Security Directory

I

IXOPAY GmbH

ixopay.com

56

IXOPAY GmbH is a medium-sized enterprise based in Austria specializing in enterprise payment orchestration and tokenization solutions. The company offers a comprehensive platform designed to improve authorization rates, streamline PCI compliance, and unify payment data for merchants and enterprises globally. Their business model focuses on providing modular payment services and connectivity to multiple payment processors, targeting B2B clients in finance and technology sectors. The website demonstrates strong branding consistency, professional content, and trust indicators such as client testimonials and social media presence. Technically, the website leverages modern JavaScript technologies, integrates third-party services like Sentry for error tracking, ChiliPiper for lead routing, and TokenEx for tokenization. It is hosted behind Cloudflare, which provides DNS and CDN services. However, performance is currently slow, and accessibility is basic. SEO optimization is good with proper meta tags and structured data. From a security perspective, while the website implements several important HTTP security headers and secure cookie attributes, it suffers from a critical SSL/TLS misconfiguration with no valid certificate and no enabled TLS protocols. This severely impacts the security posture and trustworthiness of the site. Privacy compliance is generally good with a comprehensive privacy policy and GDPR indicators, but no explicit cookie consent mechanism was detected. Overall, IXOPAY presents a professional and credible business front with strong technical foundations but requires urgent remediation of SSL/TLS issues to ensure secure and trusted operations. Strategic improvements in performance and privacy consent mechanisms would further enhance their digital maturity.

T

THE LÄB - How to LÄND and EXPÄND in Germany

the-laeb.de

40

THE LÄB is a technology-focused startup accelerator based in Karlsruhe, Germany, serving as the international orientation of the CyberLab Startup Accelerator. It supports startups primarily in the IT sector with mentoring, networking, and market entry assistance, targeting international entrepreneurs aiming to establish and expand in Germany, especially in the Baden-Württemberg region. The website is built on Squarespace and hosted by Squarespace, featuring a professional design and good content quality. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are partially implemented, but modern TLS protocols and advanced security features are missing. Privacy compliance is addressed with a privacy policy and cookie consent banner, though terms of service and security policies are absent. Contact information is clearly provided, including email, phone, physical address, and an embedded contact form. The site links to multiple partner and supporting organizations, reinforcing its credibility and network strength.

A

Akzo Nobel N.V.

akzonobel.com

72

Akzo Nobel N.V. is a global leader in the manufacturing and distribution of paints and coatings, with a rich history dating back to 1792. The company operates in over 150 countries and manages a portfolio of well-known brands such as Dulux, International, Sikkens, and Interpon. Their business model focuses on providing innovative and sustainable surface solutions to a wide range of industries including manufacturing, energy, and transportation. The website reflects a mature digital presence with comprehensive content aimed at customers, investors, and partners worldwide. Technically, the website is built on Adobe Experience Manager (AEM) and leverages modern web technologies including HTML5, CSS3, JavaScript, and various marketing and analytics tools such as Google Tag Manager and Adobe DTM. Hosting is provided via Amazon AWS infrastructure. While the site is mobile-optimized and accessible, performance is somewhat slow with a load time exceeding 8 seconds, indicating room for optimization. From a security perspective, the site employs HTTPS with a valid SSL certificate, SPF and DMARC email authentication records, and no detected vulnerabilities or subdomain takeover risks. However, security headers like HSTS and OCSP stapling are not enabled, and TLS 1.3 is not supported, suggesting moderate security posture. Privacy compliance is strong with clear privacy and cookie policies and an active consent mechanism, aligning with GDPR requirements. Overall, the website demonstrates a high level of professionalism, trustworthiness, and business credibility. The main risks relate to technical performance and some security hardening opportunities. Strategic recommendations include enhancing SSL configurations, enabling advanced security headers, improving page load times, and maintaining rigorous privacy compliance to sustain trust and regulatory adherence.

U

UnternehmerTUM GmbH

unternehmertum.com

51

UnternehmerTUM GmbH is Europe's largest center for innovation and entrepreneurship, based in Germany, founded in 2002. It supports startups, founders, and companies by providing acceleration, incubation, corporate venturing, and networking services. The website is rich in content, professionally designed, and targets startups, researchers, and innovative companies. Technically, the site uses modern JavaScript frameworks, consent management tools, and analytics but suffers from a critical lack of HTTPS due to an invalid or missing SSL certificate, which severely impacts its security posture. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. Business credibility is high with clear contact information, social media presence, and structured data. Overall, the site is professional and trustworthy but urgently needs to fix its SSL/TLS configuration to improve security and user trust.

N

New Work SE

new-work.se

40

New Work SE is a large technology company focused on shaping the future of work through its portfolio of strong brands including XING, kununu, onlyfy, and InterNations. The company operates primarily in the German-speaking market, providing recruitment, employer branding, and global networking services. Their website reflects a professional and consistent brand image with comprehensive content aimed at professionals and companies seeking talent solutions. Technically, the website uses modern technologies such as Algolia for search, Usercentrics for consent management, and Adobe Analytics for tracking. Hosting is on Amazon AWS infrastructure. Security posture is solid with HTTPS, SPF, and DMARC configured, though improvements like HSTS and OCSP stapling are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is trustworthy and professional, though performance optimization could enhance user experience.

N

net-maxX GmbH

net-maxx.de

40

net-maxX GmbH operates a virtual platform designed for fan communities, leveraging interactive virtual worlds to connect users. The company is a small technology startup based in Germany, founded in 2023, and collaborates with partners such as Telemaxx and agenturserver.de. The website is built on the Ghost CMS platform and demonstrates good content quality and user experience with moderate performance. Security posture is adequate with HTTPS and SPF configured, but lacks advanced TLS features and email security enhancements like DMARC. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professional and trustworthy but could improve in security and privacy areas.

V

Verivox GmbH

verivox.de

40

Verivox GmbH operates a leading independent comparison portal in Germany, offering consumers the ability to compare tariffs across energy, telecommunications, insurance, and finance sectors. Established in 1998, the company has positioned itself as a market leader with multiple awards and a strong reputation for transparency and customer satisfaction. The website provides comprehensive services including tariff comparisons, calculators, and personalized recommendations, supported by a modern technical infrastructure leveraging advanced JavaScript frameworks and third-party analytics and consent management tools. Despite its strong market presence and user-centric design, the site suffers from an invalid SSL certificate, which poses a significant security risk and undermines user trust. The company demonstrates good privacy compliance with clear policies and consent mechanisms, but should address critical security issues promptly to maintain its high credibility and protect user data.

G

Grazer Wechselseitige Versicherung AG

grawe.at

40

Grazer Wechselseitige Versicherung AG (GRAWE) is a well-established Austrian insurance company founded in 1828, offering a broad range of insurance products including private, business, and agricultural insurance, alongside financial services. The company maintains a strong market position in Austria with a large customer base and extensive service network. Their website reflects a mature digital presence with comprehensive content, clear navigation, and multi-language support. Technically, the site is built on TYPO3 CMS, uses modern JavaScript and CDN services, but suffers from slow load times due to high resource count and page size. Security posture is good with valid SSL, strong cipher suites, and proper DNS security records like SPF and DMARC, though improvements such as enabling HSTS and OCSP stapling are recommended. Privacy compliance is robust with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its large enterprise status.

S

St. Regis Boutique

stregisboutique.com

75

St. Regis Boutique is a luxury e-commerce platform offering a curated collection of premium home and lifestyle products associated with the St. Regis brand, part of Marriott International. The website targets affluent consumers and Marriott Bonvoy members seeking exclusive bedding, bath, fragrance, and signature accessories. Technically, the site uses a modern tech stack including Adobe Launch, Google Tag Manager, Salesforce integration, and AWS hosting. While the site is visually appealing and mobile-optimized, performance is somewhat slow due to a large number of resources. Security posture is strong with HTTPS, valid SSL certificates, SPF and DMARC email authentication, and cookie consent mechanisms, though DNSSEC and CAA records are absent. Privacy compliance is well implemented with clear policies and consent banners. Overall, the site demonstrates a mature digital presence with good business credibility and trust indicators.

W

Weiterbildungsportal Saarland

weiterbildungsdatenbank-saar.de

40

Weiterbildungsportal Saarland is a regional educational information platform focused on providing comprehensive resources about continuing education for individuals, companies, and educational providers within the Saarland region of Germany. The platform is supported by governmental and institutional partners, offering detailed course databases, funding information, and thematic content tailored to various user groups. Technically, the website is built on TYPO3 CMS with Bootstrap for responsive design, ensuring good accessibility and user experience. Security-wise, the site employs HTTPS with modern TLS protocols and a valid SPF record, though it lacks some advanced HTTP security headers such as HSTS and DMARC, which are recommended for enhanced protection. The use of Matomo analytics reflects a moderate user tracking approach with privacy compliance in mind. Overall, the site demonstrates a solid balance of content quality, technical implementation, and security posture, positioning it as a trustworthy and professional resource in its domain.

I

IHK Saarland

ihksaarland.de

40

IHK Saarland operates as a regional chamber of commerce and industry serving the Saarland region in Germany. The organization provides a broad range of services including business consulting, education and training, legal and regulatory guidance, and digital services to support local enterprises, founders, and various business stakeholders. The website reflects a well-structured and professional digital presence with comprehensive content tailored to its target audience of businesses and professionals in the region. Technically, the site uses a traditional JavaScript and CSS stack with jQuery libraries and is hosted via epag.net DNS infrastructure. While the site supports modern TLS protocols ensuring secure HTTPS connections, it lacks advanced security headers and DNS security features, indicating room for improvement in its security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and accessible privacy policies. The website is not blocked by any WAF or security challenge, allowing full content access. Overall, the site scores well in business credibility and privacy compliance but could enhance technical and security aspects to improve performance and resilience.

W

Wuppertaler Kreis e.V.

wuppertaler-kreis.de

40

Wuppertaler Kreis e.V. is a well-established German association representing leading providers of corporate continuing education. Founded in 1955, it serves as a key voice for the industry, promoting workforce qualification, innovation, and competitiveness through quality assurance and advocacy. The website reflects a mature organization with a clear focus on education and professional development, targeting companies and training providers in Germany. Technically, the site is built on TYPO3 CMS, hosted via Deutsche Telekom infrastructure, and delivers moderate performance with good mobile optimization. Security posture is basic with a valid SSL certificate but lacks advanced security headers and email protection mechanisms like DMARC. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information and business credibility are well presented, supported by testimonials and partner logos. Overall, the site is professional and trustworthy but could improve in security and privacy practices.

D

DIN

din.one

40

DIN.ONE is a German-based community platform powered by Atlassian Confluence, designed to facilitate expert collaboration on standardization and norming projects. The platform hosts thematic communities, events, and news, targeting professionals engaged in these sectors. Technically, the site leverages Confluence 8.5.21 with a Refined theme, hosted likely on Google Cloud infrastructure. While the site uses HTTPS with modern TLS protocols, it lacks advanced security headers and mechanisms such as HSTS and OCSP stapling, which could enhance its security posture. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the website provides good content quality and business credibility but suffers from slow performance and basic technical implementation.

D

DIN Solutions GmbH

dinsolutions.de

40

DIN Solutions GmbH is a medium-sized technology company operating within the DIN group, specializing in the development and operation of software, platforms, and databases for norming and standardization. The company serves DIN, DIN Media, and their customers and partners by delivering tailored technical solutions and engaging in innovative research and development, including artificial intelligence applications. Their market position is strong within the German norming ecosystem, supported by ISO 9001 certification and partnerships with recognized entities such as TÜV Rheinland. Technically, the website employs modern technologies including MarkLogic NoSQL database, X-Swift framework, and Swift programming language for transformation processes. The site is well-designed, mobile-optimized, and uses etracker for analytics. Performance is moderate with a page load time of about 3 seconds. However, the SSL certificate is nearing expiration, and security headers are minimal, indicating room for improvement in security hardening. Security posture is adequate with HTTPS, SPF, and DMARC configured, but lacks HSTS, DNSSEC, and advanced security headers. No vulnerabilities or malware were detected, but urgent SSL renewal is needed to maintain trust and secure communications. Privacy compliance is good with a comprehensive privacy policy and GDPR adherence, though no cookie consent mechanism was found. Overall, the website is professional and trustworthy with strong business credibility. Strategic recommendations include immediate SSL renewal, enhancing security headers, implementing DNSSEC and CAA, and adding cookie consent mechanisms to improve privacy compliance and security posture.

V

VCxray Inspection Services GmbH - X-ray inspection, testing services

xray-testing.com

30

The website xray-testing.com is currently inaccessible due to an HTTP 500 server error, which prevents normal content delivery. The site appears to host an offline dinosaur game script but lacks any meaningful business or contact information. The technical infrastructure supports modern TLS protocols but lacks important security features such as HSTS, OCSP stapling, and DNSSEC. No privacy, cookie, or terms of service policies are present, indicating poor compliance posture. Overall, the site is minimal, with poor content quality and limited technical maturity, resulting in a low trust and security rating.

N

news aktuell

zimpel.de

40

Zimpel.de is a German PR software and media database platform operated as a product of news aktuell, a subsidiary of the German Press Agency (dpa). The website targets PR professionals and media relations specialists by providing tools for managing journalist contacts and media distribution lists. The business model is SaaS-oriented, focusing on the media and public relations sector within Germany. The site content is minimal and primarily driven by JavaScript, with no visible contact or policy pages on the main HTML content. Technically, the site uses nginx as the web server and employs modern TLS protocols (TLS 1.2 and 1.3) with a valid SSL certificate. DNS hosting is managed by Colt, and email services are routed through news aktuell mail servers. Security headers are present but some are misconfigured or only in report-only mode, such as the Content Security Policy and X-XSS-Protection header. No DMARC record is configured, which is a gap in email security. No privacy or cookie policies are found, indicating low privacy compliance. Overall, the site demonstrates a moderate security posture but lacks transparency and completeness in privacy and contact information.

I

IBM

trusteer.com

65

IBM Trusteer is a comprehensive suite of cloud services and endpoint software designed to enhance fraud detection, risk assessment, and user authentication across digital channels. Positioned as a key component of IBM's security portfolio, Trusteer leverages AI, machine learning, and a global intelligence network to provide real-time risk insights and fraud prevention capabilities. The website reflects IBM's enterprise-grade approach with detailed product offerings, case studies, and strong branding consistency. Technically, the site is built on Adobe Experience Manager and hosted on AWS infrastructure, integrating advanced marketing and analytics tools such as Adobe Analytics and Adobe Target. While the security posture is solid with TLS 1.2 and strong cipher suites, there are opportunities to improve HTTPS security by enabling HSTS, OCSP stapling, and DNS security features. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates a mature digital presence with high professionalism and trustworthiness, suitable for enterprise customers in finance, healthcare, and technology sectors.

S

Sheltr

sheltr.eu

40

Sheltr is a technology company specializing in compliance solutions for privacy-focused businesses, offering leading whistleblower and data discovery platforms. Their services target HR, compliance, and GDPR teams, helping organizations comply with regulations such as GDPR and the EU Whistleblower Directive. The company positions itself as a trusted provider with a user-friendly SaaS model, including free and paid offerings. Technically, Sheltr employs a modern web stack based on the Astro framework, integrates Piwik Pro for analytics, and uses Cookie Information for consent management. The site is hosted on Azure DNS with valid TLS certificates, supporting modern protocols like TLS 1.3. Security posture is solid with SPF and DMARC records, but could be improved by enabling HSTS, DNSSEC, and additional security headers. Privacy compliance is well addressed with comprehensive privacy and cookie policies and a consent mechanism. Overall, the website is professional, well-branded, and trustworthy, with good content quality and user experience. No critical security issues or blocking mechanisms were detected.

D

DWS

deutscheliquidity.com

55

The website deutscheliquidity.com appears to be related to financial services, specifically liquidity management and money market funds, as indicated by references to DWS and liquidity management product literature URLs. However, the site content is minimal with no visible privacy policies, contact information, or detailed business descriptions. The technical infrastructure is based on modern JavaScript frameworks such as Nuxt.js, but suffers from poor performance and lack of HTTPS security. The absence of a valid SSL certificate and lack of security headers represent critical vulnerabilities that significantly reduce the site's trustworthiness and security posture. Overall, the site demonstrates low digital maturity and poor privacy compliance, which could negatively impact user trust and regulatory adherence.

C

CERTQUA GmbH

certqua.de

40

CERTQUA GmbH is a medium-sized German certification body specializing in certifications and accreditations for education and labor market organizations, including ISO 9001, ISO 21001, and AZAV. Founded in 1994, it holds accreditations under ISO 17021 and ISO 17065 and offers a comprehensive range of services including certification, training seminars, and a digital service center platform. The website is professionally designed, content-rich, and well-structured, targeting education providers and related stakeholders. Technically, the site uses modern web technologies and is hosted on Hetzner, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS and valid certificates but lacks some best practices such as HSTS, OCSP stapling, DMARC, and DNSSEC. Privacy compliance is well addressed with clear cookie consent and privacy policies. Contact information and social media presence enhance business credibility. Overall, the site reflects a mature digital presence with room for security improvements.

J

Just a moment...

crunchboard.com

30

The website crunchboard.com is currently inaccessible due to a Cloudflare security challenge page that blocks access to actual content. The page served is a minimal interstitial requiring JavaScript and cookies to proceed, indicating a WAF protection mechanism is active. No business-related content, metadata, or contact information is available for analysis. The SSL configuration is basic with HTTPS enabled but lacks advanced features such as HSTS and OCSP stapling. DNSSEC is disabled and CAA records appear malformed. The site uses Cloudflare for hosting and security, with Cloudflare Insights for minimal analytics. Due to the blocking, the overall content quality and business credibility cannot be assessed, resulting in a low AI score. Strategic recommendations include disabling or properly configuring the WAF challenge for public access, adding privacy and cookie policies, and publishing business contact information to improve trust and compliance.

C

Christian Doppler Laboratory CDL-BOT

cdl-bot.at

40

The Christian Doppler Laboratory CDL-BOT is a research-focused institution specializing in blockchain technologies for the Internet of Things. It operates as a collaboration between academic institutions TU Hamburg and TU Wien, supported by Austria's Federal Ministry for Digital and Economic Affairs and industrial partners such as Pantos and the IOTA Foundation. The laboratory aims to advance Distributed Ledger Technologies to be practical and effective for IoT applications, including secure data exchange and payment mechanisms. The website reflects a professional research entity with clear academic and industrial partnerships but lacks direct contact information and comprehensive privacy or security policies. Technically, the website is built using modern web technologies including React and Next.js, providing a good user experience and mobile optimization. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. The DNS setup is standard but lacks advanced security features such as DNSSEC and CAA records. Performance is moderate with a page load time of approximately 4 seconds. Security-wise, the site does not implement essential best practices such as HTTPS, HSTS, or security headers, and lacks vulnerability disclosure or incident response information. Privacy compliance is minimal with a basic privacy policy present but no cookie consent mechanism or GDPR compliance statements. Overall, the site is functional and informative but requires urgent improvements in security and privacy to meet modern standards. Strategic recommendations include immediate deployment of a valid SSL certificate, enabling HTTPS, implementing security headers, adding cookie consent mechanisms, and publishing comprehensive security and privacy policies to enhance trust and compliance.

O

on-geo GmbH

lora.de

40

on-geo GmbH operates a suite of geospatial data service portals including LORA and Geoport, targeting professional users in real estate and related sectors primarily in Germany. The website serves as a secure login gateway for multiple branded services, providing access to geospatial data, consulting, and training. The technical infrastructure is based on Microsoft technologies with ADFS for authentication, delivering a fast and functional user experience with basic mobile optimization. Security posture is strong with HTTPS, modern TLS protocols, and multiple security headers, though improvements are recommended in HSTS configuration and email domain security. Privacy compliance is partial with a privacy policy present but lacking cookie consent mechanisms. Overall, the site demonstrates good business credibility and technical maturity with room for enhancements in privacy and security best practices.

1

11FREUNDE

11freunde.de

40

11FREUNDE is a well-established German digital magazine focused on football culture, providing comprehensive news, live tickers, video content, and subscription services. The website demonstrates a mature digital infrastructure with modern JavaScript frameworks, responsive design, and extensive content catering to football enthusiasts. However, the absence of a valid SSL/TLS certificate significantly impacts the site's security posture, exposing users to potential risks. While privacy and cookie policies are comprehensive and GDPR compliant, the lack of HTTPS and related security best practices are critical vulnerabilities. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

I

iF Design

ifdesign.com

71

iF Design is a globally recognized organization that hosts the prestigious iF DESIGN AWARD, established in 1953. The company operates a comprehensive digital platform showcasing award winners, design trends, and community engagement for designers, architects, and companies worldwide. Their market position is strong within the design industry, offering key services such as design competitions, trend reports, and networking opportunities. Technically, the website is built on modern React and Gatsby frameworks, hosted on Microsoft Azure, with a valid SSL certificate and standard security configurations. However, performance is somewhat slow, and security headers could be enhanced. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates a professional and trustworthy presence with moderate tracking and marketing tools integrated.

C

Coral

coral.com.br

53

Coral is a prominent Brazilian paint brand operating under the parent company AkzoNobel. The website serves as a comprehensive platform offering paint products, color inspiration tools, and professional services such as painter finders and online shopping. Technically, the site is built on Adobe Experience Manager and integrates modern marketing and analytics tools like Google Tag Manager and OneTrust for cookie consent. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. While privacy and cookie policies are well implemented and GDPR compliant, the lack of security headers and email domain protections like DMARC present vulnerabilities. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

K

Kommo

kommo.com

65

Kommo is a technology company offering a cloud-based CRM platform focused on conversational sales through messaging apps such as WhatsApp, Instagram, Telegram, and SMS. The platform targets small to medium-sized businesses and entrepreneurs, providing tools like customizable sales pipelines, unified chat inbox, sales automation bots, and AI-powered chat management. Kommo positions itself as a leading CRM solution for messaging-based sales with a strong emphasis on user experience and integration capabilities. Technically, the website is built on modern JavaScript frameworks, uses Cloudflare for hosting and CDN, and integrates multiple marketing and analytics tools. However, a critical security issue is the invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy and compliance are well addressed with comprehensive policies and GDPR adherence. Overall, Kommo presents a professional and trustworthy online presence but must urgently fix SSL/TLS issues to ensure secure user interactions.

C

Cyncly

rfms.com

64

Cyncly operates a specialized ERP software platform, RFMS ERP, tailored for the flooring industry. The company offers a comprehensive suite of business management tools including accounting, inventory, order entry, sales reporting, and mobile applications. Positioned as an industry-focused ERP provider, Cyncly targets flooring businesses, builders, and retailers with flexible subscription models and hosted solutions. The website demonstrates a professional and consistent brand presence with good content quality and clear navigation. Technically, the site leverages modern JavaScript frameworks and integrates multiple marketing and analytics tools, hosted behind Cloudflare DNS services. Security posture is adequate with valid SSL and SPF records, but improvements are recommended such as enabling HSTS, DNSSEC, and stricter DMARC policies. Privacy compliance is supported by a comprehensive privacy policy and cookie consent mechanism. Overall, the website is well-structured and trustworthy, supporting extensive user tracking for marketing and analytics purposes.

C

Cyncly

mozaiksoftware.com

64

Mozaik Software, operated by Cyncly, provides specialized CNC software solutions tailored for the bespoke cabinet manufacturing industry. Their product suite includes Mozaik Manufacturing™, Mozaik CNC™, and Mozaik Enterprise™, each targeting different levels of manufacturing complexity and CNC integration. The company positions itself as a flexible, subscription-based software provider with strong industry knowledge and local support. Their website reflects a professional and consistent brand image with clear product offerings and pricing. Technically, the site leverages modern JavaScript frameworks and integrates multiple analytics and marketing tools, hosted primarily via Cloudflare with monitoring through Microsoft Azure. Security posture is adequate with valid SSL and SPF records but lacks advanced HTTP security headers and DMARC, which are recommended for enhanced protection. Privacy compliance is well addressed with visible privacy and cookie policies and consent mechanisms. Overall, the website is content-rich and trustworthy but could improve performance and security hardening.

S

Secure Mailgate

secure-mailgate.com

67

Secure Mailgate operates as a specialized provider of secure email gateway services, focusing on secure login and email domain management primarily targeting business users requiring secure email access. The website is functional and accessible, featuring a login form and multilingual support but lacks comprehensive public-facing content such as privacy policies, terms of service, or contact information. Technically, the site uses standard web technologies including JavaScript and CSS, hosted on infrastructure associated with Cloudpit. Performance is moderate with a relatively small page size and acceptable load times. From a security perspective, the site enforces HTTPS with modern TLS protocols (1.3 and 1.2) and a valid wildcard SSL certificate, but lacks advanced security features such as HSTS, OCSP stapling, DNSSEC, and DMARC records. No security headers are detected, and no vulnerability disclosures or incident response contacts are publicly available. This indicates a basic security posture with room for significant improvement to enhance email domain protection and overall site security. Overall, the website presents a basic but functional digital presence with limited transparency on privacy and security policies. The lack of contact information and policy documents may impact user trust and compliance with data protection regulations. Strategic improvements in security configuration, policy publication, and user communication are recommended to strengthen the company's market position and compliance posture.

H

Hund

hundstat.us

50

Hund.io operates a status page at hundstat.us providing real-time and historical operational status for its services including website, DNS, GitLab, and platform components. The site targets users and customers who require transparency on service availability and performance. The business model centers on operational monitoring and status reporting, positioning Hund.io as a technology service provider in the monitoring niche. The website content is professional and consistent with the brand, but lacks comprehensive business and compliance information. Technically, the site is hosted on AWS infrastructure with DNS managed partly by AWS and Hurricane Electric. The technology stack includes standard web technologies with Google Analytics and Google Tag Manager for tracking. However, the site suffers from slow performance and lacks modern optimizations such as full mobile responsiveness and accessibility features. From a security perspective, the site has critical weaknesses including an invalid or missing SSL certificate, absence of HTTPS, no security headers, and no DNSSEC or CAA records. These issues significantly reduce the security posture and expose users to risks. Additionally, there is no evidence of privacy compliance, incident response policies, or contact information for security matters. Overall, the site presents moderate business credibility but requires urgent improvements in security and privacy compliance to reduce risk and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling HTTPS, implementing security headers, and publishing privacy and security policies.

P

ProSiebenSat.1 Welt

prosiebensat1welt.de

40

ProSiebenSat.1 Welt was a German Pay TV channel operated under the ProSiebenSat.1 media group, offering entertainment content including TV programs, films, and series. The channel ceased operations at the end of 2023 after nearly two decades. The website serves primarily as an informational and redirect portal to partner channels and provides compliance and legal information. Technically, the site is built using modern web technologies including Next.js and React, hosted likely on AWS infrastructure, and uses Contentful as a CMS. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support, which severely impacts security posture and user trust. No advanced security headers or TLS protocols are enabled, and DNSSEC is not configured. Privacy compliance is addressed with a privacy policy and cookie consent mechanism, but no direct contact information or incident response details are provided. Overall, the site is functional and professionally designed but requires urgent security improvements to protect users and maintain credibility.

J

Joyn

joyn.at

40

Joyn.at is a regional streaming media platform targeting German-speaking users in Austria, Germany, and Switzerland. The service offers video content with geo-restrictions limiting access outside these countries. The website is built using modern web technologies including Next.js and React, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Privacy and cookie policies are present, indicating some compliance with GDPR requirements, but no explicit security or incident response policies are found. Overall, the site provides a professional user experience but requires significant improvements in security posture to protect user data and enhance trust.

O

ottonova Krankenversicherung AG

ottonova.de

40

Ottonova Krankenversicherung AG is a digitally advanced private health insurance provider based in Germany, founded in 2015. The company offers a range of private health insurance products including full coverage, supplementary dental and hospital insurance, and corporate health insurance, all delivered through a modern app-based platform. Ottonova positions itself as an innovative market player with high customer satisfaction and multiple industry awards. Technically, the website is built on Craft CMS and hosted on AWS infrastructure, employing modern JavaScript frameworks and consent management tools. However, a critical security issue is the lack of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy policies and cookie consent mechanisms are comprehensive and GDPR compliant. Overall, the website demonstrates strong business credibility and user experience but requires urgent security improvements to protect user data and maintain trust.

M

Mpirical

mpirical-lms.com

53

Mpirical LMS is an educational technology platform providing a Moodle-based learning management system primarily targeting educational institutions and learners. The platform integrates Microsoft 365 for user authentication and incorporates video content via Vimeo, indicating a focus on multimedia learning experiences. The business operates a niche SaaS model within the education sector, with a relatively small scale and basic public-facing content. Technically, the website is built on Moodle with YUI JavaScript libraries and uses OAuth2 for authentication. However, the site suffers from significant performance issues with a slow load time and lacks modern SEO and accessibility optimizations. The absence of a valid SSL certificate and HTTPS implementation is a critical security flaw, exposing users to potential data interception risks. The site also lacks essential security headers and cookie consent mechanisms, which further weakens its security posture and privacy compliance. From a security perspective, the platform shows minimal adherence to best practices. The lack of HTTPS, no HSTS, no DNSSEC, and missing DMARC reporting emails are notable vulnerabilities. No incident response or security policy information is publicly available, and no certifications or vulnerability disclosure policies are evident. These gaps present risks to user data protection and regulatory compliance. Overall, the website's risk profile is elevated due to poor security configurations and slow performance. Strategic improvements in SSL deployment, security headers, privacy compliance, and performance optimization are recommended to enhance trustworthiness and protect user data effectively.

C

canadianlawyer.ca

canadianlawyer.ca

60

The website canadianlawyer.ca is currently a parked domain with no active business content or services. It primarily serves advertisements through Bodis and Google Adsense, indicating a business model focused on domain parking and monetization rather than providing legal or media services. The site lacks any identifiable company information, contact details, or social media presence, limiting its engagement with users and potential clients. Technically, the site is hosted via Bodis nameservers and does not employ modern security measures such as SSL/TLS encryption, DNSSEC, or security headers, resulting in a low security posture. Performance is suboptimal with a slow page load time and minimal mobile optimization. Privacy compliance is minimal, with a privacy policy page present but no cookie consent mechanism or GDPR compliance indicators. Overall, the site presents a low-trust, low-engagement profile with significant room for improvement in security, user experience, and business transparency.

B

Berenberg

berenberg-us.com

60

Berenberg is a historic and well-established financial institution founded in 1590 in Hamburg, Germany. It operates globally with a strong presence in Europe and the USA, offering a broad range of financial services including investment banking, corporate banking, asset management, and fund management. The company is positioned as a leading advisor in Europe with a large equity research team covering over 800 European companies. Technically, the website employs modern web technologies and structured data to enhance SEO and user experience. However, the berenberg-us.com domain currently lacks a valid SSL certificate and modern TLS support, which poses a significant security risk. The company demonstrates good compliance with GDPR and cookie consent regulations, and maintains a comprehensive privacy and security policy. Overall, Berenberg shows a mature digital presence but should urgently address its SSL/TLS configuration to improve security posture and trust.

B

BHW Bausparkasse AG

bhw-partner.de

55

BHW Bausparkasse AG operates the BHW Partner portal, a dedicated platform for partners and financial advisors offering building savings and financing products in Germany. The website provides product information, tools, forms, and partner support services, positioning itself as a key player in the German finance sector specializing in Bausparen and Baufinanzierung. The site is professionally designed with consistent branding and good content quality, targeting financial partners and advisors. Technically, the website is built on Adobe Experience Manager CMS and integrates Webtrekk analytics for user tracking. However, the site currently lacks a valid SSL certificate and modern TLS configurations, which is a significant security concern. The presence of strong SPF and DMARC policies indicates good email security practices. Overall, the security posture is basic with room for improvement in SSL/TLS deployment and security headers. The website complies with GDPR and provides clear privacy and cookie policies with consent mechanisms. Strategic recommendations include upgrading SSL/TLS, enabling HSTS, and enhancing DNS security to improve trust and compliance.

The website phonetrack.com currently serves an error page indicating that the site did not send any data. There is no visible business information, metadata, or structured data to describe the company or its services. The embedded scripts are primarily related to the Chrome offline dinosaur game, suggesting no active business content is served. The technical infrastructure shows multiple IP addresses but lacks proper DNS records such as MX or NS, and critically, the site does not have a valid SSL certificate or HTTPS enabled, exposing it to security risks. Performance is poor with a very slow load time and no content delivered. No privacy, cookie, or terms of service policies are present, and no contact or social media information is available. Overall, the site is non-functional from a business and security perspective.

C

commercetools GmbH

commercetools.com

67

commercetools GmbH is a leading enterprise-grade commerce platform provider specializing in versatile solutions for B2B, B2C, and omnichannel commerce. The company offers a comprehensive suite of services including commerce platform capabilities, solution hubs, payment and AI hubs, premium support, and expert services. Recognized by top analyst firms such as Gartner and IDC, commercetools holds a strong market position with a global enterprise customer base and a robust partner ecosystem. Their platform is designed to empower enterprises with flexibility, scalability, and innovation acceleration. Technically, commercetools leverages modern JavaScript frameworks, cloud hosting on Amazon AWS, and integrates advanced marketing and analytics tools such as Google Tag Manager, VWO, and OneTrust for cookie consent management. The website demonstrates good performance and mobile optimization, with a consistent and professional design that supports a seamless user experience. The technical infrastructure supports extensive tracking and analytics while maintaining compliance with privacy regulations. From a security perspective, commercetools employs a valid SSL certificate, SPF and DMARC email authentication policies, and uses OneTrust for managing cookie consent, indicating a mature approach to data privacy and security. However, there is room for improvement in enabling HSTS, DNSSEC, and additional security headers to enhance protection against common web threats. No critical vulnerabilities or subdomain takeover risks were detected. Overall, commercetools presents a strong digital presence with a secure and compliant infrastructure, well-aligned with enterprise needs. Strategic recommendations include enhancing transport security with HSTS, implementing DNSSEC, and publishing a vulnerability disclosure policy to further strengthen trust and security posture.

A

Alfahosting GmbH

alfahosting.de

60

Alfahosting GmbH is a well-established German web hosting provider founded in 1999, offering a broad range of hosting services including webhosting, domains, servers, reseller hosting, and office products such as Microsoft 365. Positioned as a market leader with multiple awards and a strong customer satisfaction rating, Alfahosting targets both beginners and professional users in Germany. Their infrastructure is hosted in Germany, emphasizing security, availability, and green IT initiatives. Technically, the website uses modern JavaScript libraries and tracking tools, with a custom CMS and a moderate performance profile. Security posture is good with strong TLS configuration and SPF/DMARC email protections, but lacks DNSSEC, HSTS, and OCSP stapling, which are recommended for improvement. The company demonstrates GDPR compliance with a comprehensive privacy policy and cookie consent mechanism. Overall, Alfahosting presents a professional, trustworthy, and customer-focused digital presence with room for security enhancements.

H

Hund, LLC.

hund.io

71

Hund, LLC. operates a hosted status page and monitoring service platform designed to help organizations monitor their services and communicate incidents effectively. Positioned as a trusted provider for universities, Fortune 500 companies, and smaller enterprises, Hund offers a subscription-based SaaS model with a free trial and a straightforward pricing plan. Their key services include automated status pages, multi-channel notifications, rich metrics, and customizable branding with API access. Technically, the website is hosted on AWS infrastructure, uses modern TLS protocols, and integrates JavaScript libraries including jQuery and Google Tag Manager. Performance is somewhat slow with a large page size and many resources, but mobile optimization and user experience are good. Security posture is solid with strong TLS configuration and SPF/DMARC email protections, though improvements are needed in DNSSEC, CAA records, HSTS, and certificate transparency compliance. The site lacks a cookie consent mechanism despite using tracking tools. Overall, Hund demonstrates a mature digital presence with room for security enhancements and privacy compliance improvements.

S

Ströer

plakate-buchen.de

57

Plakate-Buchen.de is an online advertising booking platform operated by Ströer, focusing on poster and campaign advertising across Germany. The platform offers access to over 300,000 advertising locations with daily updated availability and convenient online payment options, targeting businesses seeking to promote their stores or campaigns locally. The website is primarily in German and provides a phone contact for customer inquiries but lacks visible email contacts or terms of service. Technically, the site runs on an Apache server with modern TLS protocols (TLS 1.3 and 1.2) and uses Google Tag Manager for analytics and tracking. Security headers such as Strict-Transport-Security and X-Content-Type-Options are present, but improvements are needed in HSTS configuration, OCSP stapling, DMARC, DNSSEC, and certificate transparency compliance. The site implements cookie consent with express consent type, aligning with basic GDPR requirements but lacks comprehensive privacy and security policies. Overall, the platform demonstrates a moderate security posture with room for enhancement in email security and transport layer protections.

ProSieben is a leading German media and entertainment company providing live TV streaming, video on demand, and news content primarily targeting German-speaking audiences. The website demonstrates a mature digital presence with a modern tech stack including Next.js and React, delivering rich multimedia content and a well-structured user experience. Security posture is solid with strong TLS configurations and SPF email protections, though improvements in HSTS, OCSP stapling, and DNSSEC could enhance security further. Privacy compliance is well addressed with a consent management platform and comprehensive policies. Overall, ProSieben maintains a high level of professionalism and trustworthiness in its online presence.

P

ProSiebenSat.1 Media SE

commerceandventures.com

48

Commerce & Ventures is the investment business of ProSiebenSat.1 Media SE, focusing on supporting consumer-oriented start-ups and growth companies through a combination of media-for-equity, media-for-revenue, minority, and majority investments. The company leverages the extensive media reach of the ProSiebenSat.1 Group to build brand awareness and accelerate growth for its portfolio companies. Technically, the website is built on modern frameworks such as Next.js and React, hosted on AWS, and integrates marketing and tracking tools like Google Tag Manager. Security posture is adequate with support for TLS 1.2 and 1.3 and no major vulnerabilities detected, but lacks some best practices like HSTS and OCSP stapling. Overall, the site is professional, well-branded, and provides comprehensive information about its investment activities and portfolio. However, direct contact information and explicit security policies are not prominently available, which could be improved to enhance trust and compliance.

S

SevenVentures

sevenventures.de

52

SevenVentures is a strategic media investment arm of ProSiebenSat.1 Media SE, specializing in minority equity investments and media cooperations for established digital B2C companies. Their business model leverages media assets to accelerate growth and brand awareness in the German and Austrian markets. The website demonstrates a mature digital infrastructure using modern web technologies such as Next.js and integrates marketing and tracking tools like Google Tag Manager and trkkn.com. Security posture is solid with TLS 1.3 support and valid SPF records, though improvements such as enabling HSTS, DNSSEC, and DMARC would enhance protection. Overall, SevenVentures presents a professional and trustworthy online presence aligned with its market position as a leading media investor.

B

Bundesverband Green Software e. V.

bundesverband-green-software.de

52

Bundesverband Green Software e. V. is a German non-profit association dedicated to promoting sustainable and resource-efficient software development practices in Germany. The organization focuses on advancing green software standards, tools, training, and policy advocacy to reduce the ICT sector's carbon footprint. Their market position is that of a leading national association in the green software domain, targeting companies and digital actors interested in sustainability. The website content is well-aligned with their mission and audience, providing information on initiatives, working groups, events, and membership opportunities. Technically, the website employs modern web technologies including Tailwind CSS and JavaScript libraries such as Marquee3k, hosted behind Cloudflare DNS and leveraging email infrastructure from Scaleway and Outlook. While the site is responsive and optimized for mobile devices, performance is somewhat slow with a load time of nearly 7 seconds. SEO practices are good, but accessibility is basic. No CMS or advanced frameworks are detected. From a security perspective, the site has a valid SSL certificate (though with suspicious validity dates), SPF and DMARC records configured, but lacks advanced security headers like HSTS or DNSSEC. There is no visible security policy, incident response contact, or vulnerability disclosure mechanism. Privacy compliance is supported by a comprehensive privacy policy, but no cookie consent mechanism is present. The security posture is moderate with room for improvement in email security policies and HTTPS hardening. Overall, the website and organization present a trustworthy and professional front for their green software advocacy mission. Strategic improvements in security headers, DNS security, and transparency around incident response would enhance their security maturity and stakeholder confidence.

E

Elo Criativo

elocriativo.com.br

56

Elo Criativo is a small Brazilian design and web strategy agency specializing in branding, web design, and graphic design services. The company targets businesses seeking to improve their digital presence through well-crafted design and web solutions. Their market position is that of a niche service provider with a portfolio showcasing diverse projects. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, Foundation, and various JavaScript libraries. The hosting is managed via Cloudez nameservers. Performance is moderate with a page load time of approximately 5.8 seconds and a page size of about 200KB. Security posture shows a valid SSL certificate but lacks advanced configurations such as HSTS, DNSSEC, and security headers. SPF and DMARC records are configured but with a relaxed DMARC policy. Analytics usage includes Google Analytics, Google Tag Manager, and RD Station, indicating moderate user tracking but no visible privacy or cookie policies, which is a compliance gap. Overall, the website is professional and functional but could improve security and privacy compliance to enhance trust and reduce risk.

A

Agência De Conteúdo Estratégico | FonteMidia Digital

fontemidiadigital.com.br

60

The website fontemidiadigital.com.br currently serves an error page indicating HTTP ERROR 429, which suggests the server is rate limiting or blocking access. The site lacks any visible business content, metadata, or contact information, and appears to be hosted on Wix with invalid SSL configuration. Technically, the site uses LitElement and Canvas API but suffers from slow performance and poor optimization. Security posture is weak due to missing SSL certificate, lack of security headers, and absence of DNSSEC and DMARC records. Overall, the site is not compliant with common privacy or security standards and provides no user or business trust signals.

I

Início | Streaming Academy Abotts

streamingacademy.com.br

60

The website streamingacademy.com.br currently serves an error page indicating HTTP ERROR 429, which suggests that the site is either rate-limited or temporarily blocked. The site lacks any visible business or contact information, privacy or cookie policies, or terms of service. Technically, the site uses modern JavaScript technologies including LitElement and web components, but the overall page content is minimal and does not provide business context or user engagement features. The SSL configuration is basic but supports strong TLS protocols without known vulnerabilities. However, security best practices such as HSTS, OCSP stapling, and DNSSEC are not implemented, which could be improved to enhance security posture. No analytics, advertising, or tracking technologies are detected, indicating minimal user tracking. Overall, the site appears to be in a limited or error state with poor content and minimal security and compliance features.