High-risk security reports

S

SOLVION information management GmbH

solvion.net

25

SOLVION information management GmbH is a well-established IT consulting and solutions provider specializing in digital workplace transformation within the Microsoft 365 ecosystem. With over 22 years of experience, the company serves medium-sized commercial enterprises primarily in the DACH region, focusing on sectors such as production, retail, services, and transportation. Their key services include strategic and technology consulting, adoption and change management, implementation of Microsoft-based solutions, and ongoing technical support. The website reflects a professional and consistent brand image with comprehensive content, active blogs, and customer testimonials, positioning SOLVION as a leading player in their market segment. Technically, the website is built on WordPress with the Divi theme and utilizes modern JavaScript libraries and marketing tools such as Google Tag Manager and Borlabs Cookie for consent management. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. Other security best practices like HSTS, OCSP stapling, and modern TLS protocols are also missing, exposing the site to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies, including a consent mechanism that aligns with GDPR requirements. The site employs extensive tracking and marketing tools, but these are transparently disclosed. Contact information is clearly presented, including a detailed contact form, phone number, and physical address, enhancing business credibility. Overall, while the business and content aspects of the website are strong and trustworthy, the lack of HTTPS and proper SSL configuration is a critical vulnerability that must be addressed immediately to protect user data and maintain trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern security protocols, and enhancing security headers to improve the site's security posture and compliance.

R

Raiffeisen Bank International

raiffeisen.al

40

Raiffeisen Bank Albania is a major financial institution offering a wide range of retail and corporate banking services, including loans, credit cards, savings, and digital banking platforms. The website is professionally designed, content-rich, and targets Albanian retail customers, SMEs, and corporate clients. Technically, the site uses modern frameworks such as Vue.js and Adobe Experience Manager, with integrations for analytics and marketing tools. However, a critical security issue is the invalid or missing SSL certificate, which undermines the security posture despite good security headers and policies. Privacy compliance is strong with clear cookie consent and GDPR-aligned privacy policies. Overall, the website is trustworthy and credible but requires urgent SSL remediation to ensure secure user interactions.

S

SPAX International GmbH & Co. KG

spax.com

40

SPAX International GmbH & Co. KG is a well-established German manufacturer specializing in screws and fastening technology, producing large volumes daily for a global market. Their website reflects a mature digital presence with comprehensive product information, multilingual support, and digital tools for professionals in construction and woodworking. The company demonstrates strong branding consistency and trust indicators including certifications and detailed contact information. Technically, the site is built on Adobe Experience Manager with modern marketing and consent management tools, offering good user experience and SEO optimization. However, a critical security issue exists due to an invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the business credibility and content quality are high, but urgent remediation of SSL/TLS issues is recommended to ensure secure user interactions and maintain trust.

Arjo is a well-established global healthcare company specializing in medical devices and solutions aimed at improving mobility and care for patients with reduced mobility and age-related health challenges. The company operates in over 100 countries with a large workforce and offers a broad portfolio including patient handling equipment, medical beds, hygiene solutions, disinfection products, and prevention systems for pressure injuries and venous thromboembolism. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design tailored to healthcare providers and institutions. Technically, the website leverages modern web technologies including Episerver CMS, Azure hosting, and multiple analytics and marketing tools such as Google Analytics, Siteimprove, Hotjar, and Microsoft Application Insights. The site is hosted on Microsoft Azure with Cloudflare CDN, ensuring global availability and performance. However, performance metrics were not available, and accessibility is rated as basic, suggesting room for improvement. From a security perspective, the site implements several important HTTP security headers and a detailed Content Security Policy. Nevertheless, the SSL certificate is currently invalid or missing, which is a critical vulnerability that undermines user trust and data security. HSTS is configured but not fully enabled, and session resumption mechanisms are absent. No known vulnerabilities or malware were detected, and no WAF or blocking mechanisms interfere with site access. Overall, the website demonstrates strong business credibility and privacy compliance with clear policies and consent mechanisms. The main risk lies in the SSL certificate issue, which should be addressed promptly to maintain security posture and user confidence. Strategic recommendations include renewing the SSL certificate, enabling full HSTS, and enhancing accessibility and performance monitoring.

S

STIWA Holding GmbH

stiwa.com

40

STIWA Holding GmbH is a well-established Austrian company specializing in automation technology, manufacturing, and software solutions. With over 50 years of experience and a global presence spanning 11 locations across three continents, STIWA serves diverse industries including automotive, electronics, medical technology, and building automation. The company offers comprehensive services from engineering and automated series production to production optimization, positioning itself as a leader in digital, fully automated production solutions. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies and integrating marketing and analytics tools such as HubSpot and Google Analytics. However, the absence of a valid SSL certificate and HTTPS support significantly impacts the security posture. While security headers and content security policies are well implemented, the lack of proper SSL/TLS encryption is a critical vulnerability. Privacy and cookie policies are present and GDPR compliant, and contact information is comprehensive and clearly presented. Overall, the website reflects a professional and trustworthy business but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

R

Randstad

randstad.com

40

Randstad is a global leader in the HR services industry, providing a wide range of staffing, recruitment, and workforce management solutions. The company targets job seekers, employers, investors, and press with a comprehensive digital presence and multiple country-specific subsidiaries. Their business model focuses on delivering specialized talent solutions at scale, supported by digital and enterprise services. The website reflects a mature and professional brand with strong market positioning and trust indicators. Technically, the website uses modern technologies including React and Drupal CMS, hosted on Amazon Web Services infrastructure. While the site is well-structured and mobile-optimized, performance data is unavailable. Security headers are properly configured, but the SSL certificate is invalid or missing, which is a critical vulnerability that undermines secure communications. The security posture shows good practices in headers and cookie management but lacks proper SSL/TLS implementation and explicit security or incident response policies. Privacy and cookie policies are present with consent mechanisms, indicating good compliance with GDPR. Contact information is primarily via forms, with no direct emails or phone numbers publicly listed. Overall, the site is professional and trustworthy but requires urgent remediation of SSL issues to ensure secure user interactions and maintain business credibility.

The website coach.com is currently inaccessible due to a Web Application Firewall (WAF) or security mechanism blocking access, as evidenced by the Access Denied page and minimal HTML content. This prevents any direct analysis of the website's content, metadata, or business information. The domain itself is mature, registered since 1996, and protected with strong domain status settings, indicating a legitimate and established entity likely operating in the retail sector. The technical infrastructure includes Akamai CDN services and hosted email solutions, but the SSL/TLS configuration is severely lacking with no valid certificate or secure protocols enabled, posing significant security risks. Overall, the site’s security posture is weak due to missing HTTPS and modern security headers, and the performance is poor with very slow load times. Given the blocking, the analysis is limited and the overall risk assessment is elevated due to lack of accessible content and security deficiencies.

M

Mass Response Service GmbH

massresponse.com

38

Mass Response Service GmbH is a medium-sized Austrian telecommunications company specializing in automated mass communication solutions including call centers, SMS, email, fax, and web services. They operate a fiber optic network providing highspeed internet connectivity primarily targeting business customers in Austria. The website content is professional and consistent, with clear navigation and relevant business information. Technically, the site uses Apache and jQuery but lacks modern SSL/TLS configuration, which is a significant security concern. The absence of a valid SSL certificate and HTTPS support undermines the security posture despite the presence of some security headers like HSTS. Privacy compliance is basic but present, with cookie consent mechanisms and a privacy policy linked externally. Social media presence and customer testimonials add trust signals. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

W

W.D. Matthews Machinery Co.

wdmatthews.com

40

W.D. Matthews Machinery Co. is a well-established heavy equipment dealer operating primarily in New England, with a history dating back to 1939. The company specializes in new and used forklifts, heavy machinery, warehousing supplies, rentals, parts, and service. It maintains strong partnerships with reputable brands such as Toyota, Manitou, Clark, and Bobcat, positioning itself as a leading regional provider in the transportation and industrial equipment sector. The website reflects a professional business model focused on equipment sales, rentals, and maintenance services targeting commercial and industrial clients in the region. Technically, the website is built on WordPress with WooCommerce and utilizes modern web technologies including Gravity Forms for data collection and Google Tag Manager for analytics. Hosting is provided by WP Engine with Cloudflare CDN for content delivery. While the site is mobile-optimized and well-structured with good SEO practices, performance data is incomplete, and some accessibility features are basic. The site lacks a valid SSL certificate, which is a critical security gap. From a security perspective, the absence of HTTPS and modern TLS protocols significantly reduces the site's security posture. No advanced security headers or mechanisms such as HSTS or OCSP stapling are implemented. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or terms of service page detected. Contact information is clearly provided, enhancing business credibility. Overall, the site presents a moderate risk profile due to the lack of HTTPS and limited privacy compliance. Strategic improvements in security configuration and privacy practices are recommended to enhance trust and protect user data. The business itself appears legitimate and well-positioned in its market, but the website's security shortcomings could impact user confidence and compliance with regulations.

E

EXERGY Studios, s.r.o.

exergystudios.com

35

EXERGY Studios, s.r.o. is a Slovak-based company specializing in building certification services such as BREEAM and LEED, building simulation, optimization, and integrated design. The company targets building owners, developers, and construction professionals seeking to enhance building performance and certification compliance. Their market position is that of a niche regional expert with a small business size and a focused service portfolio. Technically, the website is built on Joomla CMS using a Gavick template and includes legacy JavaScript libraries like jQuery 1.7 and MooTools. The site lacks HTTPS, which significantly impacts its security posture. Security headers are minimal, and no advanced security practices such as HSTS or OCSP stapling are implemented. Privacy compliance is poor, with no visible privacy or cookie policies or consent mechanisms. Business credibility is moderate due to the presence of trust indicators like membership in SKGBC and USGBC but is weakened by the lack of clear contact information and security best practices.

M

M. M. Newman

mmnewman.com

40

M.M. Newman Corporation is a specialized manufacturer and distributor of Heli-Tube® spiral cable wrap and related specialty tubing and hot tool products. Established in 1956, the company holds a strong market position as a leading supplier in the manufacturing sector, targeting industrial and commercial customers requiring cable management solutions. Their website reflects a professional e-commerce platform built on WordPress and WooCommerce, offering clear navigation and relevant product information. The company demonstrates trustworthiness through certifications such as ISO 9001:2015 and provides comprehensive contact information and social media presence. However, the technical infrastructure shows gaps in security, notably the absence of a valid SSL certificate and incomplete HTTPS implementation, which poses risks to user data and trust. The site uses multiple analytics and marketing tools but lacks a cookie consent mechanism, indicating partial privacy compliance.

H

Habich GmbH

habich.com

37

Habich GmbH is a well-established Austrian manufacturer specializing in inorganic specialty pigments for various industrial applications including coatings, construction chemicals, ceramics, printing inks, and plastics. The company has a long tradition dating back to 1846 and serves a global B2B market with a broad product portfolio including corrosion protection pigments, organic colorants, pigment preparations, and aqueous binder dispersions. Their website reflects a consistent and professional brand image with detailed product information and clear contact details. Technically, the site uses modern front-end libraries and the SilverStripe CMS, but lacks a valid SSL certificate, which is a critical security gap. The cookie consent mechanism is implemented and GDPR compliant, supporting privacy best practices. However, no explicit security policies or incident response information is provided. Overall, the website is functional and professional but requires urgent security improvements to enable HTTPS and enhance trust.

V

Viz Flowics

flowics.com

37

Viz Flowics is a cloud-native platform specializing in live data-driven broadcast graphics, targeting broadcasters, live streamers, and corporations. The platform offers an intuitive web-based HTML5 graphics editor, native data connectors, social media integration, and NRCS integration, positioning itself as a modern solution in the media technology sector. The website reflects a professional and consistent brand presence supported by customer testimonials and case studies, indicating a solid market position under its parent company Vizrt. Technically, the site is built on WordPress with modern plugins and integrates multiple marketing and analytics tools, though performance metrics are not explicitly available. Security posture is weakened by the absence of a valid SSL certificate and lack of TLS support, which is a critical vulnerability for a platform serving professional clients. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

I

iSimulate

isimulate.com

40

iSimulate is a specialized company providing clinical education technology solutions focused on simulation products for healthcare training. Their product family includes modular simulation ecosystems, fetal heart rate monitor simulators, point of care device simulators, and training manikins. The website presents a professional and consistent brand image targeting healthcare educators and simulation trainers globally. Technically, the site uses modern JavaScript libraries and is hosted on AWS infrastructure, but critically lacks HTTPS support, exposing users to security risks. Privacy compliance is basic with a cookie consent banner and a linked privacy policy, but no terms of service or security policies are evident. The security posture is weak due to missing SSL/TLS and security headers, which should be addressed urgently to protect user data and trust. Overall, the site is functional and informative but requires significant security improvements to meet modern standards.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 11 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

W

www.english-teacher-college.at

english-teacher-college.at

38

The website www.english-teacher-college.at operates as a specialized media platform providing comprehensive reviews, guides, and affiliate marketing services focused on online casinos in Austria. It targets Austrian online casino players by offering detailed casino ratings, bonus information, game variety, payment methods, and customer support evaluations. The site maintains a consistent brand presence with professional content and trust indicators such as DMCA protection and author credentials. Technically, the site is hosted behind Cloudflare and uses modern web technologies including JavaScript and Google Tag Manager, but lacks a valid SSL certificate, resulting in no HTTPS support and weak security posture. This absence of HTTPS and modern TLS protocols is a critical security gap that undermines user data protection and trust. Privacy and cookie policies exist but are basic in compliance, and no direct company contact emails or phone numbers are provided, though social media channels are linked. Overall, the site is functional and content-rich but requires urgent security improvements to enhance user trust and compliance.

A

Amway Global

amwayglobal.com

40

AmwayGlobal.com serves as the official digital presence of Amway Corporation, a globally recognized leader in direct selling and wellness products. The website effectively communicates the company's extensive product portfolio, business opportunities, and corporate social responsibility initiatives, targeting health-conscious consumers and entrepreneurs worldwide. The site demonstrates a mature digital infrastructure leveraging WordPress CMS, modern JavaScript libraries, and performance optimization tools, ensuring a good user experience across devices. However, the absence of a valid SSL certificate and disabled TLS protocols represent significant security gaps that undermine the site's secure communication capabilities. While security headers and privacy policies are well implemented, the lack of HTTPS is a critical issue that should be addressed promptly. Overall, the website reflects a reputable enterprise with strong branding and compliance posture but requires urgent improvements in its SSL/TLS configuration to enhance trust and security.

A

adRom Media Marketing GmbH

adrom.net

32

adRom Media Marketing GmbH is a well-established Austrian online marketing agency specializing in email marketing, lead generation, display advertising, and digital prospectus solutions. With over 25 years of experience and a large GDPR-compliant database of 45 million addresses, the company serves a broad B2B audience including agencies and enterprises. The website is professionally designed, content-rich, and optimized for SEO and mobile devices, reflecting a mature digital presence. Technically, the site runs on WordPress with Elementor and employs performance tools like WP Rocket, but suffers from critical security weaknesses due to an invalid SSL certificate and lack of modern TLS protocols, which undermines secure HTTPS delivery. Privacy compliance is strong with clear GDPR-aligned policies and cookie consent mechanisms. Contact information and social media presence are transparent and professional. Overall, the site demonstrates high business credibility but requires urgent security improvements to protect user data and enhance trust.

S

Spring GDS

spring-gds.com

40

Spring GDS is an established international delivery company specializing in cross-border e-commerce shipping solutions since 2001. Positioned as part of the PostNL group, it offers a comprehensive suite of services including global shipping, returns, customs clearance, and integrations tailored for online businesses. The company emphasizes sustainability and holds an EcoVadis certification, reinforcing its commitment to environmental responsibility. The website targets businesses seeking efficient international logistics with a focus on last-mile delivery expertise. Technically, the website employs modern web technologies such as Google Tag Manager and Sentry for analytics and error monitoring, and is hosted behind Akamai CDN. However, performance is impacted by slow DNS resolution and the absence of a valid SSL certificate, which critically undermines the security posture. The site is mobile-optimized with excellent design and navigation, supporting a positive user experience. Security analysis reveals significant weaknesses: no valid SSL/TLS certificate is deployed, no TLS protocols are enabled, and critical security features like OCSP stapling and session resumption are missing. While security headers are present, the lack of HTTPS severely limits the site's trustworthiness and exposes users to risks. Privacy compliance is good with clear policies and GDPR adherence, but incident response and vulnerability disclosure mechanisms are not publicly documented. Overall, Spring GDS presents a credible and professional business with strong market positioning and comprehensive service offerings. The primary risk lies in its deficient SSL configuration, which should be urgently addressed to protect customer data and maintain trust. Strategic improvements in security infrastructure will enhance the company’s digital maturity and safeguard its reputation.

I

iSEEit

iseeit.com

40

iSEEit is a technology company specializing in a native Salesforce Opportunity Management Tool designed to help sales teams visualize and qualify opportunities using structured sales methodologies such as MEDDIC and MEDDPICC. The company targets sales professionals and organizations seeking to improve sales process adoption and forecasting accuracy. The website presents a professional and content-rich platform with detailed product features, customer testimonials, and partner logos, positioning iSEEit as an award-winning solution in its niche. Technically, the website is built on WordPress with a modern tech stack including jQuery, Google Analytics, Hotjar, and various marketing tools. Hosting is inferred to be on Amazon AWS infrastructure. While the site is mobile-optimized and SEO-friendly, performance metrics indicate slow loading times, suggesting room for optimization. From a security perspective, the site lacks a valid SSL certificate and does not enable modern TLS protocols, which is a critical vulnerability impacting user trust and data security. Although some security headers like HSTS are present, the absence of HTTPS and other best practices significantly lowers the security posture. Privacy compliance is well addressed with comprehensive privacy and cookie policies and user consent mechanisms. Overall, the site demonstrates strong business credibility and content quality but requires urgent improvements in SSL/TLS configuration and security practices to ensure safe user interactions and compliance with modern security standards.

E

evofenedex

evofenedex.nl

38

Evofenedex is a well-established Dutch association focused on trade and logistics, serving over 10,000 members with knowledge, advice, products, and services related to goods transport, import/export, and storage. The website reflects a mature organization with a clear business model centered on membership benefits and industry support. Technically, the site employs modern JavaScript frameworks such as React and uses Google Tag Manager and Visual Website Optimizer for analytics and marketing. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Privacy compliance is weak, with no visible privacy or cookie policies, although cookie consent is denied by default via the consent management setup. Overall, the site is functional and professionally designed but requires urgent security and compliance improvements.

Xella International GmbH operates in the manufacturing and construction sectors, specializing in building materials and solutions. The company targets construction professionals and distributors, positioning itself as an established player in the industry. The website is built using Angular and hosted on Amazon Web Services, leveraging CloudFront and S3 for content delivery. However, the website content is minimal, primarily showing a loading preloader with no substantive content or metadata. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, exposing the site to potential risks. Although security headers like Content Security Policy and HSTS are present, they are insufficient without proper SSL configuration. The site uses extensive third-party analytics and marketing tools, indicating a focus on user tracking and advertising, but lacks visible privacy or cookie policies, raising compliance concerns. Overall, the website's digital maturity is low, with significant gaps in security and privacy compliance.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 28 security findings identified across all modules.

P

Post AG

post.at

40

Post AG operates as Austria's leading postal and logistics service provider, offering a comprehensive range of services including letter mail transport, parcel shipping, business mailing solutions, and online postal services. The company targets both general consumers and business clients within Austria, maintaining a strong market position supported by a professional and content-rich website. The digital infrastructure leverages modern technologies such as React and Sitecore CMS, with integrated analytics and marketing tools like Matomo and Jentis Tag Manager, reflecting a mature digital presence. However, the website's security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which poses significant risks to data confidentiality and user trust. Despite this, the site maintains good privacy compliance with clear policies and consent mechanisms, and offers comprehensive contact options and official social media channels. Strategic improvements in SSL/TLS implementation and security header enforcement are critical to enhance overall security and trustworthiness.

T

TRUMPF SE + Co. KG

trumpf.com

40

TRUMPF SE + Co. KG is a leading high-tech manufacturing company specializing in machine tools, laser technology, electronics, and Industry 4.0 solutions. Established in 1923 and headquartered in Germany, the company serves industrial clients globally with a comprehensive portfolio of products and services including machines, lasers, software, and financial services. The website reflects a mature enterprise with professional design, clear navigation, and rich content targeting manufacturing professionals and technology buyers. Technically, the website is built on TYPO3 CMS with modern JavaScript frameworks and lazy loading techniques, hosted likely on Microsoft Azure infrastructure. It demonstrates good mobile optimization, accessibility, and SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a significant security gap despite the presence of security headers and HSTS directives. Security posture is moderate with key headers implemented but critical issues due to lack of SSL/TLS encryption, which exposes users to risks and undermines trust. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Business credibility is high with verified contact information, corporate transparency, and trust signals such as customer success stories and social media presence. Overall, the website is professional and content-rich but requires urgent remediation of SSL/TLS to improve security and user trust.

S

Sanofi

sanofigenzyme.com

40

Sanofi is a leading global healthcare and pharmaceutical company specializing in innovative medicines across specialty and general medicine areas. The website reflects a mature enterprise with comprehensive content targeting patients, healthcare professionals, investors, and partners. The technical infrastructure leverages modern web technologies including React and Material-UI, hosted on AWS CloudFront with Magnolia CMS. Privacy and cookie policies are well implemented with GDPR compliance, and the site integrates marketing and analytics tools such as Google Tag Manager and OneTrust. However, a critical security gap exists due to the absence of a valid SSL certificate and lack of TLS protocol support, significantly impacting the security posture. This exposes users to potential risks and undermines trust despite strong content and business credibility. Strategic remediation of SSL/TLS and related security configurations is essential to align the website with industry best practices and regulatory requirements.

G

Great Sales Force GmbH

greatsalesforce.com

31

Great Sales Force GmbH is a consulting and survey tools provider specializing in enhancing sales force effectiveness and customer intelligence. The company offers a suite of proprietary tools and services such as the GSF® Survey Tools, Benchmark Data, Consulting, and specialized checks for customer culture, leadership, CRM, and customer experience. Their market position is that of a niche provider with international reach, serving businesses aiming to improve sales performance and customer satisfaction. The website is professionally designed, content-rich, and well-branded, targeting business clients primarily in Austria and German-speaking regions. Technically, the website is built on WordPress using Elementor and Yoast SEO, with integrations like Google Tag Manager and Google reCAPTCHA v3 for tracking and form security. Hosting is provided by Hetzner, a reputable provider. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and user trust. Performance metrics are not available, but the site shows good mobile optimization and basic accessibility. Security-wise, while some best practices like cookie consent and reCAPTCHA are implemented, the lack of HTTPS and modern TLS protocols is a major vulnerability. No advanced security headers or incident response policies are found. Privacy compliance is strong with comprehensive policies and GDPR adherence. Contact information is clearly provided, enhancing business credibility. Overall, the site presents a trustworthy and professional business front but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL deployment, enabling modern TLS, and enhancing security headers and monitoring.

C

CyberLink Corp

cyberlink.com

40

CyberLink Corp is a mature technology company specializing in video editing, photo editing, and multimedia software solutions. Established in 1997, it has a strong market presence with award-winning products and a global customer base. The company offers a range of consumer and business software products, including PowerDirector, PhotoDirector, and FaceMe SDK, targeting both individual users and enterprise clients. The website reflects a professional and consistent brand image with comprehensive product information and active social media engagement. Technically, the website employs modern JavaScript libraries, Google Analytics 4, and AWS CloudFront for hosting and content delivery, but suffers from critical SSL/TLS configuration issues that undermine security and user trust. Security headers are partially implemented, but the absence of a valid SSL certificate and TLS protocols is a major vulnerability. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of service, though no explicit cookie consent mechanism is present. Overall, the website is functional and professional but requires urgent security improvements to protect user data and maintain trust.

K

KaVo Dental

kavo.com

40

KaVo Dental is a well-established manufacturer of dental devices and instruments with over 110 years of history, serving dentists and dental technicians worldwide. The company offers a broad portfolio including treatment units, handpieces, and laboratory equipment, positioning itself as a pioneer and innovator in the dental healthcare sector. The website reflects a professional and comprehensive digital presence with multiple language support and rich content tailored to dental professionals. Technically, the site is built on Drupal 10 with modern web technologies, providing good user experience and SEO optimization. However, the security posture is weakened by the absence of a valid SSL certificate and proper HTTPS configuration, which is a critical issue that must be addressed to protect user data and maintain trust. Privacy and cookie policies are present and appear compliant with GDPR standards. Overall, the site demonstrates strong business credibility and professionalism but requires urgent security improvements.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

A

AGS

ags-engineering.at

27

AGS is a medium-sized Austrian company specializing in high-end automated special machines, robotics, and industrial data solutions. The company emphasizes quality, innovation, and long-standing experience, positioning itself as a regional leader in manufacturing automation. Their website reflects a professional and consistent brand image with clear service offerings and active social media presence. Technically, the site is built on WordPress with Elementor and uses modern plugins for enhanced functionality, though performance metrics are moderate. Security-wise, while several security headers are implemented, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture. Privacy compliance is minimal, with no visible privacy or cookie policies. Overall, the website is trustworthy but requires urgent improvements in security and privacy compliance to meet modern standards.

VGN Medien Holding GmbH is a leading Austrian magazine publisher with a broad portfolio of print and digital media brands. Founded in 1992, it serves a wide Austrian audience with content spanning politics, lifestyle, business, and entertainment. The company operates multiple media brands and offers advertising and content marketing services. Technically, the website uses modern web technologies including nginx, JavaScript, and Google Analytics, but lacks a valid SSL certificate, which is a critical security shortfall. Security headers are implemented but without proper HTTPS, the site is vulnerable to interception and trust issues. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional and content-rich but requires urgent security improvements to align with best practices and user trust expectations.

The website acleddata.com is currently inaccessible due to a Cloudflare security challenge page requiring human verification via Turnstile captcha. This prevents access to any substantive content or business information. The site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. The technical infrastructure relies on Cloudflare services for DNS and security, but the absence of a valid certificate and security headers indicates a poor security posture. No privacy, cookie, or terms of service policies are present, and no contact or business details are available on the landing page. Overall, the site appears to be in a blocked or pre-launch state, limiting the ability to assess its business credibility or compliance status.

S

Stratodesk Corp.

stratodesk.com

40

Stratodesk Corp. is a mature technology company founded in 2010, specializing in secure, managed endpoint operating systems designed for virtual desktop infrastructure (VDI), Desktop-as-a-Service (DaaS), SaaS, secure browsing, and industrial IoT applications. The company has established a strong market position as a leading innovator with multiple industry awards and partnerships with major technology vendors such as Microsoft, Citrix, and VMware. Recently, Stratodesk became part of IGEL, further strengthening its market presence. The website reflects a professional and comprehensive digital presence, targeting enterprise customers seeking secure and manageable endpoint solutions. Technically, the site is built on WordPress with modern plugins and integrations, but suffers from a critical security shortfall due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts its security posture. Privacy policies and terms of service are well documented, and contact information is clearly provided, supporting good privacy compliance and business credibility. Overall, Stratodesk demonstrates a solid business and digital maturity but should urgently address its SSL/TLS configuration to improve security and trust.

F

Fritz HOLTER GmbH

holter.at

40

Fritz HOLTER GmbH operates a comprehensive website focused on sanitary and heating wholesale distribution in Austria, with additional services in wellness and pool solutions. The company has a strong market presence with over 150 years of history, targeting both professional installers and end consumers. The website is content-rich, professionally designed, and offers multiple user engagement channels including partner installer search, online bathroom planner, and newsletter subscription. Technically, the site uses modern technologies such as Vue.js and Storyblok CMS, hosted on AWS CloudFront CDN, with good SEO and accessibility practices. However, the security posture is weakened by an invalid or missing SSL certificate, lack of HTTPS enforcement, and absence of modern TLS protocols, which poses a significant risk. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and professional but requires urgent SSL/TLS remediation to improve security and user trust.

Deutsche Lufthansa AG operates a comprehensive airline website offering flight booking and travel management services to a global audience. The site reflects Lufthansa's position as a leading international airline with a broad network and premium service offerings. The technical infrastructure leverages modern web technologies including Adobe Helix, Maui Design System, and Akamai CDN, ensuring a responsive and accessible user experience. While the website is rich in content and professionally designed, the SSL certificate is currently invalid, which poses a security risk. Security headers are well implemented, but the absence of a cookie consent mechanism indicates partial privacy compliance. Overall, the site demonstrates a mature digital presence with room for improvement in security and privacy practices.

H

Holzhausen Verlag

verlagholzhausen.at

31

Holzhausen Verlag is a well-established Austrian publishing company specializing in scientific and professional publications across sectors such as innovation, research, technology, installation, logistics, and transport. The company holds a strong market position as a leading publisher for specialized industry sectors in Austria, offering a broad range of print and digital media products, newsletters, social media marketing, and event organization. Their business model focuses on delivering high-quality content and media services to professionals and decision-makers in their target industries. Technically, the website is built on WordPress using the Extra theme and integrates modern SEO and analytics tools, but suffers from a critical lack of HTTPS and valid SSL certificate, which significantly impacts security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. Overall, the website presents professional content and branding but requires urgent security improvements to protect user data and enhance trust.

A

Age UK

ageuk.org.uk

40

Age UK is a leading UK-based charity dedicated to supporting older people through a wide range of services including advice, befriending, fundraising, and campaigning. The website reflects a mature and professional digital presence with comprehensive content tailored to its target audience of older adults and their carers. The organization maintains strong branding consistency and trust indicators such as charity registration and regulatory compliance. Technically, the site uses a modern technology stack including ASP.NET, Cloudflare CDN, and analytics tools like Microsoft Azure Application Insights and Google Tag Manager. However, the SSL certificate is invalid and no modern TLS protocols are enabled, which significantly weakens the security posture. Privacy and cookie policies are present and GDPR compliant, supporting good privacy practices. Overall, the site is well designed and user-friendly but requires urgent security improvements to protect user data and maintain trust.

U

Umdasch Group

umdaschgroup-ventures.com

35

Umdasch Group is a large Austrian manufacturing and retail company specializing in comprehensive lifecycle solutions for building projects. Their subsidiaries include Doka, a global leader in formwork and scaffolding, umdasch The Store Makers focusing on retail space planning, and Industrial Solutions providing specialized industrial scaffolding and safety services. The company emphasizes sustainability and digital innovation as core drivers of their business model. Technically, the website is built on WordPress with modern plugins and multilingual support, hosted on Azure DNS. However, a critical security weakness is the invalid SSL certificate and lack of TLS protocol support, which undermines secure communications. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the website is professional and content-rich, but the security posture requires urgent improvement to protect user data and maintain trust.

S

SCHMIDT Groupe

cuisines-schmidt.com

29

SCHMIDT Groupe operates a comprehensive and professionally designed website focused on custom interior design solutions including kitchens, furniture, and bathrooms. The company is a leading French manufacturer with a strong market position and a large-scale retail business model. The website demonstrates a mature digital infrastructure with modern JavaScript frameworks, extensive use of analytics and marketing tools, and a clear focus on user experience and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented, indicating good compliance with GDPR requirements. Overall, the site is content-rich and trustworthy but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

L

Leading Search Partners

leadingsearchpartners.com

26

Leading Search Partners is a specialized recruitment and consulting firm focused on executive and professional search services, management audits, performance checks, and outplacement. The company targets businesses and professionals seeking high-quality personnel placement and organizational development support. Established since at least 2016, it operates primarily in Austria with offices in multiple countries, emphasizing a personalized and quality-driven approach. Technically, the website is built on WordPress with common plugins such as Yoast SEO and WPML for multilingual support. The infrastructure uses Apache server technology but lacks HTTPS, which is a significant security shortfall. The site includes cookie consent mechanisms and Google Analytics tracking, indicating moderate digital maturity but with room for improvement in performance and security. Security posture is weak due to the absence of SSL/TLS encryption and missing security headers, exposing the site to potential risks. However, no active vulnerabilities or malware were detected. Privacy compliance is good with GDPR-aligned cookie consent and a comprehensive privacy policy. Business credibility is supported by clear contact information and professional content. Overall, the site is functional and professional but requires urgent security enhancements, especially enabling HTTPS, to protect user data and improve trustworthiness.

W

Wolfram Bergbau und Hütten AG

wolfram.at

39

Wolfram Bergbau und Hütten AG is a medium-sized Austrian company specializing in the mining, refining, and recycling of tungsten-based products. It holds a strong market position as a leading global supplier of high-quality tungsten powders. The company operates multiple sites including mining in Mittersill, refining in St. Martin, and recycling centers in Austria and India. The website is professionally designed using WordPress with the Divi theme and includes comprehensive content in German and English, targeting industrial clients and potential employees. Technically, the site uses modern SEO and analytics tools but suffers from a critical lack of valid SSL/TLS configuration, impacting security posture. Privacy compliance is well implemented with GDPR-aligned cookie consent mechanisms and a detailed privacy policy. Business credibility is supported by ISO certifications and transparent contact information. Overall, the website is trustworthy and professional but requires urgent security improvements to enable HTTPS and modern TLS protocols.

C

Cookie-Information

gorelate.com

28

The website gorelate.com currently serves a minimal content page focused on cookie information with a cookie consent popup implemented via JavaScript. The site lacks any substantive business or contact information, privacy policy, or terms of service. Technically, the site is served over HTTP without a valid SSL/TLS certificate, exposing it to security risks and reducing trustworthiness. The DNS configuration is basic with no DNSSEC and a misconfigured CAA record. Security headers are minimal, and no modern security protocols or cipher suites are enabled. Overall, the site demonstrates very low digital maturity and security posture, with no evident compliance with GDPR or other privacy regulations. Business credibility is low due to lack of identifiable company information or trust signals.

T

troii Software GmbH

troii.com

40

troii Software GmbH is a small Austrian technology company specializing in software development, offering a suite of products including time tracking, mileage logging, financial market information, and field service management solutions. Their market position is that of a regional software provider with a focus on delivering integrated web and mobile applications. The website is built on WordPress with Elementor and uses Google Cloud hosting. While the site is professionally designed with good content and SEO practices, it lacks a valid SSL certificate, resulting in insecure HTTP connections despite some security headers being present. Privacy policy is comprehensive and GDPR compliant, but cookie consent mechanisms are missing. Contact information is clearly provided, enhancing business credibility.

F

FireStart

firestart.com

38

FireStart is a mature technology company specializing in process automation through a powerful low/no-code platform that integrates AI agents and human-in-the-loop workflows. The company targets businesses seeking to optimize and automate their processes, offering integrations with major platforms such as Microsoft Outlook, SharePoint, SAP, SQL databases, and OpenAI. The website reflects a professional and consistent brand presence with detailed descriptions of use cases and services. Technically, the site is built using Framer, with Google Analytics and HubSpot for marketing and analytics. However, a critical security issue is the absence of a valid SSL certificate and lack of modern TLS protocols, which significantly impacts the security posture. The site includes privacy and cookie policies with consent mechanisms but lacks explicit terms of service and security policies. Overall, the domain is mature and consistent with the business claims, but security improvements are urgently needed.

C

Checkdomain GmbH

usp-d.com

38

The website usp-d.com is currently a parked domain managed by Checkdomain GmbH, a German domain registrar and web hosting provider. The site content is minimal, serving primarily as a placeholder with promotional information about Checkdomain's services such as domain registration, web hosting, SSL certificates, and a homepage builder. The target audience includes individuals and businesses seeking domain and hosting services in Germany and Europe. The business model is straightforward, focusing on domain and hosting sales with a medium-sized company profile. Technically, the site runs on an outdated nginx 1.6.2 server and uses an old version of jQuery (1.4.2). There is no SSL certificate installed, resulting in no HTTPS support, which is a significant security shortfall. The site lacks modern security headers and DNS security features such as DNSSEC and CAA records. Performance data is unavailable, but the lack of optimization and outdated tech suggests slow loading and basic mobile responsiveness. From a security perspective, the absence of HTTPS and security headers, combined with no privacy or cookie policies, indicates a low security posture. No incident response or vulnerability disclosure information is present. The WHOIS data confirms the domain is legitimately registered without privacy protection, consistent with the parking status. There are no signs of malicious activity or suspicious domains linked. Overall, the site scores low on content quality, technical implementation, security, and privacy compliance due to its parked status and lack of active content or security measures. Strategic recommendations include implementing HTTPS with a valid SSL certificate, updating server software, adding security headers, and publishing privacy and cookie policies to improve trust and compliance.

A

AGFA HealthCare

agfahealthcare.com

40

AGFA HealthCare is a prominent enterprise in the healthcare sector specializing in secure and sustainable imaging data management solutions. The company holds a strong market position, evidenced by multiple KLAS awards and a comprehensive portfolio of services including Enterprise Imaging Platform, Augmented Intelligence, and Cloud solutions. Their target audience includes healthcare professionals, IT professionals, and government healthcare entities. Technically, the website is built on WordPress with a modern tech stack including popular plugins and frameworks, delivering a good user experience with mobile optimization and accessibility. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue that needs immediate remediation. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent security improvements to enhance its risk profile.

W

Wilfried Heinzel AG

heinzelsales.com

29

Wilfried Heinzel AG operates the heinzelsales.com website as a global sales network specializing in pulp and paper products. The company is headquartered in Vienna, Austria, and is recognized as a leading trading house in the forest products industry. Their business model focuses on connecting suppliers and customers worldwide, supported by local representation in 28 countries and invoicing centers in major global cities. The website content reflects a professional and consistent brand image targeting industry stakeholders seeking sustainable pulp, paper, and packaging solutions. Technically, the website employs a traditional stack including nginx, jQuery, Bootstrap, and FontAwesome. However, it lacks HTTPS support, which is a critical security deficiency. The site shows basic mobile optimization and accessibility but suffers from slow performance and missing modern security configurations. No advanced CMS or analytics tools are detected, indicating a relatively simple technical infrastructure. From a security perspective, the absence of SSL/TLS encryption severely undermines user trust and data protection. While cookie consent and privacy policies are present and GDPR compliant, the lack of HTTPS and security headers exposes the site to risks. No incident response or vulnerability disclosure mechanisms are evident, limiting transparency and preparedness. The WHOIS data confirms domain legitimacy and consistency with the business identity. Overall, the website is functional and professionally presented but requires urgent security improvements, especially implementing HTTPS and enhancing server security headers. Strategic recommendations include upgrading SSL/TLS, enabling HSTS, and adopting security best practices to protect users and improve trustworthiness.

M

Management Events

managementevents.com

35

Management Events is a B2B technology-focused event and networking platform that connects IT solution providers with over 10,000 high-level executives across Europe. The company offers curated 1-to-1 meetings, exclusive networking events, and branding opportunities to facilitate business growth and market expansion. The website is professionally designed using HubSpot CMS and integrates modern marketing and analytics tools such as Cookiebot and Google Tag Manager. However, the site lacks a valid SSL certificate, which significantly impacts its security posture. Privacy compliance is partially addressed through cookie consent mechanisms, but no explicit privacy policy or security incident response information is published. The domain is mature and consistent with the business's claimed history, enhancing credibility despite some minor security and compliance gaps.