Security Directory

B

BECOM Electronics GmbH

becom.at

40

BECOM Electronics GmbH is a medium-sized Austrian company specializing in electronic manufacturing services (EMS) and embedded solutions, serving industries such as automotive, medical technology, and industrial electronics. The company operates internationally with subsidiaries in Germany, Hungary, China, and the USA, positioning itself as a reliable partner for end-to-end electronic product development and production. Their website reflects a professional and comprehensive digital presence with detailed service offerings and strong branding consistency. Technically, the website is built on TYPO3 CMS and hosted likely via Kabelplus infrastructure. It features modern web design, good mobile optimization, and accessibility. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, despite the presence of some security headers and HSTS configuration. The site uses Google Analytics for user tracking and implements a cookie consent mechanism aligned with GDPR requirements. From a security perspective, the lack of HTTPS and TLS support significantly lowers the security posture, exposing users to potential risks. The DNS configuration is mostly sound but lacks DMARC and DNSSEC, which are recommended for enhanced email and DNS security. No explicit security or incident response policies are published, which could be improved to enhance trust and compliance. Overall, while the business and website demonstrate professionalism and strong market positioning, addressing the critical security issues and enhancing compliance documentation would improve trustworthiness and reduce risk exposure.

The website www.poyry.com currently serves an HTTP 404 error page indicating that the requested page cannot be found. There is no accessible business content, contact information, or policy documentation available on the site. The technical infrastructure shows hosting on Oracle Cloud with DNS records pointing to Microsoft Outlook for email services. However, the SSL certificate is invalid or missing, and HTTPS is not properly configured, which is a critical security concern. The site uses modern JavaScript frameworks such as LitElement, but this appears to be part of an error page template rather than actual business content. Overall, the website lacks essential content and security features, resulting in a low trust and credibility score.

The website br-automation.com currently presents minimal accessible content, lacking critical business and security information. The absence of metadata, structured data, and contact details suggests the site is either under development or poorly maintained. Technically, the site uses basic JavaScript but lacks modern frameworks or CMS indications. The hosting server is identified as PWS/8.3.1.0.8, but no DNS records or SSL certificate are properly configured, resulting in an insecure HTTP-only connection. Security posture is weak due to the lack of HTTPS, security headers, and privacy compliance mechanisms. Overall, the site poses a risk to visitors and does not inspire trust or professionalism.

G

GARTNER KG

gartnerkg.com

28

GARTNER KG is a large, family-owned Austrian logistics and transport company established in 1918, operating across 23 locations in 9 countries. The company specializes in road transport, intermodal transport, and warehousing services, positioning itself as one of Austria's largest family-owned transport providers and a leading logistics service provider in Europe. The website is professionally designed using TYPO3 CMS, with multilingual support and clear navigation targeting logistics customers and job seekers. Technically, the site uses Apache hosting with DNS managed by a1.net and integrates Cookiebot for GDPR-compliant cookie consent and Google Tag Manager for analytics. However, a critical security gap exists as the site lacks a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy policies and contact information are comprehensive and accessible, but no explicit security or incident response policies are published. Overall, the site demonstrates good business credibility and privacy compliance but requires urgent security improvements.

S

Sandvik AB

home.sandvik

40

Sandvik AB operates a comprehensive global website presenting itself as a leading high-tech engineering group specializing in mining, manufacturing, and infrastructure solutions. The site targets industrial customers, investors, and job seekers with detailed business and investor information, sustainability commitments, and career opportunities. The technical infrastructure leverages modern JavaScript frameworks, Azure Application Insights for telemetry, and OneTrust for cookie consent, hosted behind Cloudflare CDN. However, the website suffers from a critical security flaw: the SSL certificate is invalid or missing, and no TLS protocols are enabled, severely impacting the security posture. Despite this, the site implements strong security headers and privacy mechanisms, including GDPR-compliant policies and cookie consent banners. The domain registration is consistent with the business identity, mature, and trustworthy. Overall, the website is professionally designed, content-rich, and well-branded but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

B

BI plus GmbH

biplus.at

36

BI plus GmbH is a specialized business analytics and corporate performance management consulting firm based in Austria with additional presence in Germany. The company offers a range of services including consulting, installation, configuration, training, and support, positioning itself as a leading expert in its field and an IBM Silver Business Partner. The website reflects a professional business with clear service offerings and contact information targeting corporate clients in Austria and Germany. Technically, the website uses common JavaScript libraries and tracking tools but lacks a valid SSL certificate, which is a significant security concern. The absence of HTTPS impacts the overall security posture and user trust. Privacy compliance is addressed with a cookie consent banner and GDPR-related policies, though no explicit security or incident response policies are found. The domain registration and DNS records are consistent with the business claims, supporting legitimacy. Strategic recommendations include immediate SSL implementation, enhanced security headers, and improved email security policies to strengthen trust and compliance.

VOG AG is a well-established Austrian retail company founded in 1916, specializing in the distribution of food and non-food products across Central Europe and Asia. The company operates multiple subsidiaries and maintains a significant market presence with trusted brands and production facilities. The website reflects a professional business with clear corporate information and a focus on trade customers. Technically, the website runs on an Apache server with basic JavaScript and CSS, but lacks modern CMS or advanced frameworks. Performance data is missing, and mobile optimization is basic. Security posture is weak due to the absence of HTTPS and modern security headers, exposing the site to risks. Privacy compliance is strong with comprehensive policies and cookie consent mechanisms implemented. Overall, the site is functional and credible but requires urgent security improvements.

E

EGGER

egger.com

36

EGGER is a well-established global family-owned manufacturing company specializing in wood-based materials for furniture, interior design, wood construction, and flooring. Founded in 1961 and headquartered in Austria, EGGER holds a strong market position as an internationally leading manufacturer. The website reflects a professional and content-rich digital presence targeting industry professionals and retailers. Technically, the site uses modern JavaScript frameworks and custom CMS templates hosted on AWS infrastructure, but lacks performance metrics and has room for improvement in accessibility and SEO. Security posture is weak due to the absence of a valid SSL certificate, lack of modern TLS protocols, and missing security headers, exposing users to risks. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information and social media presence are well established, enhancing business credibility. Overall, the site is trustworthy but requires urgent security enhancements to protect users and improve compliance.

Ö

Österreichische Agentur für Gesundheit und Ernährungssicherheit GmbH

ages.at

40

The website ages.at represents the Österreichische Agentur für Gesundheit und Ernährungssicherheit GmbH, a large Austrian government agency focused on protecting the health of humans, animals, plants, and the environment. It offers comprehensive services in food safety, public health, veterinary health, risk assessment, and research. The site is professionally designed with excellent content quality and clear navigation targeting public health professionals, researchers, and the general public in Austria. Technically, the site is built on TYPO3 CMS and uses Matomo for analytics, but suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. This is a critical security weakness that undermines user trust and data protection. Privacy policies and cookie consent mechanisms are well implemented, reflecting good GDPR compliance. Security posture is weak due to missing HTTPS, lack of security headers, and no DMARC record for email protection. No explicit security or incident response policies are found. The domain registration data aligns well with the agency's identity, confirming legitimacy. Overall, the site is authoritative and trustworthy in content and business credibility but requires urgent improvements in security infrastructure to protect users and comply with modern web standards.

T

TopLab - Toplak Laboratory

toplab.at

19

TopLab - Toplak Laboratory is a small Austrian technology consulting and research business specializing in cybernetics, app creation, technology scouting, and contract research. The website presents a professional image with detailed descriptions of services and a focus on niche technological fields such as artificial intelligence, robotics, and neural modeling. The target audience includes investors, potential partners, and clients seeking specialized consulting and development services. Technically, the website is built using React and JavaScript but suffers from slow load times and basic mobile optimization. Security posture is weak due to the absence of HTTPS, lack of security headers, and no advanced DNS security features. Privacy compliance is poor with no visible privacy or cookie policies and no GDPR indicators. Contact information is minimal, relying on LinkedIn for direct communication. Overall, the site is functional but requires significant improvements in security and compliance to enhance trust and protect users.

R

Randstad Austria GmbH

randstad.at

40

Randstad Austria GmbH operates as a leading personnel service provider in Austria, offering staffing, recruitment, and HR solutions. The company is part of the global Randstad N.V. group and targets job seekers and companies within Austria. The website is professionally designed with comprehensive content, clear navigation, and strong branding consistency. Technically, the site uses Drupal CMS with React components, hosted on AWS infrastructure with CloudFront CDN. However, a critical security gap exists as the website lacks a valid SSL certificate and does not serve content over HTTPS, exposing users to potential risks. Security headers are well implemented, but the absence of HTTPS significantly lowers the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact and company registration information provided. Social media presence is robust, enhancing trust and engagement.

D

Doka GmbH

doka.com

40

Doka GmbH is a global leader in formwork and scaffolding solutions, serving the construction industry with a broad portfolio of products and digital services. The company operates worldwide with a strong presence in Finland and is part of the Umdasch Group. The website reflects a mature business with comprehensive content, multiple language support, and customer engagement portals. Technically, the site uses modern web technologies and frameworks but lacks a valid SSL certificate, which is a significant security concern. Privacy compliance is well addressed with clear policies and consent mechanisms. The overall security posture is weak due to missing HTTPS, which impacts trust and user safety. Strategic improvements in SSL deployment and security hardening are recommended to enhance the site's credibility and protect user data.

D

DONAU Versicherung AG Vienna Insurance Group

donauversicherung.at

40

DONAU Versicherung AG Vienna Insurance Group is a large Austrian insurance company offering a broad range of insurance products including health, pension, car, home, and legal protection insurance for private and business customers. The website is professionally designed with excellent content quality, clear navigation, and good mobile optimization. It uses TYPO3 CMS and integrates modern tools such as TagCommander for tag management and Empathy Portal for live chat support. Despite these strengths, the website suffers from a critical security issue: the SSL certificate is invalid or missing, which undermines user trust and security. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. The company demonstrates strong business credibility with certifications and high customer ratings. Overall, the site is functional and trustworthy but requires urgent SSL certificate remediation to improve security posture.

V

Visma e-conomic A/S

e-conomic.dk

37

Visma e-conomic A/S operates e-conomic.dk, a leading Danish online accounting software platform serving over 240,000 businesses. The company offers flexible subscription packages tailored to various business sizes and integrates with multiple business systems. The website is professionally designed with comprehensive content, clear navigation, and strong branding consistency. Technically, it uses Drupal 11 CMS, Cloudflare CDN, and modern JavaScript libraries, ensuring good performance and mobile optimization. However, a critical security gap exists as the main domain lacks HTTPS/SSL, exposing users to risks. Privacy and cookie policies are well implemented with GDPR compliance, and multiple contact channels including forms, email, and phone are available. The domain is mature and consistent with the business identity, owned by Visma Group. Overall, the site is trustworthy and business credible but urgently needs to enable HTTPS to improve security posture.

R

Rituals Cosmetics

rituals.com

40

Rituals Cosmetics operates a large-scale international e-commerce platform specializing in cosmetics and lifestyle products. The website offers a localized shopping experience with multiple country and language options, leveraging Salesforce Commerce Cloud technology. The technical infrastructure includes modern JavaScript libraries, tag management, and analytics tools, but suffers from a lack of a valid SSL certificate and security headers, which significantly impacts the security posture. Privacy compliance is addressed with cookie consent mechanisms and a comprehensive privacy policy, though explicit contact and security policy information is limited. Overall, the website is professional and trustworthy from a business perspective but requires urgent improvements in security configuration to protect user data and maintain trust.

S

Stanton Chase

stantonchase.com

40

Stanton Chase is a globally recognized executive search and leadership consultancy firm founded in 1990. It operates with a large international footprint, boasting 70 offices and 350 consultants across 45 countries. The company specializes in retained executive search, leadership assessment, succession planning, and onboarding services, targeting corporate clients seeking top leadership talent. The website is professionally designed, content-rich, and well-branded, reflecting a high level of business maturity and market positioning. Technically, the website uses modern frameworks such as Nuxt.js and is hosted behind Cloudflare, leveraging CDN and security features. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support. This significantly undermines the security posture despite the presence of some security headers. The site lacks a cookie consent mechanism despite using tracking and marketing automation scripts, indicating partial privacy compliance. Security-wise, the site has implemented some best practices like HSTS and X-Frame-Options headers but fails to provide a secure encrypted connection, which is a major vulnerability. No incident response or security policy information is publicly available. The WHOIS data confirms the domain's legitimacy and maturity, consistent with the company's claimed history. Overall, Stanton Chase's website demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust. Privacy compliance should also be improved by implementing explicit cookie consent mechanisms.

L

Leica Microsystems

leica-microsystems.com

40

Leica Microsystems is a well-established global leader in microscopy and imaging solutions, serving diverse sectors including life sciences, industrial manufacturing, medical specialties, and education. The company offers a broad portfolio of products ranging from light and confocal microscopes to software and consumables, supported by comprehensive service and application support. The website reflects a mature digital presence with rich, professional content and consistent branding, targeting scientific and industrial professionals worldwide. Technically, the site is built on TYPO3 CMS with modern frontend technologies and integrates marketing and analytics tools such as Google Tag Manager and OneTrust for cookie consent. However, the current lack of a valid SSL certificate and absence of HTTPS significantly undermines the security posture, despite the presence of several security headers and policies. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. WHOIS data confirms the domain's maturity and legitimacy, registered under Network Solutions without privacy protection, consistent with the company's profile. Strategic improvements in SSL/TLS configuration and enhanced security practices are recommended to elevate trust and protect user data.

B

BWT Holding GmbH

bwt.fr

37

BWT Holding GmbH operates a comprehensive website focused on water treatment solutions, targeting private consumers and professional sectors in France. The site offers detailed product and service information, supported by a consistent brand presence and multiple customer contact channels. Technically, the website uses modern JavaScript libraries, Google Tag Manager, and performance optimization tools, hosted behind Cloudflare. However, a critical security weakness is the invalid SSL certificate and lack of TLS protocol support, which significantly undermines the site's security posture. Privacy and cookie policies are present and appear GDPR compliant, with consent mechanisms implemented. Overall, the site is professional and content-rich but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

S

sincosinco.com

sincosinco.com

37

The website sincosinco.com is currently a parked domain primarily serving advertising content through Google Adsense and Bodis. There is no active business presence or descriptive content about services or products. The domain is mature, registered since 2011, and managed by Porkbun LLC, indicating stable ownership but no active commercial use. Technically, the site lacks HTTPS support and security best practices, resulting in a low security posture. Performance is poor with a high page load time, and there is minimal mobile or accessibility optimization. Privacy compliance is lacking, with no cookie consent or GDPR indicators. Overall, the site appears to be a placeholder rather than a functional business website.

L

Log Consulting Services

log-cs.com

40

Log Consulting Services is a specialized business consulting firm focusing on AI-powered process optimization, advanced logistics (5PL), and fiscal strategies for market expansion, particularly in Europe. The company leverages over a decade of Lean and Six Sigma expertise combined with AI analytics to deliver tailored solutions that enhance operational efficiency and support sustainable growth. The website is built on the Wix platform, utilizing various Wix apps and technologies to provide a professional and content-rich user experience. However, the site currently suffers from an invalid SSL certificate, which poses a significant security risk and undermines user trust. Additionally, while a cookie policy is present, there is no explicit consent mechanism, which may affect privacy compliance. Overall, the business presents itself as credible and professional, with clear contact information and structured data enhancing its online presence.

HypoVereinsbank by UniCredit Bank GmbH operates a professional and comprehensive banking website targeting private and corporate customers in Germany. The site offers a wide range of financial services including online banking, investment products, loans, and wealth management. It is well-positioned in the market, recognized by industry awards such as 'Bank of The Year 2024' and 'Fairste Filialbank 2024'. The website demonstrates strong branding consistency and trust indicators, with clear contact information and GDPR compliance. Technically, the site uses modern JavaScript libraries and is hosted via Akamai with Adobe Experience Manager as the CMS platform. However, performance is currently slow and SSL/TLS configuration is invalid, which poses security risks. Security headers are mostly present but the Content-Security-Policy is overly permissive. No WAF or blocking mechanisms are detected, allowing full content access. Privacy and cookie policies are implemented with consent mechanisms. Overall, the site is professional and trustworthy but requires urgent SSL fixes to improve security posture.

I

Ivoclar Vivadent

ivoclarvivadent.com

40

Ivoclar Vivadent operates a comprehensive and professionally designed website targeting dental professionals including dentists and technicians. The company offers innovative dental materials and digital equipment solutions, positioning itself as a leading enterprise in the healthcare sector. The website demonstrates strong digital maturity with modern JavaScript frameworks, extensive use of marketing and analytics tools, and a consistent brand presence. However, a critical security gap exists due to the absence of a valid SSL certificate and enabled TLS protocols, which significantly impacts the security posture and user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is content-rich and user-friendly but requires urgent security improvements to meet industry standards.

C

Cargill, Incorporated

delacon.com

23

Delacon.com is the online presence of Delacon, a global leader in phytogenic solutions for animal nutrition, operating under the parent company Cargill, Incorporated. The website offers comprehensive information about their products, research, and career opportunities, targeting professionals in the animal nutrition and agriculture sectors. The site is built on TYPO3 CMS and hosted on AWS infrastructure, featuring a professional design and good content quality. However, the absence of a valid SSL certificate and HTTPS significantly impacts the security posture. While security headers are partially implemented, critical improvements are needed to secure data transmission and user privacy. The site lacks explicit cookie consent mechanisms despite using Google Analytics and other tracking tools, indicating partial privacy compliance. Overall, the domain registration and WHOIS data align well with the business claims, supporting legitimacy and trustworthiness.

S

SIWA Online GmbH

siwa.at

38

SIWA Online GmbH is a medium-sized Austrian digital agency specializing in web, app, and e-commerce solutions. The company emphasizes consulting, design, development, and ongoing support services, positioning itself as a trusted partner with ISO 27001 certification. Their market presence is supported by multiple client testimonials and a professional online presence. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and hosted on AWS CloudFront, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which undermines secure communications. The site implements strong security headers and content policies but lacks full TLS protocol support and HSTS enforcement. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business demonstrates strong credibility and professionalism but must urgently address SSL/TLS issues to improve security posture and trust.

Raiffeisenverband Salzburg eGen operates as a large regional banking cooperative in Austria, providing a comprehensive range of financial services including retail banking, corporate banking, investment products, insurance, and real estate services. The website targets private and corporate customers primarily in the Salzburg region, emphasizing local presence and digital innovation. The business is well-positioned as the largest banking group in Austria by branch count and employees, with a strong community and regional focus. Technically, the website is built on Adobe Experience Manager CMS with modern web technologies and responsive design, offering good user experience and accessibility. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information and trust indicators are prominently presented, supporting business credibility. Overall, the site is professional and content-rich but urgently requires SSL implementation to secure user data and maintain trust.

T

TROTEC LASER INC.

troteclaser.com

39

Trotec Laser GmbH is a well-established manufacturer of professional laser machines and materials, serving a global market including manufacturers, engravers, schools, and print shops. With over 25 years of experience, the company offers a comprehensive product portfolio including laser cutters, engravers, markers, software, and consumables, supported by a worldwide network and strong customer base. The website is professionally designed, content-rich, and supports multiple languages and regions, reflecting a mature digital presence. Technically, the site uses TYPO3 CMS and Nuxt.js, hosted behind Cloudflare CDN, but lacks a valid SSL certificate, which is a critical security gap. Security headers are partially implemented, but modern TLS protocols and HSTS are missing, reducing the overall security posture. Privacy compliance is moderate with a clear privacy policy and terms of service, but no cookie consent mechanism is detected. Contact information is comprehensive and clearly presented. Overall, the site demonstrates strong business credibility and user experience but requires urgent security improvements to protect users and maintain trust.

M

MBIT Solutions GmbH

mbit.at

33

MBIT Solutions GmbH is an established Austrian IT service provider specializing in tailored web and software solutions for medium to large enterprises and public organizations. Their offerings include enterprise-grade websites, web development, industry-specific solutions, and B2B e-commerce platforms. The company has a strong market position supported by over two decades of experience and a portfolio of reputable clients. Technically, the website is built on TYPO3 CMS, hosted on Apache servers, and integrates modern marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which undermines HTTPS security despite the presence of security headers and content security policies. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Overall, the website demonstrates high professionalism and trustworthiness but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

L

Ludwig Boltzmann Gesellschaft

rare-diseases.at

35

The Ludwig Boltzmann Institute for Rare and Undiagnosed Diseases (LBI-RUD) is a specialized Austrian research institute focused on investigating rare diseases, particularly those affecting the immune system, blood formation, and nervous system. The institute operated for seven years until March 2023, contributing valuable scientific insights and supporting patients through its research. The website serves as an informational platform targeting researchers, medical professionals, and affected patients, providing news, research areas, and organizational information. The business model is non-profit, funded by grants and public sources, and it operates under the Ludwig Boltzmann Gesellschaft umbrella. Technically, the website is built on WordPress and hosted on servers associated with domaindiscount24.net. While the site has a professional design with good navigation and mobile optimization, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. This exposes visitors to potential risks and undermines trust. The site uses Matomo analytics for user tracking and includes a cookie consent banner, indicating some level of privacy compliance, though GDPR compliance is not fully evident. Security posture is weak due to missing HTTPS, lack of security headers, and outdated SSL/TLS configurations. No incident response or security policies are publicly disclosed. Contact information is clearly provided, including phone, address, and an obfuscated email address. Social media presence is active across major platforms, enhancing outreach and trust. Overall, the website is functional and informative but requires urgent security improvements to protect users and enhance credibility. Strategic recommendations include implementing HTTPS, improving security headers, and enhancing privacy compliance documentation.

S

Syensqo

cytec.com

40

Syensqo is a global science company focused on developing advanced, forward-looking solutions that enhance various sectors including energy, transportation, and manufacturing. The company positions itself as a market leader with a strong emphasis on innovation, sustainability, and investor transparency. Their website reflects a mature digital presence with comprehensive content targeting industrial clients, investors, and potential employees. Technically, the site is built on Drupal 10 with modern web technologies and integrates multiple analytics and marketing tools. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue for trust and data protection. Despite strong security headers and privacy policies, the missing SSL significantly impacts the overall security score. The domain registration details are consistent with the business claims, indicating legitimacy. Strategic recommendations include immediate SSL implementation and enhancement of security configurations to align with best practices.

Swarovski Group operates a comprehensive e-commerce platform showcasing its luxury jewelry, watches, and crystal decorations. The website reflects a mature digital presence with extensive product categorization, rich multimedia content, and integrated marketing and analytics tools. The brand maintains a strong market position as a leading global luxury retailer with a history dating back to 1895. Technically, the site leverages modern JavaScript libraries, Google Tag Manager, and third-party personalization and fraud prevention services, hosted on AWS infrastructure. However, a critical security concern is the invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the site's security posture. Privacy and cookie policies are well implemented and GDPR compliant, with clear contact channels available. Overall, the site is professional and trustworthy but requires urgent remediation of SSL issues to ensure secure user interactions.

A

Alicona Imaging GmbH

alicona.com

33

Alicona Imaging GmbH operates as a global provider of optical 3D metrology and surface roughness measurement solutions, specializing in non-contact measurement technologies based on Focus-Variation. The company targets manufacturing sectors such as automotive, aerospace, medical technology, and precision manufacturing, offering devices and automation solutions to enhance quality assurance and production measurement. The website reflects a mature digital presence with professional design, comprehensive content, and active engagement through blogs and events. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability that undermines user trust and data protection. The technical infrastructure leverages modern frameworks and CMS platforms, but performance issues such as slow load times need addressing. Privacy compliance is well managed with cookie consent mechanisms and clear privacy policies. Overall, Alicona demonstrates strong business credibility but must urgently improve its security posture to align with best practices and regulatory requirements.

The website boutique1.com currently serves minimal content, appearing as a placeholder or parking page with no visible business or contact information. The domain is mature, registered since 2007 with GoDaddy.com, LLC, and shows strong domain protection and low expiry risk. However, the lack of a valid SSL certificate and absence of privacy or cookie policies indicate a low security and compliance posture. The technical infrastructure includes JavaScript and hosting on Amazon AWS, but performance is slow and SEO optimization is poor. Security best practices are not implemented, and no forms or user data collection mechanisms are present. Overall, the site lacks professionalism and trust indicators, resulting in a low AI score and high risk for user trust and compliance.

M

mehrwert.life

ihrmehrwert.at

22

The website ihrmehrwert.at represents a small Austrian consulting and coaching business focused on personal and business transformation for entrepreneurs. The company offers services to help clients develop new behaviors for improved life quality, operational stability, and business model innovation. The site is professionally designed with consistent branding and includes customer testimonials and LinkedIn profiles to build trust. Technically, the site uses the WebPlatform CMS hosted on Amazon AWS, with integrations such as Google Calendar and Google reCAPTCHA. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are minimal, and no incident response or security policies are published. Privacy and cookie policies exist but are hosted externally on Google Drive, with a cookie consent mechanism implemented. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

Condor is a well-established airline focused on providing affordable flights primarily between the USA, Canada, and Europe. The website offers comprehensive flight booking services, flexible fare options, and travel extras such as seat reservations and baggage management. The company targets travelers seeking convenient and cost-effective air travel solutions. Technically, the website is built on TYPO3 CMS and leverages Akamai CDN for content delivery, with modern JavaScript frameworks and cookie consent managed by Usercentrics, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and lack of HTTPS support, which severely impacts the security posture and user trust. Privacy compliance is well addressed with GDPR-consistent cookie consent mechanisms and clear privacy policies. Overall, the website is professional and user-friendly but requires urgent security improvements to protect user data and ensure secure transactions.

M

MIC Datenverarbeitung GmbH

mic-cust.com

29

MIC Datenverarbeitung GmbH operates as a leading global provider of customs and trade compliance cloud software solutions, serving over 1000 customers across more than 55 countries. Their SaaS offerings focus on integrated customs compliance and trade compliance systems, supported by a consistent global service organization. The website reflects a mature digital presence built on TYPO3 CMS, with professional design, clear navigation, and extensive product and service information. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall, exposing users to potential risks. Security headers are well implemented, but the lack of TLS and HSTS reduces overall security posture. Privacy compliance is addressed with a cookie consent mechanism and a comprehensive privacy policy, though explicit GDPR compliance indicators could be enhanced. Business credibility is strong, supported by consistent WHOIS data, partner logos, and social media presence. Strategic improvements in SSL deployment and security practices are recommended to elevate trust and compliance.

P

PHINIA Inc.

delphi.com

40

PHINIA Inc. is a mature, large-scale business specializing in premium fuel systems, electrical systems, and aftermarket automotive products with a strong emphasis on sustainability and innovation. The company positions itself as a market leader advancing clean transportation technologies and alternative fuels. The website reflects a professional and consistent brand image with comprehensive corporate governance and investor relations information. Technically, the site uses Sitefinity CMS, Cloudflare hosting, and integrates multiple marketing and analytics tools such as Google Analytics and HubSpot. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS support, which poses a critical risk to user trust and data security. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. Overall, the site is content-rich and professionally maintained but requires urgent remediation of SSL/TLS issues to ensure secure communications.

C

Chemetall GmbH

chemetall.com

34

Chemetall GmbH is a well-established global leader in surface treatment chemical solutions, operating as a subsidiary of BASF. The company serves industrial clients across multiple sectors including aerospace, automotive, and manufacturing, providing advanced chemical technologies and laboratory services. The website reflects a professional and consistent brand presence with good content quality and clear navigation, targeting B2B industrial customers. Technically, the site uses legacy JavaScript libraries and lacks modern performance optimizations, with slow loading times and basic mobile responsiveness. Security posture is weak due to the absence of HTTPS and minimal security headers, exposing users to potential risks. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. WHOIS data confirms a mature and legitimate domain with consistent registration details. Overall, the site demonstrates solid business credibility but requires urgent improvements in security and privacy to meet modern standards.

The domain fmt.biz is registered to Christof Industries GmbH, an Austrian company with a mature domain age of 23 years. However, the website currently hosts only a default Plesk server placeholder page indicating no active web presence or business content. The technical infrastructure is minimal, running on an nginx server with no valid SSL certificate, resulting in no HTTPS support. Security headers are partially implemented but limited by the lack of HTTPS. There are no privacy, cookie, or terms of service policies, nor any contact information or forms on the site. DNSSEC and CAA records are not enabled, reducing domain security. Overall, the website lacks professional content, security maturity, and privacy compliance, resulting in a low trustworthiness score.

epunkt GmbH is an established Austrian employment agency specializing in job placement and career coaching services. With a domain age of 22 years and a strong presence in Austria, the company targets job seekers and employers, offering personalized career advice and access to a broad range of job opportunities. The website is professionally designed, content-rich, and provides clear navigation and contact information, supporting a positive user experience and trustworthiness. Technically, the site uses nginx as the server and integrates NewRelic for performance monitoring. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to potential risks. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. Overall, the business is credible and well-positioned in its market, but immediate remediation of security issues is essential.

Austrian Airlines AG operates a comprehensive and professional airline website targeting global travelers seeking flights and related travel services. The site offers extensive booking options, flight management, and loyalty program integration, reflecting a mature digital presence consistent with a major European airline and Lufthansa Group member. The technical infrastructure leverages modern web technologies including Apache server, Adobe Helix, and Maui Design System, with content delivery optimized via Akamai CDN. However, performance metrics indicate slow loading times, suggesting room for optimization. Security posture reveals critical gaps, notably the absence of a valid SSL certificate and disabled TLS protocols, which significantly undermine user trust and data protection. While security headers and content policies are well implemented, the lack of HTTPS is a major concern. Privacy compliance is strong with a comprehensive privacy policy and GDPR adherence, though cookie consent mechanisms are not clearly detected. Overall, the website is highly professional and credible but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and compliance with modern security standards.

BMW.at is the official website for BMW Austria, providing comprehensive information on premium vehicles, including electric and hybrid models, leasing and financing options, and after-sales services. The site targets automotive customers in Austria, emphasizing BMW's premium brand positioning and extensive product offerings. The website is built on a robust technical infrastructure leveraging Adobe Experience Manager and Akamai CDN, ensuring a modern and responsive user experience. Despite the advanced infrastructure, the site currently suffers from an invalid SSL certificate, which undermines its security posture. Security headers are partially implemented, but improvements are needed to fully secure user interactions and data. Privacy and cookie policies are well-presented and GDPR compliant, reflecting BMW's commitment to data protection. Overall, the site demonstrates high professionalism and trustworthiness, with strong brand consistency and extensive content relevant to its audience.

S

STRABAG SE

strabag.com

40

STRABAG SE is a leading European construction and technology company specializing in infrastructure, building construction, and specialized construction sectors. The company emphasizes innovation, sustainability, and quality, positioning itself as a market leader with a comprehensive portfolio of services including road construction, civil engineering, and tunneling. The website content reflects a mature enterprise with a strong focus on ESG principles and investor relations, targeting investors, clients, and partners in the construction and infrastructure sectors. Technically, the website employs standard web technologies such as jQuery and custom JavaScript, hosted on Microsoft Azure with DNS managed via AWS. While the site is content-rich and well-structured with good SEO and mobile optimization, it suffers from critical security shortcomings, notably the absence of a valid SSL/TLS certificate and HTTPS support, which severely impacts its security posture. Security analysis reveals a lack of essential security headers, no DNSSEC or CAA records, and no advanced SSL features like OCSP stapling or session resumption. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism, but incident response and vulnerability disclosure policies are not evident. Overall, STRABAG SE's website demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, enabling security headers, and adopting DNS security measures to align with best practices.

U

USound

usound.com

37

USound is a technology company specializing in MEMS speaker technology designed for integration into advanced audio devices such as TWS earbuds, headphones, AR/VR glasses, audio glasses, and hearing aids. The company positions itself as an innovator in the audio technology market, offering products with superior form factors, low power consumption, and high audio fidelity. Their website provides comprehensive product catalogs, technical documentation, and application insights targeting manufacturers and developers in the wearable and hearable device sectors. Technically, the website is built on WordPress with a modern tech stack including React, jQuery, and various plugins for enhanced user experience. However, the site lacks HTTPS, which is a critical security vulnerability. The security posture is basic with no advanced headers or SSL configuration, but no known vulnerabilities or exposed sensitive data were detected. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent security improvements to enable HTTPS and enhance security headers.

Pilz GmbH & Co. KG operates an international website focused on providing comprehensive automation technology solutions, emphasizing safety and industrial security. The company targets industrial automation professionals and machine builders, offering components, systems, and services to ensure safe automation worldwide. The website is professionally designed with clear navigation and multilingual support, reflecting a strong market position in manufacturing and technology sectors. Technically, the site uses modern JavaScript frameworks, Google Tag Manager, and Cookiebot for consent management, but suffers from critical SSL/TLS misconfigurations that undermine its security posture. Security headers are well implemented, but the lack of a valid SSL certificate and disabled TLS protocols significantly reduce the site's security score. Privacy compliance is robust, with clear privacy and cookie policies and consent mechanisms in place. Business credibility is high, supported by detailed contact information, social media presence, and consistent branding. Overall, the site is functional and professional but requires urgent remediation of its SSL/TLS issues to improve security and trust.

N

Nameshift.com

unterweger.eu

28

The website unterweger.eu is a domain sales and transfer service platform operated in partnership with Nameshift.com, a domain escrow and marketplace service. The business model focuses on providing a secure and simple way for buyers to purchase domain names with escrow protection, free assistance, and VAT invoicing. The target audience includes individuals and businesses seeking domain ownership with minimal risk. The website is built using modern web technologies such as SvelteKit and is hosted on a CDN associated with Nameshift.com. However, performance metrics are not available, and the site shows basic content quality with limited interactive elements. From a security perspective, the website lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability impacting user trust and data security. Although some security headers are present, the absence of TLS protocols and HSTS reduces the overall security posture significantly. No privacy or cookie policies are published, indicating poor privacy compliance. Contact information is limited to a physical address in the Netherlands, with no emails or phone numbers provided, which may affect user confidence. Overall, the website demonstrates a basic level of technical implementation and business credibility but suffers from critical security and privacy compliance gaps. Strategic improvements in SSL/TLS deployment, privacy policy publication, and contact transparency are essential to enhance trust and security. The domain registration data aligns well with the business claims, showing consistency and legitimacy without privacy protection, which is appropriate for this type of service.

A

AVL List GmbH

avl.com

40

AVL List GmbH is a globally recognized leader in mobility technology, specializing in development, simulation, and testing solutions primarily for the automotive industry. The company offers a broad portfolio of engineering, simulation, and testing services, with a strong emphasis on sustainable and innovative mobility solutions such as hydrogen engines, hybrid powertrains, and fuel cells. Their market position is that of a mature, enterprise-level technology provider with a significant global presence and a history spanning over 28 years. Technically, the website is built on Drupal 10 with modern JavaScript libraries and includes Cookiebot for consent management. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Performance is also a concern, with a notably slow page load time and a large page size. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR compliance indicators. Business credibility is strong, supported by detailed corporate information, consistent branding, and multiple trust signals. Overall, while the business and content quality are excellent, the lack of HTTPS and slow performance are key vulnerabilities that should be addressed promptly.

The website valleys-wordworks.com is currently a parked domain with no substantive business content or services presented. It primarily serves advertising placeholders and domain parking scripts, lacking any clear business description, contact information, or user engagement features. The technical infrastructure is minimal, hosted on Hetzner Online with a Caddy web server, but critically lacks a valid SSL/TLS certificate, resulting in no HTTPS support and poor security posture. The absence of privacy and cookie policies, as well as the lack of GDPR compliance indicators, further diminishes the site's trustworthiness and compliance standing. Overall, the site appears inactive or unused for legitimate business purposes, representing a low risk but also low value presence on the internet.

ERGO Versicherung Aktiengesellschaft operates the website das.at, providing legal protection insurance products under the D.A.S. Rechtsschutz brand in Austria. The company is a market leader with a strong reputation, offering services to private individuals, self-employed, and businesses. The website is professionally designed, content-rich, and targets Austrian customers with comprehensive insurance solutions and customer support channels. Technically, the site is built on TYPO3 CMS with modern web technologies and integrates multiple marketing and analytics tools. However, the absence of a valid SSL certificate and HTTPS support significantly weakens the security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. WHOIS data confirms the domain's legitimacy and alignment with the ERGO group. Overall, the website is credible and professional but requires urgent security improvements to protect user data and trust.

A

AVL Cultural Foundation GmbH

avlcf.com

33

AVL Cultural Foundation GmbH is a small, Austria-based cultural foundation dedicated to fostering the intersection of art and science through innovative projects, artistic installations, and interdisciplinary discussions. The organization targets artists, scientists, and cultural enthusiasts, positioning itself as a niche player in the cultural foundation sector. The website is built on Drupal 10 and hosted likely on AWS infrastructure, demonstrating a moderate level of digital maturity with good mobile optimization and accessibility. However, the absence of HTTPS/SSL is a critical security flaw that severely impacts the site's security posture. Privacy and cookie policies are well implemented with a consent mechanism via Cookiebot, reflecting good privacy compliance. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is professional but requires urgent security improvements.

V

VRVis GmbH

vrvis.at

29

VRVis GmbH is Austria's largest research institution specializing in Visual Computing, integrating Artificial Intelligence and Simulation to address complex data-driven challenges. With 25 years of experience and strong industry collaborations, VRVis offers research, tailored products, and consulting services primarily targeting industrial and scientific audiences. The website is professionally designed, multilingual, and content-rich, reflecting a mature digital presence. Technically, the site runs on TYPO3 CMS with Matomo analytics, demonstrating a modern but self-managed infrastructure. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is minimal, lacking cookie consent mechanisms and explicit GDPR indicators. Overall, VRVis presents a credible and trustworthy business profile but requires urgent improvements in security and privacy practices to align with modern standards.