WPP. The company offers a broad range of services including brand experience, commerce, customer experience, and enterprise solutions, targeting enterprise-level clients. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content showcasing their work and insights. Technically, the site uses modern JavaScript frameworks and integrates analytics and marketing tools effectively, though performance is moderate. Security posture is weak due to the absence of a valid SSL certificate and HTTPS enforcement, which is a critical risk. Privacy compliance is strong with clear policies and consent mechanisms. Overall, VML presents a credible and professional business but must urgently address its SSL/TLS configuration to ensure secure user interactions.

H

Handl Tyrol GmbH

handltyrol.at

33

Handl Tyrol GmbH is a well-established Austrian family-owned company specializing in traditional Tyrolean ham, sausages, and roast specialities since 1902. The company positions itself as an ambassador of Tyrolean cuisine, offering both meat and plant-based products through retail and an online shop. The website reflects a strong brand identity with excellent content quality and clear navigation targeting consumers interested in authentic regional food products. Technically, the site employs modern JavaScript libraries and consent management tools but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, security headers, and DNS security features. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and clear privacy policy. Business credibility is supported by transparent contact information and trust signals such as quality guarantees and PGI certification. Overall, the site is professional but requires urgent security improvements to protect user data and enhance trust.

G

GEA Group Aktiengesellschaft

gea.com

40

GEA Group Aktiengesellschaft is a leading global supplier of systems and components primarily serving the food, beverage, and pharmaceutical industries. Founded in 1881 and headquartered in Germany, GEA offers a comprehensive portfolio including machinery, plants, advanced process technology, components, and services. The company is publicly listed and recognized for its sustainability efforts, being part of major sustainability indices. Technically, the website is built on modern frameworks such as Next.js and hosted on Microsoft Azure, with a Sitecore CMS backend, providing a rich and well-structured user experience across multiple languages. However, the security posture is currently weak due to the absence of a valid SSL/TLS certificate and lack of HTTPS support, which poses significant risks to data integrity and user trust. Privacy and cookie policies are well implemented and GDPR compliant, reflecting a strong commitment to data protection. Overall, the website demonstrates high professionalism and business credibility but requires urgent improvements in its security infrastructure to align with best practices and protect its users.

M

Metso

metso.com

40

Metso is a global enterprise specializing in sustainable technologies and end-to-end solutions for aggregates production, mining, and metals refining industries. The company positions itself as a partner for positive change, focusing on improving energy and water efficiency, productivity, and reducing environmental risks. Their offerings include products, parts, services, and advanced digitalization solutions integrating AI and cloud technologies. The website reflects a mature digital presence with comprehensive business information, investor relations, and sustainability commitments. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which poses significant risks to user data and trust. The site employs modern web technologies such as ASP.NET and Vue.js, and integrates analytics tools including Microsoft Application Insights and Hotjar, indicating a moderate level of digital maturity. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Overall, the website is professional and trustworthy but requires urgent security improvements to enable HTTPS and strengthen its security posture.

A

acib GmbH

acib.at

35

acib GmbH is an international research center specializing in industrial biotechnology, focusing on sustainable and advanced processes for the biotech, pharmaceutical, and chemical industries. The website targets industry professionals, scientists, and the public, offering information about research projects, events, and career opportunities. The company maintains a moderate digital presence with a WordPress-based website enhanced by Elementor and several embedded multimedia services. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. While privacy compliance is well addressed through a comprehensive privacy policy and cookie consent mechanism, the lack of explicit security policies and incident response information indicates room for improvement in security governance. Overall, the site is professional and trustworthy but requires urgent security enhancements to protect user data and improve trust.

Pilz GmbH & Co. KG is a leading international provider of automation technology, specializing in components, systems, and services for safe automation. The company targets industrial automation customers, machine builders, and safety engineers with a comprehensive portfolio including products, consulting, training, and support. The website reflects a professional and consistent brand presence with detailed content tailored to its B2B audience in the manufacturing and technology sectors. Technically, the site uses Imperia CMS with JavaScript frameworks and integrates marketing and analytics tools such as Google Tag Manager, Cookiebot, and Etracker. However, the absence of a valid SSL certificate and lack of TLS support significantly weaken the security posture. Security headers are well configured, and privacy compliance is strong with GDPR-aligned cookie consent mechanisms. Overall, the website is trustworthy and professionally maintained but requires urgent SSL/TLS remediation to improve security and user trust.

D

DenizBank A.Ş.

denizbank.com

40

DenizBank A.Ş. is a large Turkish financial institution offering a broad range of banking services including retail, corporate, and specialized banking sectors. The website reflects a mature digital presence with comprehensive service offerings, detailed legal disclosures, and strong branding consistency. The bank targets both individual and business customers with tailored products and digital banking solutions. The site includes rich content, interactive calculators, and marketing campaigns, indicating a well-developed digital marketing strategy. Technically, the website uses modern JavaScript frameworks and integrates third-party marketing and analytics tools such as Google Tag Manager and Adjust. However, performance metrics indicate slow loading times, and the SSL/TLS configuration is critically flawed with an invalid certificate and no TLS protocols enabled, posing significant security risks. Security posture is moderate with good use of security headers but undermined by the lack of valid SSL and TLS support. Privacy compliance is strong with detailed privacy policies and data protection disclosures, including a dedicated KVKK (Turkish data protection law) section. Contact information is clearly presented, enhancing business credibility. Overall, while the business and content aspects are strong, the critical SSL issues represent a major risk that must be addressed immediately to protect user data and maintain trust.

E

Eppendorf SE

eppendorf.com

40

Eppendorf SE is a well-established, leading life sciences company specializing in the development and sale of laboratory instruments, consumables, and services globally. Their product portfolio spans liquid handling, bioprocessing, centrifugation, and more, targeting academic, commercial, pharmaceutical, and industrial laboratories. The website reflects a mature, professional digital presence with comprehensive content, clear navigation, and multi-regional support. Technically, the site employs modern JavaScript frameworks and integrates advanced marketing and analytics tools, although performance data is limited. Security posture is currently weak due to invalid or missing SSL/TLS certificates and lack of enabled TLS protocols, which is a critical risk. Privacy compliance is strong, with clear cookie and privacy policies and consent mechanisms in place. Overall, the site is trustworthy and credible but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

Bunge Global SA operates a comprehensive global agribusiness and food ingredient supply chain, connecting farmers to consumers with a focus on sustainability and renewable energy. The website reflects a large enterprise with a professional digital presence, including regional sites and investor relations. Technically, the site uses modern JavaScript libraries, Google Tag Manager for analytics, and OneTrust for cookie consent, but suffers from a critical lack of valid SSL/TLS certificates, impacting security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and trust.

IMC-Austria operates as a small non-profit meditation center focused on Vipassana meditation in the Theravada Buddhist tradition. The website provides informational content about meditation courses, the tradition of Sayagyi U Ba Khin, and links to related international centers. The target audience includes individuals interested in meditation and spiritual growth. Technically, the website is basic and static, using JavaScript, CSS, and Google services such as Analytics and Custom Search. However, the site suffers from slow load times and lacks modern web technologies or CMS platforms. Security posture is weak due to the absence of HTTPS, no valid SSL certificate, and missing security headers, exposing visitors to potential risks. Privacy compliance is poor, with no privacy or cookie policies and no consent mechanisms for tracking. Business credibility is moderate based on consistent WHOIS data and clear organizational identity but is weakened by lack of contact information and security best practices. Overall, the website requires significant improvements in security, privacy compliance, and technical modernization to enhance trust and user experience.

XIMES GmbH is a specialized consulting and software company focused on workforce management, including labor time models, shift planning, personnel demand calculation, and payroll solutions. The company targets businesses and social partners seeking practical and scientifically grounded solutions in these areas. Their website reflects a professional and consistent brand presence with detailed service offerings and clear contact information. Technically, the site is built on the Odoo CMS platform with modern web technologies but suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. This significantly impacts the security posture and user trust. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the business appears legitimate and consistent with WHOIS data, but urgent improvements in SSL/TLS configuration are necessary to enhance security and trust.

S

Südtiroler Sanitätsbetrieb

sabes.it

40

Südtiroler Sanitätsbetrieb operates as a regional healthcare provider in South Tyrol, Italy, serving the local population with healthcare services. The website is primarily a digital presence for the organization but currently offers minimal direct content or user interaction features. The technical infrastructure is hosted on Microsoft Azure and uses JavaScript-based analytics and cookie consent tools. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security deficiency. Security headers are implemented, but the absence of TLS protocols and HSTS reduces the overall security posture. Privacy compliance is limited, with no visible privacy or terms of service policies, though a cookie consent mechanism is present. WHOIS data confirms the domain is mature and legitimately registered, consistent with the organization's profile. Overall, the website requires significant improvements in security, privacy transparency, and content richness to better serve its audience and meet modern standards.

fiskaly GmbH is a technology company specializing in cloud-based fiscalization solutions tailored for European markets including Germany, Austria, Spain, Italy, and France. Their services focus on enabling retailers and POS providers to comply with complex fiscal regulations through APIs and cloud services. fiskaly holds a strong market position as a leading provider of cloud TSS solutions in Germany and is expanding its footprint across Europe. The website demonstrates a professional, well-branded presence with comprehensive content, customer testimonials, and partner endorsements. Technically, the website is built on a modern Next.js framework hosted on Netlify, leveraging React and various marketing and analytics tools such as Google Tag Manager and Visual Website Optimizer. The site is mobile-optimized and accessible, with good SEO practices. However, a critical security issue is present due to an invalid or missing SSL certificate and disabled TLS protocols, which significantly impacts the security posture. Security-wise, fiskaly implements several best practices including HSTS and security headers, and holds ISO 27001 certification, indicating a mature security framework. Despite this, the lack of a valid SSL certificate and TLS support is a major vulnerability that must be addressed urgently to protect user data and maintain trust. Overall, fiskaly presents a credible and professional business with strong compliance and technical capabilities but must remediate critical SSL/TLS issues to ensure secure and trustworthy operations online.

A

Ankerbrot Holding GmbH

linauer.at

33

Linauer.at is a transitional website for the Linauer bakery brand, which is being integrated into the Ankerbrot Holding GmbH group, a well-established bakery company in Austria. The site primarily serves as a redirect landing page to the main Ankerbrot website, indicating a brand consolidation. The business operates in the retail bakery sector targeting consumers in Austria. The website content is minimal, focusing on brand transition with a video and countdown redirect. Technical infrastructure includes JavaScript libraries such as jQuery and RequireJS, hosted on ip.co.at nameservers. However, the site lacks HTTPS, which is a critical security deficiency. No security headers or cookie consent mechanisms are implemented, and performance is slow with a large page size and long load time. The WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the site demonstrates basic digital maturity but requires significant security and privacy improvements.

G

Gentics Software GmbH

gentics.com

37

Gentics Software GmbH is a medium-sized technology company based in Austria specializing in enterprise content management solutions, e-government digital services, and customized software applications. Their website presents a professional and consistent brand image targeting enterprises and government agencies seeking digital transformation and content management platforms. The company offers a range of products including the Gentics Content Management Platform and related extensions. Technically, the website uses modern frameworks such as Bootstrap 5 and implements a GDPR-compliant cookie consent mechanism with opt-in functionality. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Performance is moderate with acceptable load times and resource counts, and the site is mobile optimized with basic accessibility features. From a security perspective, the absence of HTTPS and security headers significantly lowers the security posture. No incident response or security policy information is publicly available, and no contact information is provided on the site, which may impact user trust and compliance. DNS records show standard email protection via SPF but lack DNSSEC and CAA records. WHOIS data is consistent and supports the legitimacy of the domain and business. Overall, while the business and content quality are good, the lack of HTTPS and security best practices present a significant risk. Strategic improvements in SSL deployment, security headers, and contact transparency are recommended to enhance trust and compliance.

G

granITIC

granitic.eu

26

granITIC is a small IT consulting and software development company specializing in software architecture, Oracle and Java development, and medical office software solutions. The company targets sectors such as healthcare, production, industry, trade, aeronautical, and lottery. The website presents basic information about the business and its services but lacks detailed contact information and advanced content features. Technically, the website is hosted on an Apache server running Ubuntu, with Google Analytics integrated for visitor tracking. However, the site lacks HTTPS support, has no valid SSL certificate, and does not implement modern security headers or privacy compliance mechanisms. Performance data is unavailable, but the site appears minimal and slow, with poor mobile optimization and accessibility. From a security perspective, the absence of HTTPS and security headers represents a critical vulnerability, exposing users to potential data interception and undermining trust. The lack of privacy and cookie policies further indicates non-compliance with GDPR and related regulations. DNS and SPF records are properly configured, reducing email spoofing risks. Overall, the website's risk profile is elevated due to missing fundamental security controls and privacy compliance. Strategic improvements in SSL implementation, security headers, and privacy policies are essential to enhance trustworthiness and regulatory adherence.

E

Erste Digital GmbH

s-itsolutions.com

39

Erste Digital GmbH is the digital and IT services arm of Erste Group, the largest banking group in Central and Eastern Europe. The company focuses on delivering best-in-class IT solutions and digital transformation services to banking entities across the region, supporting both operational and innovation activities. The website reflects a professional and modern digital presence with rich content describing the business and its mission to enhance financial health for millions of customers. Technically, the site uses modern web technologies including JavaScript modules, service workers, and ElasticSearch for search functionality, hosted behind Amazon CloudFront CDN for performance and reliability. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which significantly impacts the security posture and trustworthiness. Privacy and cookie policies are present and appear comprehensive, indicating good compliance with GDPR requirements. Contact information such as emails and phone numbers are not explicitly provided on the homepage, which may affect user engagement. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent security improvements to enable HTTPS and strengthen its security framework.

B

Brenntag

brenntag.com

40

Brenntag is a global enterprise specializing in chemical distribution, logistics, and value-added services tailored to customer needs. The website serves as a multilingual portal with a splash page for country and language selection, indicating a broad international presence. The technical infrastructure leverages modern JavaScript frameworks such as Nuxt.js and integrates with Google Tag Manager and OneTrust for analytics and cookie consent management. However, the site lacks a valid SSL certificate, which significantly impacts its security posture. No explicit privacy policy, terms of service, or contact information are readily available on the splash page, which may affect user trust and compliance. Overall, Brenntag's website reflects a professional business with good design and user experience but requires improvements in security and privacy compliance to enhance trust and regulatory adherence.

E

Eversheds Sutherland

eversheds.at

40

Eversheds Sutherland is a global law firm with a strong presence in Austria, offering a wide range of legal services across multiple sectors including banking, energy, technology, and real estate. The firm positions itself as a responsible business focused on helping clients, people, and communities to thrive. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation tailored to business clients seeking legal expertise. Technically, the site is built on a modern stack including React and Sitecore CMS, hosted on Microsoft Azure, and integrates various analytics and marketing tools. However, performance is currently slow, and there is room for improvement in SSL/TLS configuration and security hardening. Security posture is a concern due to the invalid SSL certificate and lack of enabled TLS protocols, which exposes users to risks and undermines trust. Despite strong security headers and content security policies, the absence of proper HTTPS implementation is a critical vulnerability. Overall, the site is professional and trustworthy from a business perspective but requires urgent security improvements to protect user data and maintain compliance. Strategic recommendations include fixing SSL issues, enabling modern TLS, and enhancing session security to align with best practices.

Canon Austria operates as a leading provider of digital imaging and printing products in Austria, offering a wide range of cameras, lenses, printers, and professional video solutions for both consumer and business markets. The website reflects a strong market position with comprehensive product offerings and professional services, supported by a consistent and well-branded digital presence. Technically, the site leverages modern web technologies and integrates multiple third-party platforms for marketing, analytics, and customer engagement, indicating a mature digital infrastructure. However, a critical security weakness is the absence of a valid SSL certificate and lack of HTTPS support, which significantly undermines the security posture despite the presence of robust security headers and policies. Privacy compliance is well addressed with clear privacy and cookie policies aligned with GDPR requirements. Overall, the site is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and maintain trust.

A

APG

apg.nl

40

APG is a large Dutch pension fund service provider specializing in pension administration, asset management, and advisory services. The website is content-rich, professionally designed, and targets pension participants and institutional investors. The technical infrastructure includes Cloudflare hosting, Umbraco CMS, and multiple marketing and analytics tools such as Google Tag Manager and Cookiebot. However, a critical security issue is the absence of a valid SSL certificate and enabled TLS protocols, which severely impacts the security posture. Security headers are well implemented, but the lack of HTTPS reduces trust and security. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via web forms, with no explicit emails or phone numbers found. Social media presence is active on LinkedIn, Facebook, and Instagram. Overall, the website is professional and trustworthy but requires urgent SSL/TLS configuration improvements to enhance security and user trust.

D

dm Slovensko

dm-drogeriemarkt.sk

40

dm Slovensko operates a well-branded online drugstore e-commerce platform targeting Slovak consumers with a broad range of personal care and health products. The website leverages a modern JavaScript and CSS technology stack with integrations from multiple third-party services for analytics, marketing, and user consent management. The technical infrastructure is hosted on Google Cloud, indicating a scalable and reliable hosting environment. However, the website currently lacks a valid SSL/TLS certificate, resulting in no HTTPS availability, which is a critical security concern. Security headers are mostly well implemented, but the disabled X-XSS-Protection header and malformed DNS CAA records indicate areas for improvement. Privacy and cookie policies are not detected in the provided content, representing a compliance gap with GDPR and related regulations. Overall, the website is functional and professionally designed but requires urgent security and compliance enhancements to protect user data and build trust.