High-risk security reports

The website routeco.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, presenting a security challenge page instead of business content. This prevents direct analysis of the website's content, policies, or contact information. The domain is mature, registered since 1997, and protected with strong domain status flags, indicating a legitimate business presence. However, the lack of a valid SSL/TLS certificate and the presence of a WAF block significantly limit the ability to assess the website's security posture and user experience. Technically, the site is hosted behind Cloudflare, which provides DNS and security services, but the absence of HTTPS and modern TLS protocols is a critical security gap. The security headers are partially implemented but insufficient without proper SSL. Performance and SEO cannot be evaluated due to the blocked content. No privacy, cookie, or terms of service policies are visible, nor is any contact information or business metadata. From a security perspective, the site suffers from critical issues including no SSL, no HSTS, and no OCSP stapling. The Cloudflare WAF block suggests active protection against potential threats but also impacts legitimate user access. The domain WHOIS data is consistent and trustworthy, with no suspicious patterns detected. Overall, the website's current state poses a high risk for user trust and accessibility. Strategic recommendations include immediate SSL certificate deployment, reviewing WAF rules to avoid blocking legitimate users, publishing clear privacy and cookie policies, and providing accessible contact information to improve business credibility and compliance.

Vebego Deutschland is a well-established facility services provider in Germany, offering a broad range of services including building cleaning, industrial cleaning, green care, facility management, and security services. The company positions itself as a reliable and innovative partner focused on enhancing client environments for better performance and quality of life. The website content is professional and well-structured, targeting business clients in need of comprehensive facility services. Technically, the website uses modern marketing and optimization tools such as Google Tag Manager and Visual Website Optimizer, but lacks a valid SSL certificate, which is a critical security shortfall. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols significantly weakens the security posture. Privacy compliance is partially addressed with a privacy policy present, but no cookie consent mechanism is detected, which may pose GDPR compliance risks. Business credibility is supported by multiple certifications and industry memberships, enhancing trust. Overall, the site is functional and professional but requires urgent security improvements to protect user data and comply with best practices.

C

CompuGroup Medical

cgm.com

40

CompuGroup Medical is a global healthcare technology company specializing in digital healthcare solutions and services. The website serves as a corporate portal providing information about the company, its vision, press releases, and localized country pages. The company targets healthcare providers and industry professionals with a B2B business model. The website is built on modern technologies including Neos CMS and Flow Framework, hosted behind Cloudflare, and uses Matomo for analytics. However, the site suffers from an invalid SSL certificate, which undermines its HTTPS security and overall trustworthiness. Security headers are well implemented but the lack of valid TLS protocols and HSTS reduces the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Social media presence is strong, supporting brand trust. Overall, the website is professional and content-rich but requires urgent SSL/TLS remediation to improve security and user trust.

B

Bullhorn

invenias.com

40

Bullhorn is a well-established enterprise SaaS provider specializing in cloud-based staffing and recruitment software solutions, including the Invenias executive search platform. The company serves a global customer base with a comprehensive suite of products designed to streamline recruitment processes, enhance compliance, and improve business development efforts. The website reflects a mature digital presence with strong branding, professional content, and targeted messaging for staffing firms and executive search professionals. Technically, the site leverages WordPress CMS, integrates marketing automation tools like Marketo, and employs standard web technologies such as jQuery and Slick Carousel. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which is a critical vulnerability that undermines user trust and data protection. Privacy compliance is well addressed with a comprehensive privacy policy, cookie consent via OneTrust, and GDPR adherence. Overall, the site is professional and credible but requires urgent remediation of SSL issues to ensure secure user interactions.

C

Ciuvo

ciuvo.com

38

Ciuvo is an e-commerce focused company that provides lead generation and shopping assistance services to online merchants and shoppers. Their offerings include deal finding, price comparison, lead generation, publisher monetization, and e-commerce analytics. The company targets online merchants and shoppers, aiming to improve the shopping experience by providing meta information and market insights. The website is built on WordPress using the Divi theme and hosted likely on Amazon AWS infrastructure. While the site has a professional design and good content relevance, it lacks a valid SSL certificate, which severely impacts its security posture. The presence of a privacy policy page indicates some attention to compliance, but the absence of a cookie policy and consent mechanism is a gap. Contact information is limited to a contact form with no direct emails or phone numbers visible. The site uses the burst-pro plugin for analytics with cookieless tracking enabled, reflecting moderate digital maturity. Overall, the website is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

F

FORTEC Group

fortecag.de

26

FORTEC Group is a medium-sized German technology company specializing in Display Technology, Embedded Systems, and Power Supplies. It operates as a B2B system supplier offering integrated solutions from distribution to development and production, targeting industrial and device manufacturers. The company maintains a consistent brand presence with multiple international subsidiaries and a clear investor relations focus. Technically, the website is built on the Shopware platform with modern JavaScript libraries and includes basic privacy and cookie consent mechanisms. However, the security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, which significantly impacts secure communications. The domain registration is consistent and legitimate, with no privacy protection or suspicious patterns, supporting the company's credibility. Overall, the website is professional and content-rich but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

R

ratiopharm GmbH

ratiopharm.com

40

ratiopharm GmbH operates a comprehensive German pharmaceutical website focused on generics and health solutions. The company is a well-established player in the healthcare sector, supported by its parent company Teva Pharmaceutical Industries. The website provides extensive product information, health advice, and services targeted at consumers and healthcare professionals. Technically, the site uses TYPO3 CMS with modern JavaScript frameworks and integrates Google Analytics and Usercentrics for analytics and cookie consent. However, the SSL certificate is invalid or missing, which is a critical security concern. Security headers are mostly implemented, but TLS protocols are disabled, significantly impacting the security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Contact information is clearly presented, enhancing business credibility.

Edgewell Personal Care operates a global corporate website showcasing its portfolio of personal care brands. The site targets consumers and stakeholders interested in the company's products, culture, and sustainability efforts. Technically, the site is built on Shopify with Cloudflare CDN and security services, leveraging modern web technologies and cookie consent mechanisms. However, a critical security weakness is the absence of a valid SSL certificate and disabled TLS protocols, which undermines secure communications. Privacy compliance is well addressed with OneTrust cookie consent and GDPR indicators. Overall, the site presents a professional and trustworthy business image but requires urgent remediation of SSL and TLS issues to ensure secure user interactions.

P

Palfinger AG

palfinger.ag

37

Palfinger AG is a well-established international manufacturer specializing in innovative hydraulic lifting solutions, including cranes, access platforms, and marine equipment. The company holds a strong market position with a large workforce and extensive global manufacturing and sales presence. The website reflects a mature digital infrastructure using Pimcore CMS and Bootstrap framework, with good mobile optimization and accessibility. However, the absence of a valid SSL/TLS certificate and HTTPS implementation represents a critical security vulnerability that undermines user trust and data protection. Privacy and cookie policies are comprehensive and GDPR compliant, supported by OneTrust consent management. The company demonstrates transparency through investor relations, social media engagement, and a vulnerability disclosure policy. Overall, Palfinger AG's website is professional and content-rich but requires urgent security improvements to align with best practices.

The Kammerorchester Arpeggione Hohenems is a small, non-profit cultural organization dedicated to classical and contemporary chamber music performances, primarily serving a regional Austrian audience. The website provides detailed event information, organizational background, and sponsorship acknowledgments, reflecting a well-established local cultural entity with a 35-year history. Technically, the site is built on the Jimdo CMS platform, hosted on Austrian infrastructure, and uses standard web technologies including JavaScript and CSS. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. While cookie consent mechanisms and privacy policies are present and GDPR compliant, the absence of visible contact emails, phone numbers, and security policies limits transparency and trust. Overall, the website is functional and informative but requires critical security improvements to enhance user trust and data protection.

K

KERN engineering careers GmbH

kern-partner.at

38

KERN engineering careers GmbH operates a professional recruiting website specialized in technology and IT sectors, primarily targeting job seekers and companies in Austria and German-speaking countries. The website offers job search, talent recruitment, and career consulting services, positioning itself as a trusted partner for technical and IT professionals. The site is built on TYPO3 CMS and hosted on a server using nginx, with DNS managed by DomainControl. Despite a professional design and comprehensive content, the website lacks a valid SSL certificate and does not serve content over HTTPS, which significantly impacts its security posture. Basic security headers like Content-Security-Policy and Strict-Transport-Security are present but insufficient without proper TLS support. Privacy compliance is addressed with a cookie consent mechanism and a detailed privacy policy in German. Contact is primarily via a web form, with no direct emails or phone numbers published. Social media presence on Facebook, LinkedIn, Xing, and Kununu supports business credibility.

syslab.com GmbH is a well-established German software company specializing in content management, risk assessment, and digital collaboration solutions. With over 25 years of experience, it holds a strong market position as a leading Plone and Python developer in Germany, serving a diverse clientele including enterprises, government agencies, and research institutions. The company emphasizes open source contributions and maintains strategic partnerships with notable organizations. Technically, the website is built on WordPress with modern themes and SEO plugins, offering a rich user experience and good mobile optimization. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of HTTPS support, which poses significant risks. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, syslab.com demonstrates strong business credibility and digital maturity but requires urgent improvements in SSL/TLS security to protect user data and enhance trust.

A

Andreas Knapp

knapp.de

33

The website knapp.de represents Andreas Knapp, a publicly appointed and sworn expert specializing in real estate valuation and related expert services in Germany. The business operates in a niche market providing property valuation, expert reports, and legal valuation services primarily targeting clients requiring official property assessments. The website content is minimal and primarily informational, focusing on the expert's credentials and service offerings without extensive interactive features or modern web design elements. Technically, the website is outdated, employing legacy technologies such as jQuery 1.7.1 and a frameset layout, which negatively impacts user experience, SEO, and accessibility. Performance is poor with a high load time and large page size. Critically, the site lacks a valid SSL certificate and does not support HTTPS, exposing visitors to security risks. No modern security headers or compliance mechanisms such as privacy or cookie policies are present, indicating a low level of digital maturity and GDPR compliance. From a security perspective, the absence of HTTPS and security headers, combined with no evidence of incident response or vulnerability disclosure policies, presents significant risks. The domain registration data aligns with the business claims, showing consistent and legitimate ownership without privacy protection. However, the lack of security best practices and compliance documentation suggests the need for urgent improvements to protect user data and enhance trust. Overall, the website scores low on security and privacy compliance, with basic content quality and business credibility. Strategic recommendations include immediate SSL implementation, updating the technology stack, adding privacy and cookie policies, and improving security headers and compliance frameworks to align with modern standards.

Elekta is a global enterprise specializing in precision radiation medicine and cancer care solutions. Their website showcases a comprehensive portfolio of products including radiation therapy machines, stereotactic radiosurgery, oncology software, brachytherapy, and neurosurgery systems. The company targets clinicians, healthcare providers, and patients seeking advanced cancer treatment technologies. Elekta maintains a strong market position as a leader in healthcare technology with a professional and consistent brand presence. Technically, the website is hosted on AWS infrastructure using modern web technologies and includes advanced tracking and marketing tools such as Matomo and Pardot. However, the security posture is weakened by an invalid SSL certificate and disabled TLS protocols, which are critical issues that must be addressed to ensure secure communications. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the website is professional, trustworthy, and content-rich but requires urgent SSL/TLS remediation to improve security and user trust.

plenum AG Management Consulting is a well-established German management consulting firm specializing in transformation advisory services primarily for the finance, insurance, and energy sectors. With over 35 years of experience, the company holds a strong market position supported by industry awards and a professional digital presence. The website reflects a mature digital infrastructure built on TYPO3 CMS, featuring comprehensive content, clear navigation, and multi-channel engagement including social media and newsletters. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing the site to risks and undermining user trust. Privacy policies and cookie consent mechanisms are well implemented, aligning with GDPR requirements. Overall, the business demonstrates high credibility and professionalism but must urgently address its HTTPS deficiency to improve security posture and user confidence.

S

Systematic Inventive Thinking

sitsite.com

39

Systematic Inventive Thinking (SIT) is a well-established innovation consulting and training organization with a global presence, serving over 1400 organizations across 75 countries for more than 25 years. The website presents a professional and content-rich platform showcasing their innovation methodology, client case studies, and services. Technically, the site is built on WordPress with popular plugins and frameworks, hosted on LiteSpeed servers. However, the lack of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. Privacy compliance is minimal with no visible cookie consent or comprehensive privacy policies. Social media integration and client trust signals are strong, supporting business credibility. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

E

Eton Institute

etoninstitute.com

30

Eton Institute is a well-established language school based in the UAE, recognized as the only EAQUALS-accredited language school in the region. It offers a wide range of language courses, special programs, exam preparation, teacher training, and corporate training services. The website targets individuals and corporate clients seeking language education with flexible learning options including in-person and online classes. The business has a strong market position supported by 19+ years of experience and multiple trust indicators such as certifications and testimonials. Technically, the website is built on WordPress using Elementor and Gravity Forms, with SEO optimizations via Yoast and analytics through Google Analytics and Tag Manager. While the design and content quality are excellent, the site suffers from slow performance and basic accessibility features. Mobile optimization is good, and navigation is clear. From a security perspective, the site has implemented several security headers but critically lacks a valid SSL certificate, resulting in no HTTPS availability. This is a major vulnerability that impacts user trust and security. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or detailed security/incident response policies. Overall, the site is professional and credible but requires urgent improvements in SSL/TLS configuration and privacy compliance to enhance security posture and user trust. Strategic recommendations include obtaining a valid SSL certificate, enabling HSTS, implementing cookie consent, and publishing comprehensive security policies.

W

WestRock

westrock.com

39

WestRock is a global leader in sustainable packaging manufacturing, operating across multiple countries with extensive packaging converting operations and paper mills. The company targets businesses requiring innovative and sustainable packaging solutions across diverse markets such as beverage, healthcare, foodservice, and retail. Their business model focuses on manufacturing and supplying a broad range of packaging products and services, supported by a strong digital presence and comprehensive content. Technically, the website leverages modern web technologies including Sitecore CMS, Coveo search, and Brightcove video players, indicating a mature digital infrastructure. However, the absence of a valid SSL/TLS certificate and HTTPS severely undermines the security posture, exposing users to risks and reducing trust. Privacy policies and cookie consent mechanisms are well implemented, reflecting good compliance practices. Overall, the site is professionally designed with clear navigation and strong branding, but critical security improvements are necessary to protect user data and enhance trust.

F

Ferienwohnungen, Ferienhäuser & Hotels online buchen | Tiscover.com

tiscover.com

40

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 26 security findings identified across all modules.

K

KIWI Norge AS

kiwi.no

36

KIWI Norge AS operates a large grocery retail chain in Norway with nearly 700 stores, targeting Norwegian consumers seeking affordable and convenient grocery shopping. The website provides rich content including store locators, customer magazines, and loyalty program information (KIWI PLUSS). Technically, the site is built on ASP.NET MVC with AngularJS and integrates multiple third-party services such as Google Analytics and Piwik Pro for analytics and marketing. The site is hosted on Microsoft Azure and uses modern web technologies but lacks a valid SSL certificate, resulting in insecure HTTP connections. Security headers like Content-Security-Policy are present but could be hardened further. Privacy and cookie policies are comprehensive and GDPR compliant, linked to the trusted trumf.no domain. Contact information is clearly provided with phone numbers and physical address, and social media presence is active. Overall, the site is professional and trustworthy but has a critical security gap due to missing HTTPS.

H

Hoval Aktiengesellschaft

hoval.com

40

Hoval Aktiengesellschaft operates as a leading provider of advanced indoor climate control solutions, specializing in heating, ventilation, and energy-efficient systems for a broad range of building types including residential, commercial, and industrial sectors. The company maintains a strong international presence with a well-structured website that clearly communicates its product offerings and corporate philosophy focused on sustainability and energy responsibility. Technically, the website leverages modern web technologies and SAP Commerce platform, supported by Google Tag Manager and OneTrust for privacy compliance. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses risks to user trust and data security. Privacy compliance is robust with clear policies and consent mechanisms in place. Overall, the website reflects a mature digital presence but requires urgent remediation of SSL and TLS issues to enhance security and trust.

I

Invenium Data Insights GmbH

invenium.io

26

Invenium Data Insights GmbH is a specialized data analytics company based in Austria focusing on anonymized mobile phone signaling data to provide insights into human mobility patterns. Their services support city planners, transportation authorities, tourism, retail, and event organizers by leveraging AI and big data technologies to optimize mobility and infrastructure planning. The website is professionally designed, content-rich, and GDPR compliant, targeting public and private sector clients who require data-driven decision-making tools. Technically, the site runs on WordPress with modern JavaScript libraries and is hosted on Hetzner servers. However, the lack of a valid SSL certificate and HTTPS significantly weakens the security posture. Privacy compliance is strong with cookie consent mechanisms and a comprehensive privacy policy. Business credibility is supported by testimonials and partner logos. Overall, the site is functional and trustworthy but requires urgent security improvements.

N

Novo Nordisk A/S

novonordisk.com

40

Novo Nordisk A/S is a leading global healthcare company specializing in the research, development, and marketing of medicines for diabetes and other serious chronic diseases. Founded in 1923 and headquartered in Denmark, the company maintains a strong market position with a comprehensive online presence targeting patients, healthcare professionals, investors, and job seekers. The website reflects a mature business model with extensive investor relations, career opportunities, and patient support information. Technically, the site leverages modern JavaScript frameworks such as Vue.js and is built on Adobe Experience Manager, hosted likely on Microsoft Azure. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture.

BMW Group Careers website serves as a global recruitment portal for the BMW Group, a leading enterprise in the automotive transportation sector. The site offers extensive information about career opportunities worldwide, highlighting the company's commitment to innovation in autonomous driving, e-mobility, and AI. The website is well-branded, professionally designed, and targets job seekers globally with a focus on technology and automotive professionals. Technically, the site is built on Adobe Experience Manager and uses Akamai CDN and Google Maps API, reflecting a mature digital infrastructure. However, a critical security gap exists as the site lacks HTTPS, exposing users to potential risks. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. The absence of direct contact emails or phone numbers is noted, but social media channels are official and active. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and maintain trust.

H

HYPO NOE Landesbank für Niederösterreich und Wien AG

hyponoe.at

38

HYPO NOE Landesbank für Niederösterreich und Wien AG is a well-established regional financial institution in Austria, offering a broad range of banking services including retail accounts, savings, investments, financing, and green banking products. The website targets private customers, young adults, companies, and public sector entities, emphasizing sustainability and digital banking solutions. Technically, the site is built on TYPO3 CMS with modern frontend technologies and includes cookie consent management and analytics integration. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS support, which is critical for a banking website. Despite this, the site maintains good privacy compliance and business credibility with clear contact information and certifications. Strategic improvements in SSL/TLS configuration and security headers are recommended to enhance trust and security.

CERHA HEMPEL Rechtsanwälte GmbH is a leading corporate law firm headquartered in Vienna, Austria, with a strong presence across Central and Eastern Europe. The firm offers a comprehensive range of legal services including corporate law, banking and finance, compliance, litigation, and specialized sectors such as FinTech and healthcare. Their website reflects a professional and well-structured digital presence, targeting corporate clients and legal professionals. The firm emphasizes its long history since 1921 and extensive expertise with over 200 lawyers. Technically, the website is built on TYPO3 CMS and served by nginx, but lacks a valid SSL certificate and HTTPS support, which is a critical security concern. The site is well-branded, content-rich, and includes social media integration, but performance data is incomplete and no cookie consent mechanism is detected. Security headers are minimal and no advanced security policies or incident response information is published. Overall, the website is professional and credible but requires urgent improvements in security infrastructure to protect user data and comply with modern standards.

The website fswinc.org is currently inaccessible, returning a minimal 404 Not Found error page with no substantive content. There is no visible metadata, structured data, or business information available on the site. The domain is registered and has standard DNS and MX records, but no SSL/TLS certificate is installed, resulting in an insecure HTTP-only connection. Due to the lack of content and security features, the website's digital maturity is very low, and it does not provide any privacy, cookie, or security policies. The absence of contact information and business details further limits trust and credibility. Overall, the site is not functional as a business or informational platform at this time.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

C

CPB SOFTWARE AG

cpb-software.com

40

CPB SOFTWARE AG is a well-established full-service IT provider specializing in comprehensive software solutions and IT services, primarily targeting banking, finance, education, government, and industrial sectors. With over 25 years of experience and a customer base exceeding 550 active clients across Austria, Germany, and other countries, CPB positions itself as a trusted partner for digital transformation, core banking, compliance, and cloud services. The website reflects a mature business with clear market positioning and a broad portfolio of products and services. Technically, the site is built on WordPress with modern plugins and tools, though performance is moderate and SSL configuration is currently inadequate, posing security risks. Security headers are present but the lack of a valid SSL certificate and HTTPS enforcement significantly lowers the security posture. Privacy compliance is mostly addressed with a comprehensive privacy policy, but cookie consent mechanisms are missing. Overall, CPB demonstrates strong business credibility and professional online presence but should urgently address SSL and security improvements to enhance trust and compliance.

K

Kemppi Oy

kemppi.com

40

Kemppi Oy is a Finnish manufacturer and supplier of advanced arc welding equipment, software, and safety products. The company holds a strong market position as a design leader in the arc welding industry, serving industrial welding companies and individual contractors globally. Their product portfolio includes welding machines for various processes, welding torches, personal protective equipment, and welding management software. The website demonstrates a mature digital infrastructure built on modern technologies like Next.js and Contentful CMS, hosted on AWS CloudFront, with good mobile optimization and SEO practices. Security posture is adequate with HSTS enabled, but the SSL certificate is currently invalid, which is a critical issue to address. Privacy and cookie policies are present and comprehensive, indicating good compliance with GDPR. The company maintains active social media engagement and provides extensive product documentation and multimedia content. Overall, the website reflects a professional, trustworthy, and well-established business with room for improvement in SSL configuration and additional security headers.

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 25 security findings identified across all modules.

ready2order GmbH is a medium-sized Austrian company providing cloud-based, finance-compliant cash register and POS systems tailored for small businesses in retail, gastronomy, and service sectors. Their offerings include software subscriptions and proprietary hardware, with a strong emphasis on compliance with Austrian RKSV regulations and ease of use. The website is professionally designed, content-rich, and targets small business owners seeking modern, flexible POS solutions. Technically, the site uses modern frameworks like Gatsby and React and is hosted behind Cloudflare DNS, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS and security headers, exposing users to potential risks. Privacy compliance is adequate with visible privacy and cookie policies, but no explicit security or incident response policies are found. Overall, the business appears legitimate and well-positioned in its market, but urgent improvements in SSL/TLS configuration and security practices are recommended to enhance trust and protect users.

Elfriede Gerdenits operates a personal professional website focused on authoring, career consulting, and media contributions primarily in Austria. The site targets individuals interested in career development, coaching, and personal growth, leveraging a small business model centered on content publishing and consulting services. Technically, the website is built on WordPress with a standard Apache/PHP stack and uses common plugins for SEO and social media integration. However, the site lacks HTTPS support, which is a critical security shortfall. Security posture is weak due to missing SSL, lack of security headers, and no advanced TLS features. Privacy compliance is basic, with a privacy policy page present but no explicit GDPR compliance indicators or cookie consent mechanisms beyond a basic EU cookie law plugin. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

W

wb-bc Business Consulting und Beteiligungs GmbH

wb-bc.at

37

wb-bc Business Consulting und Beteiligungs GmbH is a small Austrian consulting firm specializing in digital and online business consulting services. Their offerings include business founding, digital transformation, performance improvement, financing, business model innovation, and succession planning. The company emphasizes practical, tailored solutions delivered through digital channels such as phone, Skype, MS Teams, and Zoom, with modular booking and payment options available online. The website is built on WordPress using Elementor and integrates various marketing and analytics tools including Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. While the site is content-rich and professionally designed with good navigation and mobile optimization, it lacks a valid SSL certificate, serving content over HTTP only, which is a significant security concern. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies. Contact information is clearly presented, and the company maintains an active social media presence. Overall, the business appears legitimate and trustworthy, but the lack of HTTPS significantly impacts the security posture.

Nexxchange AG operates a specialized SaaS platform focused on golf course and resort management, offering tools for booking, marketing optimization, and sales intelligence. The company targets golf managers and multi-site operators, positioning itself as an all-in-one solution in the hospitality sector. The website is professionally designed with multi-language support and social media presence, but lacks explicit privacy policy and contact information on the homepage. Technically, the site uses a modern frontend stack including Bootstrap, jQuery, and FontAwesome, but critically lacks a valid SSL certificate, serving content over HTTP only, which severely impacts security posture. Security headers are partially implemented, but without HTTPS, their effectiveness is limited. The domain registration data is consistent with the business claims, indicating legitimacy. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

L

List SpA

list-group.com

40

List SpA is a medium-sized Italian company specializing in advanced software solutions for banking and finance, including trading, compliance, risk management, and treasury management. As part of the ION Group, it holds a strong market position with a professional digital presence targeting financial institutions and trading venues. The website is well-structured, content-rich, and optimized for SEO and mobile devices, reflecting a mature digital infrastructure based on WordPress and Elementor. However, a critical security gap exists due to the absence of a valid SSL certificate, exposing users to potential risks and undermining trust. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the company demonstrates strong business credibility but must urgently address its SSL/TLS configuration to improve security posture and user trust.

D

Dataphone GmbH

dataphone.at

25

Dataphone GmbH is an Austrian company specializing in digitalizing supply chain processes, offering innovative software and hardware solutions primarily for warehouse logistics, transport, and retail sectors. Their market position is strong within Austria, providing comprehensive services including warehouse management systems (LOGIS 4 and LOGIS Light), hardware products like barcode scanners and label printers, and professional maintenance and support services. The company targets businesses seeking to modernize and optimize their logistics and supply chain operations through digital transformation. Technically, the website is built on WordPress with a modern theme and uses a variety of plugins for SEO, performance optimization, cookie consent, and analytics. However, a critical security shortfall is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. The site employs Google Analytics, Google Tag Manager, and other marketing tools with proper consent mechanisms, indicating good privacy compliance. Contact information and business details are clearly presented, enhancing business credibility. Overall, while the business and technical maturity are good, urgent improvements in security infrastructure are necessary to protect user data and build trust.

The website ae-net.info represents a small independent consulting business operated by Torsten A�, offering services in project management, marketing, coaching, and business consulting primarily targeting German-speaking clients. The business has a mature domain with 20 years of registration, consistent with the claimed experience and service offerings. The website content is static, primarily informational, and presented in German, with no interactive forms or contact details explicitly provided on the homepage. Technically, the site is hosted on Apache via IONOS SE, uses outdated HTML standards, and lacks modern web technologies or CMS platforms. Performance is slow, and mobile optimization is poor. Security posture is weak due to the absence of HTTPS and security headers, exposing visitors to potential risks. No privacy or cookie policies are present, indicating poor privacy compliance. Overall, the site reflects a basic digital presence with limited technical and security maturity.

1

101domain GRS Limited

psolutions.at

37

The website psolutions.at is currently a parked domain page managed by 101domain GRS Limited, a domain registration and related services provider. The site offers no original business content but promotes domain registration, Google Workspace, web hosting, and corporate brand services through 101domain. The target audience is individuals or businesses interested in acquiring this domain or other domains. The site is minimalistic with basic design and navigation, primarily serving as a placeholder and sales funnel for domain services. Technically, the site is hosted on an AWS IP with nginx server and uses modern frontend technologies such as jQuery and Modernizr. However, it lacks SSL/TLS encryption, serving content over HTTP only, which is a significant security shortfall. Performance metrics are not available, but the site appears lightweight. Mobile optimization is good due to responsive CSS, but accessibility and SEO are basic. Security posture is weak due to the absence of HTTPS, no HSTS, no DMARC, no DNSSEC, and no valid SSL certificate. Some security headers like Content-Security-Policy and X-Frame-Options are present, but overall security best practices are not fully implemented. There are no signs of vulnerabilities like Heartbleed or POODLE, but the lack of encryption is critical. Overall, the site poses low risk as it is a parked domain with no user data collection or business operations. However, the lack of HTTPS and privacy policies reduces trustworthiness and compliance. Strategic recommendations include implementing SSL/TLS, adding privacy and cookie policies, and improving security headers to enhance trust and security posture.

The website datafund.net is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page that blocks access to actual content. The page only displays a minimal 'Just a moment...' message with JavaScript and cookie enforcement, preventing analysis of business or security content. The domain has DNS records pointing to Cloudflare and Google MX servers but lacks a valid SSL certificate, resulting in no HTTPS support. No privacy, cookie, or terms of service policies are detectable, nor is any contact or company information available. This severely limits the ability to assess the company's business model, market position, or compliance posture. The security headers present are standard but insufficient without HTTPS. Overall, the site appears to be under protection or maintenance, and the lack of accessible content results in a low trust and security score.

COS is a well-established international fashion brand specializing in modern, sustainable wardrobe essentials for women and men. The website reflects a strong brand identity with comprehensive content, multi-market localization, and a focus on sustainability. The technical infrastructure is modern, leveraging Next.js and React frameworks, hosted via Akamai CDN, and integrated with Storyblok CMS. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support and disabled TLS protocols, which severely impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Business credibility is high due to consistent branding, social media presence, and comprehensive legal documentation. Strategic improvements in security infrastructure are essential to protect user data and enhance trust.

S&P Global Ratings operates as a leading global credit rating agency providing essential financial intelligence embedded into the workflows of customers worldwide. The website reflects a mature enterprise with a comprehensive offering of credit ratings, research, and analytics services targeted at investors, issuers, and intermediaries. The digital infrastructure leverages modern JavaScript libraries, marketing tools, and analytics platforms, hosted primarily on Amazon AWS with content delivery via Akamai. While the site is professionally designed with excellent content quality and user experience, it lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Security headers are present, but the absence of TLS protocols and certificate transparency compliance are critical gaps. Privacy policies and cookie notices are well implemented, indicating good privacy compliance. Overall, the website demonstrates high business credibility but requires urgent security improvements to align with best practices and protect user data.

V

Vela Labs

vela-labs.at

28

Vela Labs GmbH is a GLP and GMP certified contract laboratory specializing in analytical services for pharmaceutical and biotechnology companies. The company supports all phases of drug development with services including physico-chemical analysis, ligand binding assays, cell based assays, microbiological analysis, clinical sample analytics, and GMP storage. As part of the Tentamus Group, Vela Labs positions itself as a trusted partner with strong compliance credentials and a focus on quality and regulatory adherence. The website demonstrates a professional digital presence built on WordPress with SEO and analytics integrations, targeting pharma and biotech professionals. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Privacy policies and cookie consent mechanisms are well implemented, reflecting GDPR compliance. Overall, the company shows a solid market position but should urgently address its SSL/TLS configuration to improve security posture and user confidence.

S

SimTech GmbH

simtechnology.com

31

SimTech GmbH is a specialized software company providing advanced simulation technology primarily for energy and chemical engineering sectors. With over 30 years of experience, the company offers simulation software (IPSEpro), model libraries, consulting, and training services targeted at plant manufacturers, consultants, and R&D organizations. The website reflects a professional and consistent brand with clear business information and reputable client references. Technically, the site is built on Joomla CMS with modern frameworks but lacks HTTPS, which is a critical security gap. Security headers are present but insufficient without SSL/TLS. Privacy compliance is good with a clear privacy policy, though no cookie consent mechanism is implemented. Overall, the site is content-rich and trustworthy but requires urgent security improvements to protect user data and enhance trust.

The website saa.at currently presents an empty HTML page with no visible content, metadata, or interactive elements. The domain is registered and active with DNS records pointing to a valid IP address and Microsoft Outlook mail servers, indicating some level of operational infrastructure. However, the lack of SSL/TLS certificate and absence of HTTPS support severely undermines the site's security posture. No privacy, cookie, or terms of service policies are present, and no contact or business information is available on the site. The technical infrastructure appears minimal and outdated, with no modern web technologies or security best practices implemented. Overall, the site is not suitable for professional or commercial use in its current state and poses significant security and trust risks.

The website chavabeijk.nl represents a personal artist site for soprano Chava Beijk, providing information about her musical repertoire, collaborations, and contact details for concerts and singing lessons. The site targets classical music enthusiasts, concert organizers, and students interested in vocal training. The business model is focused on personal promotion and service offerings in the niche classical music sector, with a small scale and localized presence in the Netherlands. Technically, the site is hosted on an Apache server with basic JavaScript for UI interactions and is hosted by Mijndomein. The site lacks modern frameworks, CMS, or advanced performance optimizations, resulting in slow loading and poor mobile optimization. No analytics or tracking technologies are detected, indicating minimal digital maturity. From a security perspective, the site lacks HTTPS and a valid SSL certificate, exposing users to potential risks. No advanced security headers or policies are implemented, and no privacy or cookie policies are present, indicating poor compliance with GDPR and modern privacy standards. The DNS configuration is basic with SPF but lacks DNSSEC and CAA records. Overall, the security posture is weak, with critical recommendations needed to improve encryption and security headers. Overall, the site is functional for its purpose but requires urgent improvements in security and privacy compliance to enhance trustworthiness and protect visitors. The lack of HTTPS is a critical issue that significantly lowers the security score and overall AI rating.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

E

Eurofins Scientific

eurofins.com

40

Eurofins Scientific operates a comprehensive global network of laboratory testing services specializing in food, environment, pharmaceutical product testing, and agroscience CRO services. With approximately 63,000 employees and over 950 laboratories across 60 countries, Eurofins is a world leader in its sector, offering more than 200,000 analytical methods. The website reflects this extensive business scope with detailed service offerings and a strong global presence. Technically, the site uses modern JavaScript libraries and analytics tools, but suffers from critical SSL/TLS configuration issues that undermine its security posture. Security headers are implemented, but the lack of a valid SSL certificate and disabled TLS protocols represent significant vulnerabilities. Privacy compliance is well addressed with cookie consent mechanisms and privacy policies in place. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL/TLS issues to ensure secure user interactions.

V

VERITAS Verlags- und Handelsges.m.b.H.&Co.OG

veritas.at

40

VERITAS Verlags- und Handelsges.m.b.H.&Co.OG is a leading Austrian educational publisher specializing in printed and digital school books and learning materials. The company offers a broad portfolio of over 400 product lines and 80,000 digital and printed resources targeting teachers, students, and parents primarily in Austria. Their market position is strong within the Austrian education sector, supported by comprehensive digital platforms and learning apps. The website reflects a mature digital presence built on Magento Commerce, integrating modern analytics and marketing tools such as Google Analytics and New Relic. However, the website's security posture is weakened by an invalid SSL certificate and incomplete enforcement of HTTPS, which poses a risk to user trust and data security. Content Security Policy is implemented in report-only mode, indicating partial adoption of security best practices. Overall, the site is professionally designed with excellent content quality and navigation, but security improvements are necessary to enhance trust and compliance.

NEVEON Holding GmbH is a large, leading integrated foam manufacturer specializing in polyurethane flexible and composite foams with a broad portfolio serving comfort, mobility, and specialty sectors. The company operates globally with 44 locations across 13 countries and is part of the Greiner Group. The website is professionally designed using TYPO3 CMS and hosted behind Cloudflare, offering good mobile optimization and accessibility. However, the absence of a valid SSL certificate and HTTPS significantly weakens the security posture. Security headers are partially implemented, but critical SSL/TLS configurations are missing, exposing the site to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies, and contact information is readily available. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.