Security Directory

x-tention is a medium-sized Austrian IT company specializing in comprehensive IT solutions for the healthcare and social sectors. Founded in 2001 and part of the xt Unternehmensgruppe, it offers consulting, software development, data science, managed services, and cybersecurity. The company targets healthcare providers and social organizations, emphasizing innovative and secure digital health solutions. The website is professionally designed, content-rich, and well-structured, supporting multiple languages and providing clear contact and support channels. Technically, the site uses Drupal 10 and modern web technologies, but suffers from critical security issues due to the absence of a valid SSL certificate and HTTPS support, severely impacting its security posture. Privacy compliance is strong with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the business credibility is high, but urgent improvements in SSL/TLS implementation are needed to secure user data and trust.

V

Verlag Österreich

verlagoesterreich.at

24

Verlag Österreich is a specialized legal publisher based in Austria, offering a comprehensive range of legal literature including books, eBooks, journals, and commentaries. The website targets legal professionals, academics, students, and institutions, providing an e-commerce platform for purchasing legal publications. The business is well-established with a consistent brand presence and a professional digital footprint. Technically, the website uses a modern tech stack including Apache, jQuery, and a proprietary CMS (Datamints), with good mobile optimization and accessibility features. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines the site's security posture. Security headers are present but cannot compensate for the lack of encryption. Privacy and cookie policies are comprehensive and GDPR compliant, and the site employs Google Tag Manager for analytics and marketing. Overall, the site is professional and trustworthy but urgently needs to address its SSL/TLS configuration to ensure secure user interactions.

K

Kreisel Electric GmbH

kreiselelectric.com

21

Kreisel Electric GmbH is a medium-sized Austrian company specializing in advanced battery technology and high-voltage battery systems for electrification projects across commercial, marine, off-highway, and motorsport sectors. The company leverages patented immersion cooling technology to deliver high safety, performance, and longevity in their products. Their market position is strengthened by strategic partnerships with industry leaders such as BASF and Allego, reflecting a commitment to sustainability and innovation. The website is professionally designed, content-rich, and targets B2B customers seeking electrification solutions. Technically, the site is built on WordPress with modern SEO and marketing tools like Google Tag Manager and OneTrust for cookie consent. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to potential risks. Privacy compliance is addressed through comprehensive policies linked to Deere & Company, indicating a strong privacy posture. Contact information is clearly provided, enhancing business credibility. Overall, while the business and technical maturity are solid, urgent improvements in security infrastructure are recommended.

P

perma-tec

perma-tec.com

30

perma-tec is a globally recognized leader in manufacturing automatic lubrication systems, offering innovative and reliable solutions that reduce maintenance costs and prevent equipment failures. Their product portfolio includes single- and multi-point lubrication systems, connected solutions like perma CONNECT, and comprehensive services such as installation and technical training. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support. Technically, the site is built on the Flow Framework and Neos CMS, with Apache hosting and uses Matomo for analytics, indicating a privacy-conscious approach. However, the absence of a valid SSL certificate and HTTPS support is a significant security vulnerability, exposing users to risks and undermining trust. Security headers are partially implemented, but the lack of TLS protocols and cipher suites further weakens the security posture. Privacy policies and cookie consent mechanisms are present and comprehensive, supporting GDPR compliance. Overall, the site is content-rich and business credible but requires urgent security improvements to protect users and enhance trust.

BEST - Bioenergy and Sustainable Technologies GmbH is a medium-sized Austrian research organization specializing in sustainable bioenergy technologies. The company focuses on developing biomass-based biorefineries, digital methods for energy systems, and sustainable supply and value chains. Their market position is that of a technological leader and research center in Austria and Central Europe, serving research institutions, industry partners, and policymakers. The website provides comprehensive information on projects, publications, and company offices, targeting stakeholders interested in renewable energy and bioeconomy. Technically, the website uses a CakePHP CMS with Bootstrap and common JavaScript libraries but lacks HTTPS, which is a critical security gap. The site is mobile-optimized and has good content quality and navigation but suffers from slow performance and basic SEO and accessibility. Security posture is weak due to missing SSL/TLS and modern security headers, though session cookies are set with secure flags and X-Frame-Options is enabled. Privacy compliance is basic with a cookie consent banner and a privacy policy PDF in German. Contact information is clearly presented with multiple Austrian office locations and verified company emails and phone numbers. Analytics tools include Google Analytics and Matomo, indicating moderate user tracking. Overall, the site is professional and trustworthy but requires urgent security improvements to enable HTTPS and enhance security headers.

S

Sonnenberg-Apotheke, Helge Lehnert e.K.

sonnenberg-apotheke.com

38

Sonnenberg-Apotheke is a well-established local pharmacy in Chemnitz, Germany, operating since 2001. The business offers a range of pharmaceutical services including certified travel vaccination advice, medication reservation, rental of medical devices, and substitution care for opioid-dependent patients. The website reflects a professional and consistent brand presence targeting local customers with additional online service capabilities. Technically, the site uses a modern front-end stack with Foundation framework and common JS libraries but lacks performance metrics and has no valid SSL certificate, which is a critical security concern. Security headers are partially implemented but the absence of HTTPS and modern TLS protocols significantly weakens the security posture. Privacy and cookie policies are present, indicating GDPR awareness, though the cookie consent mechanism is minimal. Contact information is clearly provided and consistent with WHOIS data, supporting business credibility. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

Croma-Pharma is a medium-sized Austrian company specializing in minimally invasive aesthetic medical products, including hyaluronic acid fillers, botulinum toxin, skin boosters, and skincare lines with plant-exosomes. The company targets healthcare professionals and aesthetic practitioners, offering both products and business services such as consulting and education. The website is professionally designed with good content quality and clear navigation, supporting multiple languages and regions. Technically, the site uses Silverstripe CMS and integrates Google Analytics and reCAPTCHA for user tracking and security. However, a critical security weakness is the lack of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the site demonstrates a solid business presence but requires urgent security improvements to protect user data and enhance trust.

I

Ingenieurbüro Arnold

arnostatik.de

20

Ingenieurbüro Arnold is a small, regionally focused engineering firm specializing in construction planning, structural statics, energy demand calculations, sound insulation, and fire protection services in the Potsdam area of Germany. The company emphasizes quality, reliability, and cost optimization, serving private and commercial clients with over 30 years of experience. Their business model is project-based engineering consultancy with a strong local market presence. Technically, the website is built on WordPress with common plugins and a responsive design, but suffers from slow performance and lacks modern security features such as HTTPS. Security posture is weak due to the absence of SSL/TLS encryption, missing security headers, and no published security or incident response policies. Privacy compliance is basic with a privacy policy and cookie consent mechanism but no GDPR-specific indicators. Overall, the website is professional and credible but requires urgent security improvements to protect user data and enhance trust.

T

TAUERN SPA World Betriebs GmbH & Co KG

tauernspakaprun.com

32

TAUERN SPA Kaprun is a mature, well-established 4-star superior resort located in the Austrian Alps, offering a comprehensive spa and wellness experience combined with high-quality accommodation and culinary services. The business is part of the VAMED Vitality World group, indicating strong market positioning in the hospitality and wellness sector. The website is professionally designed with rich content, clear navigation, and strong trust signals including multiple awards and certifications. Technically, the site uses Pimcore CMS and integrates modern tracking and consent management tools, but suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

I

IVM Ltd.

ivm-vending.eu

25

IVM Ltd. is a medium-sized manufacturing company based in Hungary specializing in industrial vending machines and tool management solutions. Their website, built on WordPress with the Divi theme, presents a professional and well-structured digital presence targeting industrial clients and partners. The company emphasizes innovation in micrologistics and asset management, supported by proprietary software and certifications such as ISO 9001 and ISO 27001. Technically, the site uses common web technologies including Apache, jQuery, and Google Tag Manager, but lacks a valid SSL certificate, which impacts security posture negatively. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information and social media links are clearly provided, enhancing business credibility. Overall, the website is functional and professional but requires improvements in security and privacy compliance to meet modern standards.

The domain geoconsult.com is a mature domain registered since 2001 with a reputable registrar and moderate domain protection. The root domain currently serves only as a redirect to https://www.geoconsult.com, providing no direct content, business information, or contact details. The technical infrastructure is minimal, running on an Apache server without HTTPS enabled, which significantly impacts security posture. No privacy or cookie policies are present, and no forms or contact information are available on the root domain. The lack of SSL/TLS and security headers exposes the site to potential risks and reduces user trust. Overall, the site is functional only as a redirect, with very limited digital maturity and security implementation. Strategic improvements are needed to enable HTTPS, add security headers, and provide clear business and privacy information to enhance trust and compliance.

P

Porsche Informatik Gesellschaft m.b.H.

porscheinformatik.at

37

Porsche Informatik Gesellschaft m.b.H. is a medium-sized Austrian company specializing in software solutions and IT services for the automotive industry, operating as a subsidiary of the Porsche Holding group. The company focuses on digitalizing automotive trade and enabling future mobility through specialized software development. Their website reflects a professional and consistent brand image, targeting automotive clients and IT professionals. Technically, the site is built on WordPress with PHP 7.2.24 and Apache, but lacks a valid SSL certificate, which is a critical security shortfall. The absence of HTTPS impacts user trust and security posture significantly. Privacy and cookie policies are well implemented and GDPR compliant, with clear contact information provided. Social media presence is robust, supporting brand trust and outreach.

R

Retronic Vertriebs GmbH

retronic.de

35

Retronic Vertriebs GmbH is an established German distributor specializing in electronic components, serving various industries including technology and transportation. With over 25 years of experience and TÜV ISO 9001:2015 certification, the company emphasizes long-term partnerships with manufacturers and offers tailored solutions for its clients. The website reflects a professional business model focused on reliability and technical orientation. Technically, the website is built on a modern WordPress platform using PHP 8.4.8 and Elementor for design. It incorporates SEO best practices via Yoast SEO and employs performance optimization tools like WP Rocket. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a significant security shortfall. Mobile optimization and accessibility are adequate, and cookie consent mechanisms comply with GDPR requirements. From a security perspective, the absence of HTTPS and TLS protocols severely undermines the site's security posture, exposing users to potential data interception risks. While cookie consent and privacy policies are well implemented, the site should urgently address SSL/TLS configuration to protect user data and improve trustworthiness. No incident response or vulnerability disclosure policies are evident. Overall, the site is functional and professional but requires critical security improvements. Strategic recommendations include immediate SSL certificate deployment, enabling modern TLS protocols, and enhancing security headers. These steps will elevate the site's security, compliance, and user trust, aligning with its reputable business standing.

C

Campus Tivoli

politische-akademie.at

24

Campus Tivoli, formerly known as Politische Akademie, is a politically affiliated educational institution serving as a think tank and training center for the Austrian People's Party. It offers political education, seminars, e-learning, podcasts, and publications aimed at fostering liberal-conservative and Christian-democratic political thought in Austria. The website is well-structured, content-rich, and targets politically engaged individuals and learners. Technically, it is built on WordPress with Elementor, WooCommerce, and Tutor LMS plugins, indicating a mature digital infrastructure for content delivery and e-commerce. However, a critical security gap exists due to the absence of a valid SSL certificate, exposing users to potential risks. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Contact information and social media presence are clearly provided, enhancing business credibility.

E

ENERGIEALLIANZ Austria GmbH

energieallianz.com

25

ENERGIEALLIANZ Austria GmbH is a mature and leading energy sales and trading company in Austria, founded in 2001. The company serves a large customer base including private, commercial, and industrial clients with electricity, natural gas, and related services. The website reflects a professional corporate presence with good content quality, customer testimonials, and comprehensive contact information. Technically, the site is built on TYPO3 CMS with standard web technologies but suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. However, the lack of visible security policies, incident response contacts, and terms of service pages are gaps in governance documentation. Overall, the website is functional and credible but requires urgent security improvements to protect user data and enhance trust.

Suomen Euromaster Oy operates a comprehensive automotive service website focused on tire sales, installation, and vehicle maintenance services across Finland. The company serves both individual consumers and business clients with a wide network of over 80 service points. The website is professionally designed, localized primarily in Finnish, and integrates modern web technologies and marketing tools. However, the site suffers from a critical security flaw due to an invalid SSL certificate and lack of TLS protocol support, which significantly impacts its security posture. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided, supporting business credibility. The domain registration data aligns well with the business claims, indicating legitimacy.

A

alt-lichtenberg.de

alt-lichtenberg.de

21

The website alt-lichtenberg.de appears to represent a small local or community-oriented entity based in Germany, as indicated by the German language and domain registration details. The site is built on WordPress 5.2.3 with an Apache server running PHP 7.2.34, which is outdated and may pose security risks. The content is minimal with no visible business description, contact information, or terms of service, limiting its professional appeal and user engagement. A cookie consent banner is present, indicating some awareness of privacy compliance, but the privacy policy is only linked and not detailed on the homepage. The site lacks HTTPS, which is a critical security deficiency, exposing visitors to potential risks. Social media presence is limited to a Facebook page link. Overall, the digital maturity of the site is low, with basic mobile optimization and minimal SEO or accessibility features.

D

diego5 studios

diego5studios.com

37

diego5 studios is a medium-sized influencer marketing agency and video content production company based in Austria, founded in 2015. It operates the largest influencer community in Austria and offers comprehensive services including influencer marketing, branded entertainment, workshops, and live events. The company targets brands seeking to engage audiences through digital video content and influencer collaborations. The website reflects a professional and consistent brand presence with good content quality and clear navigation, optimized for mobile users. Technically, the site is built on WordPress using common plugins and jQuery libraries, hosted on servers managed by world4you.at. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. The business demonstrates legitimacy through client logos and active social media channels.

The United Nations Office for Outer Space Affairs (UNOOSA) operates as a key UN entity facilitating international cooperation in peaceful space activities, space law, and capacity building. It serves a global audience including member states, space agencies, academia, and industry. The website reflects a mature and consistent brand aligned with UN standards, offering comprehensive information on space policy, events, and programs. Technically, the site uses a legacy tech stack with Apache, jQuery, and Bootstrap, but suffers from slow performance and basic mobile optimization. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, exposing users to risks. Privacy compliance is minimal, lacking cookie consent mechanisms and GDPR indicators. Contact information and social media presence are well established, enhancing business credibility. Overall, the site is authoritative but requires urgent security and privacy improvements.

U

Ulrike Lahrs Steuerberatungskanzlei

kanzleilahrs.de

37

Ulrike Lahrs Steuerberatungskanzlei is a small, local tax consultancy firm based in Twistringen, Germany, specializing in tax advisory, accounting, payroll, and tax declaration services. The website presents a professional and clear business description targeting individuals and businesses seeking tax-related services in the region. The technical infrastructure is based on the IONOS MyWebsite platform, utilizing Apache server and common JavaScript libraries such as jQuery and Cookiebot for cookie consent management. However, the website lacks HTTPS support, which significantly undermines its security posture. Security headers are partially implemented, but the Content Security Policy is in report-only mode and permits unsafe script execution, increasing risk. Privacy compliance is addressed with a GDPR-compliant privacy and cookie policy, but no terms of service or explicit security policies are found. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

B

BRAUNEIS RECHTSANWÄLTE GMBH

bkp.at

24

BRAUNEIS RECHTSANWÄLTE GMBH is a professional law firm based in Vienna, Austria, specializing in corporate and commercial law, litigation, and real estate legal services. The firm targets national and international companies, investors, developers, local authorities, law firms, and private individuals. It holds a reputable market position supported by rankings from Chambers Global and Legal 500, and features client testimonials that reinforce its credibility. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website uses Apache server technology, Alpine.js for frontend interactivity, Algolia for search functionality, and Matomo for privacy-conscious analytics. The site is mobile optimized and accessible, but performance metrics are not provided. Hosting appears to be with a1.net DNS and a dedicated IP address. SEO and navigation are well implemented. Security-wise, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical vulnerability. Other security best practices such as HSTS, DMARC, DNSSEC, and CAA records are missing. No explicit security or incident response policies are published. The cookie consent mechanism is implemented and GDPR compliant, indicating good privacy compliance. Overall, the website is trustworthy and professional but requires urgent security improvements, especially enabling HTTPS to protect user data and improve trust. Strategic recommendations include installing a valid SSL certificate, enabling security headers, and publishing security policies to enhance the security posture and compliance.

K

K&K Provitrum GmbH

kkprovitrum.at

39

K&K Provitrum GmbH is a specialized machinery and material dealer serving the glass industry in Central, Eastern, and Southeastern Europe. The company offers a comprehensive portfolio of glass processing machines, tools, and consumables, targeting a range of customers from small workshops to large industrial enterprises. Their website reflects a professional and consistent brand presence with clear business and contact information. Technically, the website is built on an Apache server with custom CMS elements and uses modern web technologies, but suffers from slow performance and lacks a valid SSL certificate, which is a significant security concern. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols exposes the site to risks. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. Overall, the website scores moderately on content quality and business credibility but is penalized heavily for security shortcomings.

A

akaryon

akaryon.com

24

Akaryon is a mature small-sized company founded in 1999, specializing in software development with a focus on environmental informatics and sustainability tools. Their offerings include websites, webshops, CSR reporting tools, CO2 calculators, and support for funding applications. The company targets organizations, companies, and municipalities aiming to digitalize sustainability management. Technically, the website is built on WordPress with a variety of plugins for SEO, forms, and cookie management. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is strong with comprehensive policies and cookie consent mechanisms. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

K

KRAL GmbH

kral.at

24

KRAL GmbH is a medium-sized Austrian company specializing in manufacturing screw pumps and flow measurement solutions primarily serving industrial sectors such as marine, power generation, chemical engineering, mechanical engineering, and oil & gas. The company maintains a professional online presence with a well-structured website powered by TYPO3 CMS, offering detailed product and service information, supported by a global network of sales and service partners. The website integrates multiple marketing and analytics tools managed through Google Tag Manager and employs a comprehensive cookie consent mechanism to comply with GDPR requirements. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture, exposing users to potential risks and reducing trust. Security headers are partially implemented, but critical improvements are needed to align with best practices. Overall, the business demonstrates strong credibility and market positioning but requires urgent technical security enhancements to protect its digital assets and customer data.

J

JAWA Management Software GmbH

jawa.at

23

JAWA Management Software GmbH is an established Austrian technology company specializing in customized software solutions for process optimization and information management. Their flagship product, the inforum management platform, supports supplier management, quality control, production planning, and AI-enhanced business solutions. With over 25 years of market presence and a medium-sized operation, JAWA serves a broad international clientele with a focus on efficiency and productivity improvements. Technically, the website is built on a modern WordPress CMS infrastructure using popular plugins and frameworks such as WPBakery, WPML, and Woodmart theme. The site is well-structured, mobile-optimized, and SEO-friendly, demonstrating a mature digital presence. However, the hosting environment lacks a valid SSL certificate and proper TLS configuration, which significantly undermines the security posture. Security-wise, the absence of HTTPS and modern TLS protocols is a critical vulnerability, exposing users to potential data interception and trust issues. While no active vulnerabilities or malware are detected, the site misses essential security headers and DNS security configurations. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, the website presents a professional and credible business front but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL deployment, enabling modern security protocols, and implementing advanced security headers and DNS protections.

E

Egon Zehnder International Ltd.

egonzehnder.com

40

Egon Zehnder International Ltd. operates a global organizational consulting and leadership advisory website offering a wide range of executive search and leadership development services. The company is positioned as a global leader with extensive geographic reach and a comprehensive service portfolio targeting large enterprises and organizations seeking leadership solutions. Technically, the website uses modern web technologies including Vue.js and integrates multiple analytics and marketing tools, but suffers from a critical security flaw due to the absence of a valid SSL certificate and HTTPS support. Security headers and content security policies are well implemented, but the lack of HTTPS severely impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professionally designed and trustworthy, but the critical SSL issue poses a significant risk that should be remediated immediately.

E

EPSIMEC GmbH & Co KG

epsimec.com

28

EPSIMEC GmbH & Co KG is a small Austrian digital agency specializing in social media marketing, newsletter marketing, content management, and web development services. Established in 2012, the company has a mature online presence with a professional website built on WordPress, leveraging modern plugins such as Yoast SEO and WP Rocket for optimization. The website presents a consistent brand image, clear contact information, and client references, positioning EPSIMEC as a credible service provider in the technology sector. Technically, the site uses PHP 8.0.3 on an Apache server hosted by Host Europe, but lacks HTTPS support, which is a significant security concern. The cookie consent mechanism is well implemented, indicating good privacy compliance. However, the absence of SSL/TLS encryption and security headers lowers the overall security posture. No explicit security policies or incident response contacts are published, and no vulnerability disclosure or security.txt files are found. Overall, EPSIMEC demonstrates a solid business and technical foundation but should prioritize securing its website with HTTPS and enhancing security best practices to improve trust and compliance.

W

Wombats Hostels

wombats-hostels.com

21

Wombat's Hostels is a medium-sized hospitality business operating city hostels in multiple European cities including Vienna, London, Munich, Budapest, and Leipzig. The company targets travelers seeking affordable accommodation with social and event experiences. The website is built on TYPO3 CMS and hosted on Apache servers, with a modern but basic technical infrastructure. However, the absence of a valid SSL certificate and HTTPS support significantly weakens the security posture. The site includes privacy and cookie policies with a consent mechanism, but lacks explicit contact information and advanced security policies. Matomo analytics is used with cookie-less tracking, indicating some privacy awareness. Overall, the website is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

S

Swimsol GmbH

swimsol.com

28

Swimsol GmbH is a specialized energy company focused on providing floating and rooftop solar photovoltaic (PV) systems primarily for island environments such as the Maldives. The company positions itself as a leader in solar-at-sea technology with over 35 islands operating their systems and a significant installed capacity. Their business model includes system design, installation, operation, maintenance, and financing options, targeting luxury resorts and small businesses in tropical regions. Technically, the website is built on WordPress with a modern tech stack including Fusion Builder and WP Rocket, but lacks a valid SSL certificate, which impacts security and user trust. The site is well-designed, mobile-optimized, and SEO-friendly, with comprehensive content and strong branding. However, the absence of HTTPS and security headers represents a critical security gap. Privacy compliance is addressed with visible policies and consent mechanisms. Overall, Swimsol demonstrates a strong market presence and professional online representation but should prioritize securing their website with HTTPS and enhanced security practices.

B

bulthaup

bulthaup.com

22

bulthaup is a premium kitchen brand specializing in high-quality kitchen concepts and living space solutions. The company operates a multilingual WordPress-based website that serves as a platform for product information, dealer location, and appointment scheduling. The site targets affluent consumers and businesses seeking bespoke kitchen solutions, positioning itself as a premium retail brand with a global dealer network. Technically, the website employs modern JavaScript libraries and WordPress plugins, including hCaptcha for form security and Cookiebot for cookie consent management. However, the site lacks a valid SSL certificate and modern TLS support, which significantly weakens its security posture. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Overall, the website is professional and content-rich but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

I

Interfood Lebensmittelgroßhandel Ges.m.b.H.

interfood.at

23

Interfood Lebensmittelgroßhandel Ges.m.b.H. is a medium-sized Austrian wholesaler specializing in international fine foods. The company emphasizes quality, freshness, and supply reliability, supported by certifications such as IFS, MSC, ASC, and organic labels. Their website targets retailers and fine food distributors, showcasing a curated product portfolio and strong logistics capabilities. Technically, the site runs on WordPress with popular plugins and themes but lacks HTTPS, which is a critical security gap. The site includes comprehensive privacy and cookie policies, indicating GDPR compliance. However, the absence of SSL/TLS significantly impacts the security posture and trustworthiness. Overall, the website is professionally designed with good content quality and user experience but requires urgent security improvements.

V

VF Corporation

vfc.com

40

VF Corporation is a large multinational retail company specializing in outdoor, lifestyle, and workwear apparel and footwear. The website presents a comprehensive portfolio of well-known brands such as Vans, The North Face, Timberland, and others, targeting consumers, investors, and job seekers. The business model focuses on brand management and retail operations with a strong emphasis on corporate responsibility and investor relations. Technically, the website uses Apache server technology, integrates Google Analytics, and leverages CDN services like Amazon Cloudfront for content delivery. The site is well-designed, mobile-optimized, and provides rich content with clear navigation and professional branding. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy compliance is good with a comprehensive privacy policy and terms of use, but no cookie consent mechanism was detected. Overall, the site is trustworthy and professional but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

T

TS-Promotion

ts-promotion.at

23

TS-Promotion is a small Austrian digital marketing company specializing in social media advertising and content creation. The website presents a professional and consistent brand image targeting marketers and content creators. It leverages WordPress with popular plugins such as Yoast SEO and Borlabs Cookie for SEO and privacy compliance. The company maintains active social media profiles on Facebook, Instagram, TikTok, and Messenger, enhancing its market presence. However, the lack of HTTPS is a critical security gap that undermines user trust and data protection. The website includes comprehensive privacy and cookie policies with consent mechanisms, reflecting good GDPR compliance practices. Contact options include an email address and a contact form, but no phone number or physical address is provided.

Ö

Österreichische Gesundheitskasse

wgkk.at

40

The Österreichische Gesundheitskasse (ÖGK) operates as a major public healthcare insurance provider in Austria, offering a broad range of health-related services and information to insured individuals, employers, and contract partners. The website serves as a comprehensive portal for health facilities, health services, customer support, appointment scheduling, and career opportunities, targeting Austrian residents and stakeholders in the healthcare sector. The organization maintains a consistent and professional online presence with clear branding and trust signals, including official government domain usage and social media engagement. Technically, the website is built on a mature infrastructure utilizing Apache, Jakarta Faces (JSF), jQuery 3.6.0, and Gentics CMS. It integrates advanced features such as a content slider and Piwik PRO analytics for user behavior tracking. However, performance metrics appear incomplete, and the site shows moderate loading characteristics. Accessibility and SEO optimizations are well addressed, with good mobile responsiveness and clear navigation. From a security perspective, the site implements several best practices including a detailed Content-Security-Policy and HttpOnly, Secure cookie flags. Nevertheless, the absence of a valid SSL certificate and HTTPS support is a critical vulnerability, severely impacting the security posture. Other SSL/TLS features such as modern protocol support, OCSP stapling, and session resumption are missing. Privacy compliance is strong, with GDPR-aligned cookie consent mechanisms and clear privacy policies. Overall, the website is trustworthy and professionally managed but requires urgent security improvements to enable HTTPS and strengthen SSL/TLS configurations. Addressing these issues will enhance user trust, data protection, and compliance with modern security standards.

G

Graz-Köflacher Bahn und Busbetrieb GmbH

gkb.at

23

Graz-Köflacher Bahn und Busbetrieb GmbH (GKB) is a regional transportation company based in Austria, providing rail and bus services primarily in the West Styria region. The company has a long history dating back to 1935 and focuses on sustainable mobility solutions including electrification of rail lines and regional bus services. Their website serves as an information portal for passengers, offering schedules, fare information, and service updates. The company maintains an active social media presence and provides comprehensive privacy and cookie policies in compliance with GDPR. Technically, the website is built on Joomla CMS with common web technologies such as jQuery and Bootstrap, but lacks a valid SSL certificate, which is a critical security shortfall. The absence of HTTPS and modern TLS protocols exposes users to potential risks. Despite this, the site is well-structured, mobile-optimized, and provides clear contact information. Overall, the business is credible and well-established, but the website's security posture requires urgent improvement to protect user data and maintain trust.

E

ECE Projektmanagement G.m.b.H. und Co. KG

ece.de

34

ECE Projektmanagement G.m.b.H. und Co. KG operates a professional and comprehensive website focused on real estate development and management, particularly shopping centers, work & live spaces, and residential projects. The company positions itself as a large player in the German real estate market with a strong portfolio and innovative projects. The website is built on TYPO3 CMS and includes rich content, a contact form, social media integration, and a cookie consent mechanism compliant with GDPR. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security flaw. Security headers are partially implemented but the SSL/TLS configuration is severely lacking, exposing the site to risks. The WHOIS data is consistent with the business claims, showing no privacy protection or suspicious registrations. Overall, the site is professional and trustworthy from a business perspective but requires urgent security improvements to protect user data and enhance trust.

Urban Retreats is a small landscaping design and consultation business focused on creating urban retreats in the Seattle area and nearby neighborhoods. The website presents basic information about the company, its philosophy, design process, and contact details, targeting homeowners interested in landscaping services. The business operates primarily through personalized service offerings and consultation engagements. Technically, the website is built on WordPress with an outdated PHP version 5.6.31 and uses older JavaScript libraries such as jQuery 1.4.4. The site lacks HTTPS support, serving content over HTTP only, which significantly undermines its security posture. Performance metrics are unavailable, but the site appears slow and not optimized for mobile devices. SEO and accessibility features are minimal. From a security perspective, the absence of a valid SSL certificate and modern TLS protocols is a critical vulnerability. No security headers or advanced security practices are implemented. The site does not provide privacy, cookie, or terms of service policies, indicating poor privacy compliance. Contact information is clearly provided, but no incident response or security policies are visible. Overall, the website presents moderate business credibility but suffers from critical security and privacy shortcomings. Strategic improvements in security infrastructure, privacy compliance, and technical modernization are essential to enhance trustworthiness and protect user data.

A

acccoi partners GmbH

acccoi.com

27

acccoi partners GmbH is a small technology-focused company based in Austria specializing in enabling corporate business development through startup collaboration, corporate accelerators, and co-innovation programs. Established since 2012, the company targets large corporates and startups seeking innovation partnerships. The website is built on WordPress using Elementor and several plugins for SEO and marketing, but lacks HTTPS which is a critical security shortfall. The site includes standard legal pages and contact mechanisms, including a contact form and social media links. However, Google Analytics is installed but not configured, and performance metrics are unavailable. Security posture is weak due to missing SSL/TLS and security headers, exposing the site to risks. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

H

HICO

hico-ics.com

39

HICO is a specialized provider of Integrated Product Support (IPS) business solutions targeting sectors such as civil and military aviation, security and defence, shipbuilding, rail, and IT solutions. Their offerings include engineering support, maintenance planning, supply support, IPS management, technical documentation, and training services. The company positions itself as a niche player with a focus on maximizing system availability and cost optimization. The website is professionally designed using WordPress CMS with modern plugins and SEO optimizations, though performance is moderate and accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate and HTTPS, lack of security headers, and missing advanced SSL features. Privacy compliance is adequate with clear privacy and cookie policies and consent mechanisms. Business credibility is supported by detailed service descriptions and consistent branding, but contact information lacks explicit phone numbers or direct emails on the homepage. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

B

Bank Gutmann

gutmann.at

40

Bank Gutmann is a well-established private banking institution based in Austria, specializing in wealth management, investment advice, and tailored investment solutions since 1922. The website reflects a professional and content-rich digital presence targeting private and institutional banking clients. The technical infrastructure is built on the Liferay CMS platform with modern JavaScript frameworks such as React and Clay UI, indicating a mature digital environment. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture of the website, exposing users to potential risks. Privacy and cookie policies are present and GDPR compliant, with a moderate level of user tracking via Piwik PRO analytics. Overall, the website demonstrates good business credibility and user experience but requires urgent security improvements to protect client data and maintain trust.

C

Continental Trading GmbH

wetrade4you.at

20

Continental Trading GmbH operates as a specialized retailer of used printing and finishing machines, rooted in Salzburg, Austria, with an international customer base. The website presents basic information about the business and its offerings but lacks comprehensive contact details and legal policies. The technical infrastructure relies on Apache web server with Plesk hosting, AngularJS framework, jQuery, and Bootstrap for frontend, and uses Google Analytics for visitor tracking with IP anonymization enabled. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to potential risks. No privacy or terms of service policies are present, indicating compliance gaps with GDPR and other regulations. Overall, the website is functional but exhibits outdated technology and security weaknesses that require urgent remediation.

O

OVIVO Inc.

ovivowater.com

40

Ovivo Inc. is a well-established global leader in sustainable water treatment solutions with over 150 years of expertise. The company provides a comprehensive portfolio of equipment, technology, and services targeting industrial, municipal, and electronics sectors. The website reflects a mature digital presence with multilingual support and rich content tailored for B2B audiences. Technically, the site is built on WordPress with modern SEO and analytics tools, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and HTTPS support. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Overall, Ovivo demonstrates strong business credibility and professionalism but must urgently address its SSL/TLS configuration to improve security posture and user trust.

A

Active Solution

activesolution.at

36

Active Solution GmbH is a medium-sized Austrian technology and engineering company specializing in IT and engineering consulting, project execution, and recruitment services. With 17 years of experience and a portfolio of reputable clients, the company positions itself as a dedicated and passionate service provider for IT professionals and engineers. The website reflects a professional and consistent brand image targeting IT and engineering talent and clients. Technically, the site is built on TYPO3 CMS and uses modern JavaScript and CSS, but lacks HTTPS, which is a critical security gap. The presence of cookie consent and Google Analytics indicates some privacy awareness, though no explicit security or incident response policies are published. Overall, the company demonstrates moderate digital maturity but requires urgent improvements in security infrastructure to protect user data and enhance trust.

The website uberlabs.com presents minimal content consisting solely of an embedded Flash object, indicating an outdated and poorly maintained web presence. There is no visible business information, contact details, or privacy and cookie policies, which significantly limits user trust and engagement. The domain is hosted on DreamHost with valid DNS records but lacks a valid SSL certificate, resulting in no HTTPS support and poor security posture. The technical infrastructure is basic, relying on deprecated technologies such as Flash, and lacks modern web standards and optimizations. Security headers are minimal, and no advanced security frameworks or incident response mechanisms are evident. Overall, the site exhibits critical security and compliance gaps, making it unsuitable for professional or commercial use without significant modernization and remediation.

E

esarom gmbh

esarom.com

40

esarom gmbh is a medium-sized manufacturing company based in Austria specializing in the development of compounds, flavours, extracts, and ingredients for the beverage and food industries. The company positions itself as a global partner in taste, serving a broad international market with a strong export rate exceeding 80%. Their business model focuses on B2B partnerships, providing tailored flavour solutions and full-service support to manufacturers worldwide. The website reflects a professional and well-branded presence with multilingual support and detailed partner network information. Technically, the website is built on WordPress using Elementor and several modern plugins for SEO, multilingual support, and user experience enhancements. However, the site suffers from a critical security misconfiguration: it lacks a valid SSL certificate and does not properly support HTTPS, which significantly undermines its security posture. Despite this, the site implements several security headers and content policies that indicate an awareness of security best practices. From a security perspective, the absence of HTTPS and TLS protocols is a major vulnerability, exposing users to potential interception and undermining trust. The site lacks explicit incident response or vulnerability disclosure policies, and no cookie consent mechanism was detected, which may impact privacy compliance. The presence of certifications such as halal, kosher, and organic, along with transparent contact information and a global partner network, enhance business credibility. Overall, while the business and content quality are strong, the technical and security shortcomings, especially the missing SSL certificate, pose significant risks. Strategic improvements in SSL deployment, privacy mechanisms, and incident response transparency are recommended to elevate the site's trustworthiness and compliance.

iSi GmbH is a well-established global manufacturer specializing in pressurized gas chargers and related solutions across automotive, components, and culinary sectors. Founded in 1867 in Vienna, the company has a strong market presence with operations in over 90 countries. The website reflects a professional digital presence using modern web technologies such as Next.js and React, supported by a Shopware 6 CMS backend. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and disabled TLS protocols, which severely impact the security posture and user trust. Privacy compliance is well addressed with comprehensive policies and a consent management platform. The company maintains transparency through corporate policies and whistleblower mechanisms, and engages users via social media and career portals.

P

PV - Pensionsversicherung Österreich

pensionsversicherung.at

39

The website pensionsversicherung.at represents the official online presence of the Austrian Pensionsversicherung (PV), the largest pension insurance carrier in Austria, serving approximately 5.6 million insured persons. It provides comprehensive information and services related to pensions, care allowances, rehabilitation, and health prevention. The site is well-structured, professionally designed, and targets insured workers, pensioners, and caregivers in Austria. The business model is that of a government social insurance provider, with a strong market position as a key public institution in Austria's social security system. Technically, the website uses a mature technology stack including Apache server, jQuery 3.6, Jakarta Faces framework, and Piwik PRO for analytics. The content is rich and well-optimized for SEO and accessibility, with good mobile responsiveness. However, performance data is missing, and the site is currently served without a valid SSL certificate, resulting in no HTTPS availability, which is a critical security flaw. From a security perspective, the site implements several security headers including a detailed Content Security Policy and uses secure cookie flags. Despite this, the lack of a valid SSL certificate and absence of modern TLS protocols severely degrade the security posture. No DMARC record is found, and session resumption and OCSP stapling are not enabled. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the site is trustworthy and authoritative in its domain but must urgently address SSL/TLS issues to ensure secure communications and maintain user trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing email security with DMARC. The site demonstrates a high level of professionalism and business credibility but is currently limited by its security shortcomings.

P

Phoron Group GmbH

phoron.com

27

Phoron Group GmbH is an established international SAP consulting firm founded in 2004, specializing in SAP Cloud ERP, technology consulting, and sustainability solutions. The company targets medium and large enterprises, offering a comprehensive portfolio of SAP-related services. The website is professionally designed, content-rich, and consistent with the company's business model and market positioning. Technically, the site runs on Drupal 10 with Apache server and integrates Google Tag Manager and Sendinblue for marketing and analytics. However, a critical security weakness is the lack of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Business credibility is supported by trust indicators such as certifications and social media presence, though direct contact emails and phone numbers are not publicly visible. Overall, the site demonstrates strong business and content quality but requires urgent security improvements.

P

Polytechnik Luft- und Feuerungstechnik GmbH

polytechnik.com

24

Polytechnik Luft- und Feuerungstechnik GmbH is a well-established Austrian company specializing in biomass energy technologies, with over 60 years of experience and a global footprint in 25 countries. The company offers advanced solutions for transforming biomass into CO2-neutral energy, including combustion, gasification, carbonization, and torrefaction technologies. Their market position is strong, supported by a medium-sized workforce and a comprehensive product portfolio. The website reflects a professional and content-rich digital presence, targeting industrial and energy sector clients seeking sustainable energy solutions. Technically, the website is built on WordPress with modern SEO and multilingual plugins, ensuring good accessibility and mobile optimization. However, performance metrics are lacking, and the absence of DNS A/AAAA records raises questions about hosting and domain resolution. The site uses common JavaScript libraries and cookie consent management tools, indicating a mature digital infrastructure. From a security perspective, the site suffers from a critical issue: the SSL certificate is invalid or missing, which undermines HTTPS security and user trust. Additionally, no DNS records are publicly visible, and security headers are minimal. While no major vulnerabilities are detected, the lack of a valid SSL certificate and absence of advanced security policies reduce the overall security posture. Overall, the website is credible and professional but requires urgent security improvements, especially regarding SSL/TLS configuration and DNS setup, to enhance trust and compliance. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Strategic recommendations include obtaining a valid SSL certificate, improving DNS configurations, and publishing explicit security and incident response policies.

Diagnosia.com is a healthcare-focused website offering a medical app designed to support doctors with medication information, dosage guidance, drug interaction alerts, and continuing education resources. The business is positioned as a trusted provider in the Austrian healthcare market, supported by its parent company APOVERLAG. The website uses a professional CMS (TYPO3) and modern frontend frameworks (Bootstrap), indicating moderate digital maturity. However, the site lacks a valid SSL certificate, resulting in no proper HTTPS support, which is a critical security flaw. Security headers are partially implemented but insufficient without HTTPS. Privacy compliance is basic, with no cookie consent mechanism detected, though a comprehensive privacy policy is linked. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and content-rich but requires urgent security improvements to protect user data and trust.