Security Directory

S

STRG

strg.at

37

STRG is a well-established Austrian technology and research company specializing in custom software solutions, AI research, and digital transformation services. With over 20 years of experience, STRG offers a modular approach to software development, integrating AI and sustainability principles to optimize business processes across various industries including manufacturing, healthcare, finance, and media. The company maintains a strong market position supported by client testimonials, case studies, and industry partnerships. Technically, the website is built on WordPress with Elementor and employs modern web technologies and performance optimizations. However, the absence of a valid SSL certificate and HTTPS configuration is a critical security gap that undermines user trust and data protection. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Overall, STRG demonstrates a mature digital presence but must urgently address its SSL/TLS security to enhance its security posture and trustworthiness.

KrankenhausExperte is a small German healthcare information website offering a searchable database of over 2,000 hospitals in Germany, along with health-related articles. The platform targets patients and individuals seeking hospital information and facilitates hospital contact and appointment scheduling. Technically, the site uses basic web technologies such as nginx, JavaScript, CSS, and HTML5 but lacks modern CMS or frameworks. Performance and mobile optimization are basic, and no analytics or tracking tools are detected. Security posture is weak due to the absence of HTTPS, SSL certificates, and security headers, exposing users to potential risks. Compliance is poor with no privacy, cookie, or terms of service policies present. Overall, the site is functional but lacks professionalism and trust indicators, limiting its credibility and user confidence.

A

All for One Customer Experience GmbH

b4b-solutions.com

40

All for One Customer Experience GmbH is a Germany-based technology company specializing in delivering innovative customer experience solutions leveraging the SAP Customer Experience Suite. Positioned as a SAP Platinum Partner and part of the All for One Group, the company offers comprehensive cloud-based services including consulting, software implementation, and custom development to enhance customer journeys and digital transformation for businesses. The website reflects a professional and consistent brand image targeting enterprises seeking to optimize their customer engagement and sales processes. Technically, the website is hosted on Amazon Web Services using Amazon S3 and CloudFront CDN, employing modern web technologies such as JSON-LD structured data and OneTrust for cookie consent management. The site is well-optimized for SEO, accessibility, and mobile responsiveness, providing a high-quality user experience. However, performance metrics were not available. From a security perspective, while the site implements several important security headers and content security policies, it critically lacks a valid SSL/TLS certificate and does not support modern TLS protocols, resulting in a poor security posture. This exposes users to risks and undermines trust. Privacy compliance is strong with comprehensive privacy and cookie policies and consent mechanisms in place. Overall, the website demonstrates strong business credibility and digital maturity but requires urgent remediation of SSL/TLS issues to ensure secure communications and maintain trust. Strategic improvements in security infrastructure will significantly enhance the site's risk profile and user confidence.

Electrolux is a globally recognized leader in household appliances, offering a wide range of products including cooking, cooling, laundry, vacuum cleaners, and small kitchen appliances. The website targets Finnish consumers, providing comprehensive product information, promotions, and support services. The digital infrastructure is built on modern technologies such as Next.js, ensuring a responsive and user-friendly experience. While the site employs multiple analytics and marketing tools for personalization and tracking, it maintains good privacy compliance with clear cookie and privacy policies. Security headers are implemented, but the absence of a valid SSL certificate and some advanced security features reduces the overall security posture. The domain registration aligns well with the business identity, confirming legitimacy. Strategic improvements in SSL management and enhanced security practices are recommended to strengthen trust and compliance.

V

Vaillant

vaillant-group.com

40

Vaillant Group is a globally recognized leader in the energy sector, specializing in climate-friendly heating, cooling, and hot water solutions including heat pumps and gas condensing boilers. The company operates in over 60 countries with a workforce of approximately 16,000 employees, emphasizing sustainability and digital services. The website reflects a mature and professional business with consistent branding and comprehensive content tailored to customers, partners, and potential employees. Technically, the site leverages modern JavaScript libraries, lazy loading, and CDN hosting via Amazon S3 and CloudFront, with a CMS likely based on e-Spirit. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are present and GDPR compliant, and the site integrates Google Tag Manager for analytics and Consentmanager.net for consent management. Overall, the site is well-structured and user-friendly but requires urgent security improvements.

V

Vaillant Group Austria GmbH

vaillant.at

40

Vaillant Group Austria GmbH operates a comprehensive website focused on heating solutions including heat pumps, gas heating, photovoltaic systems, and smart home technologies targeted at private customers in Austria. The company is a well-established player with over 150 years of history and a dense service network, positioning itself as a market leader in the energy sector. The website provides detailed product information, customer testimonials, and service offerings, reflecting a mature business model with strong customer engagement. Technically, the site uses modern JavaScript libraries and marketing tools such as Optimizely and Google Tag Manager, with good mobile optimization and SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Security headers are well implemented, but the lack of TLS protocols and OCSP stapling reduces the overall security posture. Privacy compliance is strong with GDPR-aligned policies and consent mechanisms in place. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to meet modern security standards.

F

FRANZ OBERNDORFER GmbH & Co KG

oberndorfer.at

27

FRANZ OBERNDORFER GmbH & Co KG is Austria's largest precast concrete manufacturer with over 100 years of experience in planning, development, and production of concrete elements. The company holds a leading market position in Austria, offering a comprehensive product portfolio and full-service solutions including logistics and assembly. Their website reflects a mature digital presence built on Drupal 9, with good content quality and clear navigation targeting B2B customers in construction and real estate sectors. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap that undermines user trust and data protection. While cookie compliance and privacy policies are well implemented, the lack of explicit security policies and incident response information indicates room for improvement in security governance. Overall, the business is credible and professional, but urgent action is needed to secure the website infrastructure.

DHL-express.at is the Austrian localized website for DHL, the global leader in logistics and international shipping. The website offers comprehensive information about DHL's services including express document and package shipping, volume shipping for business customers, freight services, and supply chain logistics. The site targets both individual and business customers in Austria, providing tailored solutions and access to various DHL portals and services. Technically, the site is built on Adobe Experience Manager with integrations of Adobe Launch and other modern web technologies, indicating a mature digital infrastructure. However, a critical security gap exists as the site does not serve content over HTTPS, exposing users to potential risks. Security headers are well implemented, but the lack of SSL/TLS severely impacts the security posture. Privacy and cookie policies are present and GDPR compliant, reflecting good privacy practices. Overall, the site is professionally designed, content-rich, and trustworthy but urgently requires HTTPS implementation to meet modern security standards.

R

ruwido austria gmbh

ruwido.com

29

Ruwido Austria GmbH is a well-established Austrian manufacturer specializing in the design, development, and production of remote controls and smart home devices. Founded in 1969, the company emphasizes sustainability, innovation, and high design quality, holding a strong market position supported by numerous prestigious awards. Their operations are vertically integrated under one roof in Austria, powered by 100% renewable energy, reflecting a commitment to environmental responsibility. The website is professionally designed, content-rich, and targets businesses and consumers interested in premium, sustainable remote control solutions. Technically, the website runs on TYPO3 CMS with a PHP backend served by Apache. While the site is mobile-optimized and SEO-friendly, it suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in HTTP-only access despite HSTS header presence. Analytics are implemented via Google Analytics and YouTube embeds, with a compliant cookie consent mechanism in place. Contact information is clearly presented, enhancing business credibility. Security posture is basic with no major vulnerabilities detected but significant improvement needed in SSL/TLS configuration to protect user data and enhance trust. No explicit security or incident response policies are published, which could be improved to strengthen security culture and compliance. Overall, the site is trustworthy and professional but requires urgent SSL implementation and enhanced security policies to align with best practices and regulatory expectations.

H

Hyperwave GmbH

hyperwave.com

40

Hyperwave GmbH is an established Austrian technology company specializing in intranet and private cloud solutions designed to facilitate efficient and secure information management within enterprises. With over 20 years of market presence, the company offers a range of services including document management, knowledge management, collaboration tools, and consulting services. The website targets businesses seeking robust data and information processing solutions, emphasizing ease of use, security, and adaptability. Technically, the website is built on a modern stack including Apache, Bootstrap, and JavaScript with Lottie animations, hosted via World4You DNS services. While the site is mobile-optimized and well-structured with good SEO practices, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and proper HTTPS configuration, which undermines user trust and data security. Performance metrics are unavailable, suggesting potential monitoring gaps. From a security perspective, the site implements some security headers but lacks a valid SSL/TLS setup, OCSP stapling, and DNSSEC, exposing it to potential risks. No explicit security policies or incident response contacts are published, indicating gaps in security governance and transparency. Privacy compliance is partially addressed with cookie consent mechanisms and a privacy policy, but no data protection officer or vulnerability disclosure information is provided. Overall, the website presents a professional business front with solid content and branding but requires urgent improvements in security infrastructure and transparency to enhance trustworthiness and compliance. Strategic recommendations include immediate SSL certificate deployment, DNS record corrections, and publication of security and incident response policies to align with best practices and regulatory requirements.

C

CeMM Research Center for Molecular Medicine of the Austrian Academy of Sciences

cemm.at

26

CeMM is a reputable interdisciplinary research center affiliated with the Austrian Academy of Sciences, focusing on molecular medicine and biomedical research. The website reflects a strong academic and scientific orientation, targeting researchers, students, and collaborators. The technical infrastructure is based on TYPO3 CMS with Apache hosting, and includes privacy-conscious analytics via Matomo. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. The site is well designed, mobile optimized, and rich in content, but security improvements are urgently needed to align with best practices and compliance requirements.

P

Philosophtware

philosophtware.com

28

Philosophtware is a small technology-focused business presenting itself as an IT consulting or software solutions provider. The website content is minimal, with a simple slogan and a single contact email, lacking detailed business descriptions or multiple contact channels. The technical infrastructure is basic, hosted likely on netcup servers, with no modern CMS or frameworks detected. Performance is slow despite the small page size, and SEO and accessibility optimizations are absent. Security posture is weak, with no valid SSL certificate, no HTTPS support, and no security headers or advanced configurations. The presence of Comodo TrustLogo scripts without a valid SSL certificate may mislead visitors about the site's security. Overall, the site lacks critical compliance documents such as privacy and cookie policies, reducing trust and compliance standing.

BRAUN Maschinenfabrik Gesellschaft m.b.H. is a well-established Austrian manufacturing company specializing in steel cutting and grinding machines, hydraulic steel structures, and decommissioning technologies. Founded in 1848, the company holds a strong market position as a technology leader with a global presence, serving industrial clients primarily in the energy and manufacturing sectors. Their product portfolio includes customized solutions for cutting, grinding, and dismantling applications, supported by in-house engineering and automation capabilities. The website reflects a professional business with clear branding and relevant content targeting industrial customers. Technically, the website runs on an Apache server and uses JavaScript libraries including Google Analytics and Google Maps API. However, the site lacks HTTPS encryption, which is a critical security shortfall. Performance metrics are not available, but the site shows basic mobile optimization and SEO practices. The hosting provider is identified via DNS as esys.at, an Austrian hosting service. From a security perspective, the absence of a valid SSL/TLS certificate and HTTPS is a major vulnerability, exposing users to potential data interception. No advanced security headers or policies are implemented, and there is no visible incident response or vulnerability disclosure information. Privacy compliance is minimal, with no cookie consent mechanism detected, although a basic privacy policy and terms of service are present. Overall, the website demonstrates moderate business credibility and content quality but suffers from significant security and privacy compliance gaps. Strategic improvements in SSL deployment, security headers, and privacy mechanisms are recommended to enhance trust and protect users.

L

Lomography

lomography.com

32

Lomography is a well-established analogue photography community and e-commerce platform founded in 1994, offering a wide range of analogue cameras, films, lenses, and educational content. The website demonstrates excellent content quality, user experience, and community engagement, targeting photography enthusiasts globally. Technically, the site uses a modern stack with nginx and Phusion Passenger, and employs Google Tag Manager for analytics and marketing. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, exposing users to potential interception risks. Privacy compliance is strong with clear policies and cookie consent mechanisms. Overall, the business credibility is high, but the security posture requires urgent improvement to protect users and maintain trust.

N

Nameshift.com

ibk.fr

26

The website ibk.fr is a domain sales landing page managed by Nameshift.com, a company specializing in domain name transfers and escrow services. The business model focuses on providing a safe, fast, and fee-free domain transfer experience for buyers, with the seller paying commissions. The site targets individuals and businesses looking to purchase domain names securely. Technically, the site uses modern frameworks such as SvelteKit and is hosted on a CDN associated with Nameshift.com. However, the website suffers from critical security shortcomings, including the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Additionally, privacy and cookie policies are missing, and DNS security configurations are incomplete or malformed. These factors reduce trust and compliance with data protection regulations. Overall, the site presents a basic but functional domain sales platform with room for significant security and compliance improvements.

The website es-investments.com currently serves as a parked domain landing page with no active business content or services. It primarily displays advertising and affiliate links indicating the domain is for sale. The technical infrastructure is minimal, hosted on Hetzner Online with a Caddy server, and uses parking scripts from ParkingCrew and Afternic. There is no valid SSL certificate, resulting in no HTTPS support, which is a critical security deficiency. Privacy compliance is minimal with only a basic privacy policy accessible via a popup link, and no cookie consent mechanisms are present. The lack of business information, contact details, and security best practices significantly lowers the site's trustworthiness and credibility.

The website polymet-solutions.com is currently inaccessible due to a Cloudflare security challenge page that requires JavaScript and cookies to be enabled. This prevents access to any substantive content or business information. The domain is registered and uses Cloudflare for DNS and security services but lacks a valid SSL certificate, resulting in no HTTPS support. The absence of privacy policies, contact information, or business details on the landing page limits the ability to assess the company's market position or services. Technically, the site employs Cloudflare's security headers but fails to implement modern TLS protocols or HSTS, reducing its security posture. Overall, the site scores low on content quality, technical implementation, security, privacy compliance, and business credibility due to the blocked content and missing critical elements.

A

AICHELIN Holding GmbH

aichelin.com

40

AICHELIN Holding GmbH is a leading industrial manufacturing company specializing in heat treatment solutions for metallic parts and components. The company offers a broad portfolio including industrial furnace systems, industrial burner systems, vacuum furnaces, and battery materials, supported by comprehensive global service offerings. Their website reflects a professional B2B focus targeting industrial clients and equipment manufacturers. Technically, the site uses modern JavaScript libraries, Bootstrap framework, and integrates consent management and Google Tag Manager for analytics and privacy compliance. However, the SSL/TLS configuration is critically flawed with an invalid certificate and no enabled TLS protocols, posing a significant security risk. Security headers are well implemented, but the lack of valid HTTPS severely impacts the security posture. Privacy policies and cookie consent mechanisms are present and GDPR compliant. WHOIS data confirms the legitimacy and consistency of the domain registration with the business identity. Overall, the website is content-rich and professionally presented but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions and trust.

The website onecareco.com is currently a parked domain with minimal content primarily consisting of advertising scripts and placeholders. There is no active business information, contact details, or meaningful content describing any products or services. The domain is mature, registered since 2007, but the website does not reflect an active or professional business presence. Technically, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. The hosting provider is Hetzner Online, and the site uses nginx and Caddy servers with JavaScript-based ad delivery. Security posture is weak with no modern TLS protocols enabled and no security headers configured. Privacy compliance is minimal with only a basic privacy policy page present and no cookie consent mechanism. Overall, the site scores low on content quality, technical implementation, security, privacy compliance, and business credibility.

W

Wienerberger AG

wienerberger.com

39

Wienerberger AG is a leading global manufacturer and supplier of building materials, specializing in bricks, clay roof tiles, pipe systems, and surface pavings. The company holds a strong market position as the world's largest brick producer and a market leader in Europe for clay roof tiles and infrastructure solutions. The website reflects a mature and professional digital presence with comprehensive content targeting investors, customers, and job seekers. Technically, the site is built on Adobe Experience Manager and uses modern web technologies, but critically lacks HTTPS/SSL encryption, exposing users to security risks. Security headers are partially implemented, but the absence of SSL/TLS significantly lowers the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high business credibility and content quality but requires urgent security improvements to protect user data and maintain trust.

F

FH Oberösterreich

fh-ooe.at

29

FH Oberösterreich (FH OÖ) is a leading university of applied sciences in Austria, offering a wide range of bachelor and master degree programs across multiple campuses. The institution emphasizes praxis-oriented education, personal consultation, and maintains strong international partnerships. The website reflects a mature digital presence with comprehensive content, clear navigation, and multilingual support. Technically, the site uses modern frameworks such as Vue.js and Craft CMS, and integrates various analytics and marketing tools with user consent mechanisms. However, the security posture is weakened by the absence of a valid SSL certificate and lack of security headers, exposing users to potential risks. Privacy compliance is well addressed with detailed policies and cookie consent. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure communications.

G

Getzner Textil AG

getzner.at

40

Getzner Textil AG is a well-established Austrian textile manufacturer with a history dating back to 1818. The company specializes in high-quality fashion fabrics, corporate fashion textiles, personal protective equipment, sports equipment textiles, and industrial textiles, emphasizing innovation and sustainability. Their market position is strong within Europe, serving a diverse clientele including fashion designers, garment makers, and industrial users. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design. Technically, the site uses modern JavaScript libraries, Google Tag Manager, and Matomo Analytics, hosted behind Fastly CDN and Varnish cache. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which severely impacts security posture. Privacy and cookie policies are well implemented with consent mechanisms, and the company maintains active social media channels. Overall, the domain registration and DNS data align with the company's claims, indicating legitimacy and trustworthiness.

C

Coloplast Group

coloplast.com

40

Coloplast is a mature, enterprise-level healthcare company headquartered in Denmark, specializing in intimate healthcare solutions such as ostomy, continence, bowel, wound, urology, and respiratory care. The company operates globally with a presence in over 100 countries and serves more than 2 million people annually. Their website reflects a professional and comprehensive digital presence, targeting healthcare professionals, patients, investors, and job seekers. Technically, the site uses modern JavaScript frameworks, Episerver CMS, and integrates multiple third-party services including Salesforce, Stripe, and Cookiebot. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is high, supported by detailed investor relations and sustainability information. Overall, the site is professionally designed and trustworthy but requires urgent security improvements.

F

Fraunhofer Austria Research GmbH

fraunhofer.at

40

Fraunhofer Austria Research GmbH is a well-established applied research partner for the Austrian industry, specializing in digital networking, automation, machine vision, artificial intelligence, factory planning, production management, supply chain management, and digital logistics. The company operates as part of the larger Fraunhofer-Gesellschaft, Europe's largest applied research organization, positioning itself as a key player in Industry 4.0 within Austria. Their business model focuses on applied research and development through industry collaborations and publicly funded projects. Technically, the website is built on an Apache server with Adobe Experience Manager CMS, utilizing RequireJS and standard web technologies. While the site is mobile-optimized and well-structured with good SEO practices, performance data is limited and suggests slow loading. Accessibility is basic but functional. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. Although some security headers like HSTS, X-Content-Type-Options, and X-XSS-Protection are present, the absence of HTTPS severely undermines the security posture. No incident response or vulnerability disclosure policies are evident, and cookie consent mechanisms are missing, indicating partial privacy compliance. Overall, the website is professional and credible with clear business information and social media presence. However, the critical lack of HTTPS and incomplete privacy mechanisms present significant risks. Strategic improvements in SSL deployment, security policies, and privacy compliance are recommended to enhance trust and security.

M

Moody’s Analytics Austria GmbH

kompany.com

40

kompany is a specialized provider of real-time official company information and compliance solutions, operating as a Moody’s Analytics Austria GmbH subsidiary. The company offers services such as KYC, KYB, AML, and UBO compliance tools, credit and register reports, and entity verification across over 115 million companies globally. Their market position is strong due to Moody’s backing, targeting businesses requiring robust compliance and risk management data. Technically, the website uses modern JavaScript frameworks, Google Analytics 4, and Cloudflare for hosting and CDN services, but lacks a valid SSL certificate, which is a critical security gap. Security headers are partially implemented, but the absence of HTTPS and TLS protocols significantly reduces the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. Overall, kompany presents a professional and trustworthy business front with room for critical security improvements.

Y

YTMP3

jobrocker.com

37

The website jobrocker.com operates as an online YouTube to MP3 and MP4 conversion service branded as YTMP3. It targets a broad audience including casual listeners, educators, and content creators by providing a free, fast, and easy-to-use tool without requiring registration or payments. The site emphasizes speed, audio quality, and simplicity, positioning itself as a reliable alternative to other converters. Technically, the site uses standard web technologies with Cloudflare CDN and Google Analytics for tracking, but lacks HTTPS encryption, which is a significant security concern. The absence of cookie consent and privacy compliance mechanisms further impacts user privacy. The domain is very new, registered in early 2025, consistent with the site's recent launch. Security posture is weak due to missing SSL and security headers, and no incident response or security policy information is provided. Overall, the site offers functional service but requires urgent security improvements to protect users and enhance trust.

S

Semperit AG Holding

semperitgroup.com

38

Semperit AG Holding is a well-established global manufacturer specializing in industrial polymer products and solutions, with a history dating back to 1824. The company operates multiple business divisions including hoses, profiles, form, conveyor belts, and Rico products, targeting industrial clients and investors. The website reflects a mature and professional digital presence, leveraging TYPO3 CMS and modern web design principles to provide a rich user experience. However, the absence of HTTPS and valid SSL certificates represents a significant security vulnerability that undermines user trust and data protection. While privacy and cookie policies are comprehensive and GDPR compliant, the lack of explicit security and incident response information suggests room for improvement in transparency and preparedness. Overall, the domain registration and WHOIS data confirm the legitimacy and maturity of the business, supporting a high trustworthiness rating despite technical security shortcomings.

D

Diesel

diesel.com

40

Diesel operates a global e-commerce platform specializing in fashion apparel and accessories, providing localized shopping experiences through country-specific domains. The website analyzed is a country selector landing page that directs users to various regional sites. The technical infrastructure leverages Salesforce Commerce Cloud (Demandware) and is hosted behind Cloudflare, with usage of Adobe Fonts and Tealium for analytics and marketing. However, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical security deficiency. Security headers are partially implemented, but the absence of HTTPS significantly undermines the security posture. Privacy and cookie policies are not present on this landing page, and no contact information is provided, limiting transparency and compliance with privacy regulations. Overall, the site demonstrates a basic level of technical and content maturity but requires urgent improvements in security and privacy compliance to meet modern standards.

B

BWT Holding GmbH

christaqua.com

36

BWT Holding GmbH operates a professional and content-rich website focused on providing ultra-pure water solutions for the pharmaceutical, biotech, and cosmetics industries. The company positions itself as a market leader with a comprehensive product and service portfolio including purified water generation, water for injection, pure steam, and automation solutions. The website demonstrates strong branding consistency, excellent content quality, and clear navigation targeting a B2B audience in healthcare. Technically, the site uses Microsoft IIS, JavaScript libraries, Google Tag Manager, and Cookiebot for consent management, with Sitecore CMS inferred. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Contact information is primarily via a contact form, with no explicit emails or phone numbers found. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and ensure secure communications.

U

Usecon gmbh

usecon.com

28

Usecon gmbh is an established technology and consulting company based in Vienna, Austria, founded in 2001. The company specializes in digital transformation, development, and AI solutions with a strong focus on human-centered design. Their market position is solid with over 24 years of experience and more than 1000 projects completed, targeting businesses seeking digital innovation and consulting services. The website content is well-structured and professional, supporting their business credibility. Technically, the website uses modern frontend technologies such as JavaScript and Tailwind CSS, but suffers from slow load times and lacks HTTPS support due to an invalid or missing SSL certificate. This significantly impacts the security posture and user trust. No CMS or backend platform is explicitly detected. Mobile optimization is good, but accessibility and SEO optimizations are basic. From a security perspective, the absence of HTTPS and modern TLS protocols is a critical vulnerability. No security headers or incident response policies are present, and no vulnerability disclosure mechanisms are found. Privacy and cookie policies exist and appear GDPR compliant, supporting privacy compliance. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and professional but requires urgent security improvements, especially implementing a valid SSL certificate and enabling HTTPS. Performance optimization and enhanced security headers would further improve the security posture and user trust.

C

Coop Himmelb(l)au

coop-himmelblau.at

26

Coop Himmelb(l)au is a globally recognized architecture firm headquartered in Vienna, Austria, with additional offices in Tirana and Dubai. The firm specializes in innovative architectural design and urban planning, serving a diverse international clientele. Their portfolio includes a wide range of projects such as cultural institutions, residential buildings, office complexes, and mixed-use developments, highlighting their expertise and market presence in the real estate and architectural sectors. The website reflects a professional and comprehensive presentation of their work, targeting clients and stakeholders interested in cutting-edge architectural solutions. Technically, the website is built on a modern stack including Apache server, JavaScript frameworks, and analytics tools like Google Analytics and Matomo. It uses Kirby CMS inferred from URL patterns and asset paths, and is hosted on weber.cloud. The site is well-optimized for mobile devices and accessibility, with good SEO practices and clear navigation. However, performance metrics are moderate, indicating room for improvement in loading speed. From a security perspective, the site lacks HTTPS, which is a critical vulnerability. While some security headers are present, the absence of SSL/TLS encryption severely impacts the overall security posture. No incident response or security policy documents are found, and no vulnerability disclosure or security.txt files are present. Privacy compliance is good, with a comprehensive privacy policy and cookie consent mechanisms in place, including GDPR compliance indicators. Overall, the website is professionally designed and content-rich, supporting the firm's strong market position. However, the lack of HTTPS is a major security risk that must be addressed immediately to protect user data and maintain trust. Strategic recommendations include implementing SSL/TLS, enhancing security headers, and publishing security and incident response policies to improve the security maturity and compliance posture.

The website ag-isw.at is currently a parked domain page primarily aimed at selling the domain name. It lacks any active business content, contact information, or service offerings. The site is heavily monetized through advertising scripts, mainly from Google Adsense and related ad networks. Technically, the site suffers from a lack of HTTPS support, with no valid SSL certificate installed, exposing visitors to security risks. Performance is poor with slow load times and minimal optimization. Privacy compliance is minimal, with only a basic privacy policy accessible via a popup link, and no cookie consent mechanisms present. Overall, the site does not present itself as a legitimate business or service provider at this time.

Salzburg AG operates a comprehensive utility and telecommunications service platform primarily serving the Salzburg region in Austria. The company offers high-speed internet services under the CableLink brand, including fiber and wireless options, alongside TV and telephony services. It also provides energy supply and transportation services, positioning itself as a regional market leader with a large operational footprint. The website reflects a mature digital presence with extensive content, clear navigation, and multiple customer engagement channels. Technically, the site uses modern web technologies and analytics tools, though it currently lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well managed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but should address SSL issues to enhance security and user trust.

F

FTC Capital

ftc.at

22

FTC Capital is an Austrian asset management company targeting both retail and institutional investors. The website provides segmented information for private clients and qualified institutional investors, reflecting a clear business focus on investment services within Austria. The digital infrastructure is based on WordPress with multilingual support and GDPR cookie compliance mechanisms, indicating a moderate level of digital maturity. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly undermines user trust and data security. Performance is suboptimal with slow load times, and contact information is not readily available, limiting direct communication channels. Overall, while the business positioning and content quality are good, the technical and security posture require urgent improvements to meet modern standards and regulatory compliance.

Q

Quantum Momentum Services

quantummomentum.net

39

Quantum Momentum Services is a small Australian-based business specializing in personal mentoring, coaching, spiritual healing, and business consulting services. The company offers individual mentoring, virtual assistance, and business consulting, targeting individuals and businesses seeking personal development and holistic support. The website is built on the GoDaddy Website Builder platform and integrates PayPal for payment processing. While the site presents relevant and well-structured content with clear contact information and social media presence, it lacks a valid SSL certificate, which significantly impacts its security posture. Basic privacy and terms of service documents are available, but cookie consent mechanisms and security policies are minimal or absent. Overall, the business appears legitimate and consistent with its domain registration data, but improvements in security and privacy compliance are recommended.

A

Alpen Privatbank AG

walserprivatbank.com

26

Alpen Privatbank AG is a well-established private banking and wealth management institution operating primarily in the German-speaking regions of Europe, with a strong presence in Austria and Germany. The company offers personalized asset management and investment advisory services, targeting private clients seeking tailored financial solutions. The website reflects a professional and consistent brand image, supported by multiple physical office locations and clear contact information. Technically, the site is built on TYPO3 CMS and hosted by maxcluster.net, but suffers from slow load times and lacks a valid SSL certificate, which significantly impacts security and user trust. The security posture is weak due to the absence of HTTPS and security headers, although privacy compliance is supported by a cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site demonstrates moderate business credibility but requires urgent security improvements to protect user data and enhance trust.

X

Xerox Corporation

xerox.com

38

Xerox Corporation is a globally recognized enterprise specializing in workplace solutions, document management, and digital printing technologies. The company serves a broad range of industries including education, legal, financial services, healthcare, government, and retail, offering products such as printers, multifunction devices, digital presses, software, and managed print services. The website reflects a mature digital presence with comprehensive content, clear navigation, and consistent branding, targeting business customers and partners worldwide. Technically, the website employs modern JavaScript frameworks and analytics tools such as New Relic, Google Tag Manager, and Adobe Launch, hosted likely on Microsoft Azure infrastructure. The site is mobile-optimized and accessible, with good SEO practices. However, a critical security gap is the absence of HTTPS/SSL on the main domain, exposing users to potential risks and undermining trust. Security posture is weak due to lack of SSL/TLS and missing security headers like HSTS, though some content security policies are in place. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Business credibility is high, supported by extensive corporate information, partner programs, and trust signals. Overall, the site is professionally designed and content-rich but requires urgent security improvements to enable HTTPS and strengthen SSL configurations to protect users and maintain enterprise trust.

N

Nameshift.com

kontext.nl

35

Nameshift.com operates as a domain name brokerage and escrow service focused on providing safe, fast, and fee-free domain transfers for buyers. The business model centers on charging sellers a commission while offering buyers a secure and straightforward purchasing experience. The website content is minimal and primarily serves as a landing page to facilitate domain purchases via Nameshift.com. Technically, the site uses modern web technologies such as SvelteKit and is hosted on a Caddy server, but lacks proper SSL/TLS configuration, resulting in no HTTPS availability. This significantly impacts the security posture and user trust. Security headers are partially implemented, but critical vulnerabilities exist due to the absence of a valid SSL certificate and TLS protocols. Privacy and cookie policies are missing, and no contact emails or phone numbers are provided, limiting compliance and user support capabilities. Overall, the site demonstrates a basic digital presence with room for significant improvements in security, privacy, and content completeness.

Wildniszone.at is a small Austrian business focused on consulting, education, and adventure-based team development and coaching services primarily targeting organizations and individuals in the Baden bei Wien region. The website content is minimal and outdated, relying on framesets and lacking modern web design and mobile optimization. Technically, the site is hosted on Apache with PleskLin and uses easyname.eu as the hosting provider. However, the absence of HTTPS and modern security headers significantly weakens its security posture. No privacy or cookie policies are present, and no contact or incident response information is provided, which impacts trust and compliance negatively. Overall, the website presents a low level of digital maturity and security readiness.

Meusburger Georg GmbH & Co KG is a market leader in manufacturing high-precision standard parts, serving global customers in mould, die, and jig & fixture construction. The company offers a comprehensive product portfolio including standard parts, workshop equipment, hot runner systems, and control systems. Their website reflects a mature digital presence with extensive product categorization and multi-language support. However, the absence of a valid SSL/TLS certificate significantly impacts the security posture, exposing users to potential risks. Security headers are well configured, but the lack of HTTPS is a critical vulnerability. Privacy compliance is moderate with a privacy policy present but no visible cookie consent mechanism. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

V

Vienna Insurance Group

vig.com

40

Vienna Insurance Group (VIG) is a leading insurance group in Central and Eastern Europe, operating through over 50 insurance companies and pension funds across 30 countries with approximately 30,000 employees. The website reflects a mature, enterprise-level business with a strong market position and comprehensive service offerings in insurance and reinsurance. The digital infrastructure is modern, leveraging JavaScript frameworks and a CMS (Umbraco), with good content quality and user experience. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS protocol support, which is a critical vulnerability for a financial services website. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of SSL/TLS issues to ensure secure communications.

T

TD Canada Trust

td.com

39

TD Canada Trust is a leading North American financial institution offering a broad range of banking and investment services to personal, small business, and commercial clients. The website reflects a mature digital presence with comprehensive content on corporate values, sustainability, innovation, and customer care. The technical infrastructure is built on Adobe Experience Manager and supported by major third-party services for analytics and marketing. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of HTTPS support, which poses significant risks to user data confidentiality and trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

T

Tetra Pak International S.A.

tetrapak.com

40

Tetra Pak International S.A. operates a comprehensive global website showcasing its leadership in food processing and packaging solutions. The company targets food and beverage industry professionals, offering a broad range of services including packaging, integrated equipment, product innovation, and digital automation. The website is well-structured, professionally designed, and optimized for SEO and accessibility, reflecting a mature digital presence. Technically, the site is built on Adobe Experience Manager and hosted on IBM PWS, leveraging modern web technologies and third-party tools for analytics and cookie consent. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which poses risks to data confidentiality and user trust. Privacy and cookie policies are present with consent mechanisms, indicating compliance with GDPR and related regulations. Contact information is primarily via web forms, with no direct emails or phone numbers publicly listed. Overall, the site demonstrates high business credibility and professionalism but requires urgent remediation of SSL and TLS issues to improve security and trust.

Canto operates as a leading provider of digital asset management (DAM) solutions, offering a comprehensive SaaS platform designed to help businesses organize, edit, share, and analyze digital content efficiently. The company positions itself as an industry leader with a strong focus on enterprise customers, providing feature-rich tools that enhance content workflows and brand management. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website is built using modern web technologies including Vue.js and is hosted on Netlify, indicating a contemporary and scalable infrastructure. The site demonstrates good SEO and mobile optimization practices, although performance metrics are not explicitly available. Accessibility is basic but present. The use of structured data and meta tags supports search engine visibility. From a security perspective, the site has several critical shortcomings. Despite having security headers like X-Content-Type-Options and X-Frame-Options, the absence of a valid SSL certificate and lack of HTTPS support severely undermine the security posture. No TLS protocols are enabled, and HSTS is not enforced, exposing users to potential risks. Privacy and cookie policies are comprehensive and GDPR compliant, but no explicit contact emails or phone numbers are provided, relying instead on contact forms. Overall, while the business and technical aspects of the website are strong, the critical lack of SSL/TLS encryption represents a significant risk that must be addressed promptly. Strategic recommendations include immediate SSL certificate installation, enabling modern TLS protocols, and enforcing HSTS to protect user data and maintain trust. Enhancing contact transparency and expanding security frameworks would further strengthen the company's security and compliance posture.

S

Schönherr Rechtsanwälte GmbH

schoenherr.eu

24

Schoenherr Attorneys at Law is a prominent full-service law firm operating primarily in Central and Eastern Europe, providing comprehensive legal advisory services to local and international companies. The firm positions itself as a leading legal advisor in the region, offering a wide range of services including publications, newsletters, and comparative legal guides. The website reflects a professional and consistent brand image, targeting corporate clients seeking expert legal counsel. Technically, the website is built on Microsoft IIS with ASP.NET and likely uses the Umbraco CMS, incorporating modern JavaScript libraries such as Slick Slider and Isotope for enhanced user experience. However, the site lacks HTTPS support, which is a critical security deficiency. The presence of cookie consent mechanisms and GDPR-compliant privacy policies indicates attention to privacy compliance, while analytics are conducted via Matomo with user consent. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

S

Svenska Cellulosa Aktiebolaget SCA (publ)

sca.com

33

SCA (Svenska Cellulosa Aktiebolaget) is a large enterprise operating primarily in the forestry, energy, and logistics sectors, with a strong focus on sustainability and renewable resources. The company manages Europe's largest private forest holdings and offers a comprehensive value chain including forest services, wood products, containerboard, renewable energy, pulp, and logistics. The website is professionally designed, content-rich, and well-structured, targeting stakeholders such as forest owners, investors, customers, and job seekers. Technically, the site uses modern JavaScript modules, SVG graphics, and is hosted behind Cloudflare, but lacks a valid SSL certificate, resulting in no HTTPS support which is a critical security concern. Privacy and cookie policies are present and indicate GDPR compliance, and the site uses Piwik PRO for analytics with moderate user tracking. The security posture is weak due to the absence of HTTPS and modern TLS protocols, no HSTS, and no OCSP stapling. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

A

Arbonia AG

arbonia.com

34

Arbonia AG is a large Swiss manufacturing company specializing in interior architectural products such as doors, showers, and room partition systems. The company operates through 15 specialized subsidiaries producing in Central Europe and serves architects, interior designers, and construction industry professionals globally. The website is built on TYPO3 CMS and features a modern design with good navigation and mobile optimization. It includes a GDPR-compliant cookie consent mechanism and links to comprehensive privacy policies. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which significantly impacts its security posture. Security headers are well configured, but the absence of TLS protocols and OCSP stapling are notable vulnerabilities. Contact information is present but lacks direct emails or phone numbers on the site. Social media presence is active on YouTube, Instagram, and LinkedIn. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

G

Global Blue

globalblue.com

38

Global Blue operates as a provider of tax-free shopping solutions and related financial services targeting international shoppers and retailers. The website serves as an informational and service platform, primarily implemented as a modern Angular single-page application. However, the site currently lacks visible content beyond the SPA shell, with no accessible privacy, cookie, or terms of service policies, and no contact information available in the HTML content. Technically, the site uses Varnish caching and modern JavaScript frameworks but suffers from poor SSL/TLS configuration, lacking a valid certificate and HTTPS support, which severely impacts security and trustworthiness. Security headers are minimal, and no vulnerability disclosure or incident response information is published. Overall, the website's security posture is weak, and privacy compliance is poor, which could expose the business to risks and reduce user trust.

S

Smarter Ecommerce GmbH

smarter-ecommerce.com

40

Smarter Ecommerce GmbH is an established Austrian company founded in 2007, specializing in AI-powered PPC campaign management software and expert consulting services tailored for ecommerce businesses. The company holds reputable certifications such as Google Premier Partner and Microsoft Advertising Elite Partner, positioning itself as a trusted player in the ecommerce marketing technology sector. Their offerings focus on Performance Max optimization, Google Ads management, and comparison shopping services, targeting ecommerce clients seeking to maximize advertising ROI. Technically, the website leverages modern web technologies including Bootstrap, GSAP, and Storyblok CMS, hosted behind Cloudflare CDN. The site implements a consent management platform (Usercentrics) and integrates multiple analytics and tracking tools such as Google Analytics, Hotjar, and Microsoft Clarity, reflecting a mature digital marketing infrastructure. Mobile optimization and SEO practices are well addressed, although performance metrics are not explicitly available. From a security perspective, the site lacks a valid SSL certificate, which is a critical vulnerability impacting user trust and data protection. While some security headers are present, important enhancements such as DNSSEC, CAA records, and full HSTS implementation are missing. No explicit security or incident response policies are published, and no vulnerability disclosure mechanisms are evident. Privacy compliance is well managed through a comprehensive privacy policy and cookie consent mechanism. Overall, the website demonstrates strong business credibility and digital maturity but requires urgent remediation of SSL/TLS issues and security hardening to ensure secure user interactions and compliance with best practices.

UniCredit Bank Austria AG operates as a major financial institution in Austria, providing a wide range of banking services including retail, corporate, and private banking. The website targets private customers, corporate clients, and private banking customers with comprehensive offerings such as accounts, credit cards, loans, insurance, and investment products. The bank is part of the UniCredit Group, indicating a strong market position and enterprise scale. The website is professionally designed with consistent branding and rich content, supporting a high level of user engagement and trust. Technically, the website employs modern JavaScript libraries and third-party services such as Tag Commander for tag management and Genesys for customer service. Hosting is supported by Akamai CDN infrastructure, enhancing availability and performance. However, the site suffers from slow load times and lacks a valid SSL certificate, which is a critical security flaw for a banking website. Accessibility and SEO optimizations are well implemented, and mobile responsiveness is good. Security posture is weak due to the absence of HTTPS, missing security headers, and no HSTS policy. While no immediate vulnerabilities are detected, these gaps expose the site to risks and reduce user trust. Privacy compliance is strong with clear privacy and cookie policies, GDPR adherence, and consent mechanisms in place. Business credibility is high, supported by certifications and transparent legal information. Overall, the site is a professional and comprehensive banking portal but requires urgent security improvements, especially SSL/TLS implementation, to meet industry standards and protect user data effectively.