Security Directory

Ethiopian Airlines is a major African airline with a strong international presence, offering flights to over 125 destinations worldwide. The company provides a comprehensive range of services including passenger flights, cargo logistics, loyalty programs, and travel-related add-ons. The website reflects a mature digital infrastructure with modern technologies, responsive design, and extensive content tailored for a global audience. Security posture is robust with HTTPS enforcement, secure cookie handling, and consent management, although some security headers could be enhanced. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site projects professionalism and trustworthiness aligned with the airline's market position.

A

Alūksnes novads

aluksne.lv

59

Alūksnes novads is the official municipal government entity for the Alūksnes region in Latvia, providing a comprehensive digital portal for residents and stakeholders. The website offers detailed information about municipal governance, public services, cultural events, education, tourism, and community news. It serves as a key communication channel between the local government and the public, supporting transparency and civic engagement. The site is well-positioned as the authoritative source for local government information in the region. Technically, the website is built on WordPress CMS with a modern technology stack including jQuery, Google Analytics, and various plugins for enhanced functionality such as event calendars, photo galleries, and accessibility tools. The site demonstrates good digital maturity with SEO optimization, mobile responsiveness, and accessibility features. Hosting appears to be on Microsoft Azure, inferred from cookie data, ensuring reliable infrastructure. From a security perspective, the website enforces HTTPS and implements cookie consent mechanisms compliant with GDPR. While explicit security headers are not fully confirmed, no critical vulnerabilities or exposed sensitive data were detected. The absence of a public security policy or incident response contact is noted, suggesting room for improvement in transparency and readiness. Overall, the site maintains a solid security posture appropriate for a government entity. The overall risk assessment is low, with the website demonstrating professionalism, compliance, and trustworthiness. Strategic recommendations include enhancing security headers, publishing a vulnerability disclosure policy, and improving incident response visibility to further strengthen security and user trust.

S

Skanstes attīstības aģentūra

skanste.lv

37

The website www.skanste.lv serves as an informational and promotional portal for the Skanste district, a modern urban development area in Riga, Latvia. It provides comprehensive details about residential, office, cultural, sports, and infrastructure facilities within the district, targeting residents, investors, and businesses interested in the area. The site positions itself as a key source of information and promotion for this emerging business and living district in Riga. Technically, the website employs a modern front-end stack including Bootstrap, jQuery, Google Maps API, and Google Analytics, ensuring a responsive and interactive user experience. The site is accessible, mobile-optimized, and integrates various external trusted services for analytics and mapping. However, it lacks some advanced security headers and explicit privacy or cookie policies. From a security perspective, the site uses HTTPS and does not expose sensitive data. It includes Google Analytics for user tracking but lacks visible consent mechanisms or detailed privacy disclosures, which may impact GDPR compliance. No incident response or security contact information is provided, and security headers are missing, indicating room for improvement in security posture. Overall, the website is professionally designed and functional, with good business credibility and moderate technical implementation. The absence of privacy and cookie policies and security headers are notable gaps. The domain registration data aligns well with the website's claims, supporting legitimacy. Strategic improvements in privacy compliance and security practices would enhance trust and compliance.

M

MTÜ Eesti Disainikeskus

disainikeskus.ee

47

Eesti Disainikeskus is a non-profit Estonian design development center founded in 2008, focused on connecting designers, businesses, and the public sector to promote design awareness and professional growth. The organization offers services such as design audits, networking, training, awards, and publishing design-related content.

A

Appac Mediatech Pvt. Ltd

appacmedia.com

37

Appac Mediatech Pvt. Ltd is a digital marketing and web development agency based in Coimbatore, India, with over 18 years of experience. The company offers a wide range of services including SEO, social media marketing, web design and development, corporate branding, and ecommerce solutions. Positioned as a leading B2B agency in South India, Appac emphasizes 100% in-house production and strong domain knowledge in industries such as manufacturing, healthcare, education, and real estate. The website reflects a professional and consistent brand image with good content quality and user experience. Technically, the website uses a traditional Apache server on Ubuntu, with common JavaScript libraries and tools such as jQuery, Owl Carousel, Google Tag Manager, Ahrefs Analytics, and Microsoft Clarity. However, the site lacks a valid SSL certificate and proper DNS records, which significantly impacts its security posture. The absence of HTTPS and security headers exposes the site to risks and reduces trustworthiness. Performance metrics are missing, but the site appears to have moderate mobile optimization and basic accessibility features. From a security perspective, the site has critical issues including no valid SSL certificate, no HSTS, no OCSP stapling, and no security.txt or incident response policies. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR indicators. Business credibility is supported by multiple trust signals such as Google Partner status, client testimonials, and active social media presence. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data. Strategic recommendations include installing a valid SSL certificate, configuring DNS properly, enabling security headers, and implementing cookie consent mechanisms.

S

SIAT

siat.com

40

SIAT S.p.A is a medium-sized Italian manufacturing company specializing in secondary packaging machinery. The company offers a broad range of products including taping machines, case erectors, wrapping machines, strapping tools, and flexographic printing machines, supported by after-sales service and spare parts. The website reflects a professional and consistent brand presence targeting industrial clients requiring reliable packaging solutions. Technically, the site is built on WordPress with a modern front-end stack including Bootstrap and jQuery, and integrates Google Analytics and Iubenda for privacy compliance. Security posture is adequate with valid SSL and several security headers, but the absence of modern TLS protocols and OCSP stapling indicates room for improvement. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Contact information is clearly provided, enhancing business credibility. Overall, the website is well-structured, trustworthy, and serves its business purpose effectively.

M

M3 PARK SERVICE Szolgáltató és Üzemeltető Korlátolt Felelősségű Társaság

m3outlet.hu

19

M3 Outlet is a retail outlet shopping center located in Polgár, Hungary, offering over 100 fashion brands with discounts ranging from 30% to 70%. The website targets regional shoppers interested in branded fashion products and provides multilingual support including Hungarian, English, Romanian, and Slovak. Key services include retail shopping, promotions, customer amenities such as free wifi, and tourism-related offerings like tax-free shopping. The business operates under M3 PARK SERVICE Kft., positioning itself as a significant regional outlet center with a medium-sized footprint. Technically, the website is built on Concrete CMS 9.3.2 and utilizes modern frontend technologies such as jQuery, Bootstrap 5, and Owl Carousel. Google Tag Manager is used for analytics and marketing tracking. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. Performance data is missing, but inferred to be slow. Mobile optimization and SEO are good, but accessibility is basic. Security posture is weak due to the absence of HTTPS, lack of HSTS, and missing advanced security headers. No explicit privacy or cookie consent mechanisms are implemented, and no security or incident response policies are visible. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professionally designed but requires urgent security improvements, especially SSL/TLS configuration, to protect user data and improve trust. Implementing privacy compliance features and enhancing security headers would further strengthen the security posture.

R

RE.COMM

recomm.eu

27

RE.COMM operates a professional real estate leaders summit event in Austria, targeting top managers and decision makers in the real estate sector. The website serves as an information and registration platform for the annual summit scheduled for November 2025. The company positions itself as a leading think tank and networking forum within the real estate industry. Technically, the website is built on WordPress with Elementor and several plugins for SEO, multilingual support, and GDPR compliance. However, the site suffers from critical security issues including an invalid or missing SSL certificate and lack of HTTPS enforcement, which significantly impacts user trust and security posture. The DNS configuration appears incomplete or misconfigured, lacking essential A/AAAA records and DNSSEC, which raises concerns about domain management. Privacy and cookie policies are well implemented, and social media presence is active. Overall, the site is professionally designed but requires urgent technical and security improvements to ensure trustworthiness and compliance.

M

M.J.Prado

mjprado.com.br

32

M.J.Prado is a specialized consulting company focused on asset management and patrimonial reorganization services primarily for Brazilian businesses across various industries such as metallurgy, chemical, telecommunications, and hospitality. The company leverages over 20 years of experience and partnerships with national and multinational firms to deliver comprehensive solutions including inventory management, asset evaluation, and financial reconciliation. The website presents a professional and consistent brand image with clear service offerings and contact channels. Technically, the site uses modern frontend technologies including Bootstrap, jQuery, and integrates Google Analytics and reCAPTCHA for analytics and spam protection. However, it lacks published privacy and cookie policies, and security headers are not detected, which are areas for improvement. The security posture is moderate with HTTPS enabled and secure form handling, but no explicit security or incident response policies are visible. Overall, the website is functional, professional, and trustworthy but would benefit from enhanced privacy compliance and security best practices to improve user trust and regulatory adherence.

P

Phoren Kampus

phorenkampus.com

37

Phoren Kampus is a well-established global educational advisory firm specializing in comprehensive solutions for educational institutions and infrastructure partners. With a history dating back to 1999, the company offers a wide range of services including fund raising, international partnerships, and various business models such as leasing, joint ventures, and franchising. The website reflects a professional and consistent brand image with rich content and clear navigation, targeting educational institutions and investors worldwide. Technically, the site is built on WordPress with modern plugins and frameworks, offering good mobile optimization and moderate performance. Security posture is solid with HTTPS and some security best practices, though improvements in security headers and privacy compliance are recommended. Overall, the domain registration and business information are consistent and trustworthy, supporting a high legitimacy score.

S

Skinfit

skinfit.eu

54

Skinfit is a specialized e-commerce retailer focusing on functional sportswear for endurance and outdoor sports. The company offers a wide range of products including clothing and equipment, targeting active consumers who integrate sports into their daily lives. The website is professionally designed with consistent branding and excellent content quality, supporting multiple languages and regional stores, primarily serving the Austrian market. The technical infrastructure is based on Magento Commerce, utilizing modern web technologies such as RequireJS, jQuery, and various Magento extensions, ensuring a good user experience and mobile optimization. Security measures include HTTPS enforcement and a comprehensive cookie consent mechanism aligned with GDPR requirements. No critical vulnerabilities or blocking mechanisms were detected, indicating a mature security posture. Overall, Skinfit presents a trustworthy and professional online presence with strong privacy compliance and user engagement features.

H

HEIDI Chocolat SA

heidi-chocolate.com

37

HEIDI Chocolat SA is a premium chocolate manufacturer and retailer based in Romania, established in 2002. The company offers a wide range of chocolate products including pralines, tablets, personalized chocolates, and seasonal items, targeting chocolate consumers worldwide. The website reflects a medium-sized retail business with a focus on craftsmanship, natural ingredients, and positive brand messaging. Technically, the website uses a modern JavaScript stack with libraries such as jQuery, Owl Carousel, and integrates marketing and analytics tools like Facebook Pixel, Google Analytics, and Klaviyo. The site is mobile-optimized and provides a good user experience with clear navigation and product presentation. Security-wise, the site uses HTTPS and implements cookie consent mechanisms compliant with GDPR, but lacks explicit security policies or incident response contacts. Overall, the domain registration and business information are consistent and legitimate, supporting a trustworthy online presence.

F

fortunasports

helpsole.com

38

Fortunasports is an Indonesian online sports betting platform offering live sports schedules, competitive odds, and live betting with streaming features. The website serves as a front-facing portal but heavily links to an external domain fortunasports.xyz, which likely hosts the main service. The site uses common frontend technologies such as Bootstrap and jQuery but lacks modern SEO, accessibility, and security best practices. No privacy or cookie policies are present, and no company contact information is provided, which reduces user trust and compliance with data protection regulations. Security posture is weak due to absence of HTTPS and security headers. Overall, the site appears functional but lacks professionalism and transparency, posing risks to users and limiting business credibility.

H

HIRSCH

hirschag.com

49

HIRSCH is an established e-commerce business specializing in premium watch straps and accessories for men and women. The company offers a wide range of products including luxury, sports, fashion, and custom-made watch straps, targeting watch enthusiasts and owners globally. The website is built on the Magento platform, leveraging modern web technologies such as RequireJS, jQuery, and KnockoutJS, and integrates security features like Google reCAPTCHA and cookie consent mechanisms to enhance user trust and compliance. The site demonstrates good design quality, mobile optimization, and SEO practices, supporting a positive user experience. Security posture is solid with HTTPS enforcement and form protections, though explicit security policies and incident response contacts are absent, representing an area for improvement. Overall, the website is professional, trustworthy, and compliant with GDPR, reflecting a mature digital presence suitable for its market segment.

E

EEistanbul

ee-istanbul.com

45

EE Istanbul is a medium-sized company specializing in project management, design, and consultancy services within the construction and real estate sectors. Their portfolio includes office buildings, retail stores, industrial facilities, and renovation projects primarily in Turkey. The website showcases a variety of completed projects and notable clients, indicating a solid market presence. Technically, the website uses a traditional tech stack including jQuery, Bootstrap, and ASP.NET MVC, with moderate performance and good mobile optimization. However, the absence of HTTPS and security headers significantly weakens the security posture. Privacy compliance is minimal, with no visible privacy or cookie policies. Overall, the website is functional and professional but requires urgent security and compliance improvements.

MooieDomeinnaam.nl B.V. operates a specialized domain brokerage service focusing on premium Dutch .nl domain names, exemplified by the RWI.nl domain sales landing page. The company positions itself as a trusted intermediary offering secure transactions, invoicing, and domain ownership transfer services primarily targeting Dutch businesses and individuals, with international sales options. The website content is professionally structured, providing clear steps for domain acquisition and multiple contact channels, including email, phone, and WhatsApp. Technically, the website employs modern front-end technologies such as HTML5, CSS3, JavaScript, jQuery, and animation libraries like AOS and Owl Carousel. Payment processing is securely integrated via the reputable Pay.nl platform using iDEAL. However, the site lacks explicit privacy and cookie policies and does not implement advanced security headers, which are areas for improvement. Analytics are conducted through Google Tag Manager, but no cookie consent mechanism is present, indicating partial privacy compliance. From a security perspective, the site uses secure payment methods and does not expose sensitive data in its HTML. Nevertheless, the absence of security headers and anti-CSRF protections in forms suggests moderate security maturity. WHOIS data confirms the legitimacy and consistency of the business identity, reinforcing trustworthiness. Overall, the site is functional and professional but would benefit from enhanced privacy and security measures to align with best practices and regulatory requirements.

I

Istituto Ambiente Europa

ambienteeuropa.it

45

Istituto Ambiente Europa is a specialized Italian organization providing training and consultancy services focused on workplace safety, environmental protection, and compliance. Established in 1991, it offers both videoconference and in-person courses, consultancy services, and safety assistance, targeting professionals and organizations in need of environmental and occupational safety education. The website reflects a professional and consistent brand with clear navigation and relevant content for its audience. Technically, the website employs common web technologies such as jQuery, Bootstrap, and Owl Carousel, with Google Analytics and Tag Manager for tracking. The site is mobile-optimized and presents a moderate performance profile. However, there is no evidence of advanced CMS usage or hosting provider details. SEO and accessibility are basic but functional. From a security perspective, the site lacks visible security headers and explicit security policies or incident response contacts. HTTPS status is unknown from the HTML content alone, but no critical security issues or blocking mechanisms are detected. Privacy and cookie policies are present with consent mechanisms, indicating basic GDPR compliance. Contact information is clearly provided, enhancing business credibility. Overall, the website presents a moderate risk profile with room for improvement in security best practices and privacy transparency. The domain registration details align well with the business claims, supporting legitimacy. Strategic enhancements in security headers, HTTPS enforcement, and incident response documentation would strengthen the security posture and trustworthiness.

A

Allcartuning

allcartuning.com

37

Allcartuning is a specialized automotive tuning service provider based in Austria, focusing on chiptuning and eco-tuning for passenger cars, trucks, and agricultural vehicles. With over 14 years of experience, the company offers motor control unit programming and software tuning, supported by a network of authorized dealers. The website reflects a niche market position with a clear business model centered on automotive performance enhancement and tuning tools. Technically, the site runs on TYPO3 CMS with PHP 7.4 backend and uses common frontend libraries like jQuery and Bootstrap. It is hosted behind Cloudflare CDN but lacks a valid SSL certificate, resulting in HTTP-only access, which is a significant security concern. The site includes basic privacy and cookie policies with GDPR consent mechanisms but lacks explicit security or incident response policies. Overall, the website is functional and professionally presented but requires urgent improvements in security posture, especially regarding HTTPS implementation and modern security headers.

umdasch Store Makers Management GmbH is a large, internationally operating company specializing in shopfitting and retail solutions, including consulting, project management, general contracting, and digital retail integration. The company is part of the Umdasch Group AG and serves retail businesses with comprehensive store design and implementation services. Their website reflects a professional and consistent brand presence with multilingual support and active social media engagement. Technically, the website uses Apache server technology with common JavaScript libraries for UI components but lacks a modern CMS indication. Hosting is managed via Azure DNS. Performance metrics are not provided but inferred as slow due to zero load time data. Security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, which critically impacts secure communications. Privacy compliance is addressed with a comprehensive GDPR policy and cookie consent mechanism, though no explicit security policy or incident response contacts are found. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Y

YUMMY Publishing GmbH

yummy.digital

35

YUMMY Publishing GmbH operates the digital publishing platform Yumpu.com, providing tools for converting documents into online magazines with a global user base. The company targets publishers and businesses seeking innovative digital publishing solutions, leveraging cloud hosting and advanced rendering technologies. The website presents a professional brand image with notable client logos and a clear business focus on digital content publishing. Technically, the site uses SilverStripe CMS and common frontend libraries but lacks HTTPS, which is a critical security gap. The absence of SSL/TLS and security headers exposes the site to risks and undermines user trust. Privacy compliance is minimal, with no cookie consent mechanism detected and only a basic privacy policy available. Overall, the site is functional and informative but requires urgent security improvements to meet modern standards.

S

S. Spitz GmbH

spitz.at

31

S. Spitz GmbH is a well-established Austrian food and beverage manufacturer with over 160 years of tradition, specializing in beverages, sweets, baked goods, and delicatessen products. The company operates multiple production sites in Austria and emphasizes quality, sustainability, and customer-specific private label solutions. Their website reflects a professional and comprehensive digital presence targeting B2B customers, job seekers, and sustainability-conscious consumers. Technically, the site is built on WordPress with common plugins and libraries, offering good mobile optimization and SEO features. However, the absence of a valid SSL/TLS certificate and missing DNS records represent significant security and technical weaknesses. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the business credibility is strong, but the security posture requires urgent improvement to protect user data and enhance trust.

E

epmedia

epmedia.at

22

epmedia is a professional communications agency based in Austria, specializing in tailored marketing and PR strategies for B2B and B2C clients, particularly in the real estate sector. The company offers a broad range of services including brand and communication strategies, PR and networking, classic advertising, digital services, and event management. Their market position is supported by a portfolio of reputable clients and organized industry events. Technically, the website is built on WordPress with modern plugins and frameworks, providing a good user experience and SEO optimization. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security weaknesses. The site complies well with GDPR through a comprehensive privacy policy and cookie consent mechanism. Overall, the business demonstrates credibility and professionalism but must urgently address its SSL/TLS security to protect user data and maintain trust.

SCHOLLENBERGER Kampfmittelbergung GmbH is a specialized service provider in ordnance and explosive material recovery operating primarily in Austria and Germany. Established in 2009 and employing around 380 staff, the company offers comprehensive services including surface and depth probing, aerial image evaluation, and diving operations. It is part of the SOCOTEC Group, which enhances its market position and operational capabilities. The website presents detailed business information and service descriptions targeting industrial, governmental, and private clients requiring ordnance clearance and related environmental services. Technically, the site is built on TYPO3 CMS with modern frontend libraries but suffers from critical security shortcomings such as lack of HTTPS and DNS misconfigurations. These issues undermine trust and expose the site to risks. No privacy or cookie consent mechanisms are implemented, which may affect GDPR compliance. Overall, the business is credible and professional, but the digital infrastructure requires urgent security and technical improvements.

X

x.test GmbH

xtest.at

22

x.test GmbH is a specialized company in electronic measurement technology based in Austria, founded in 2010. The company offers a range of products and consulting services focused on electronic measurement, emphasizing quality and customer trust. The website is built on WordPress with modern plugins and frameworks, providing a professional and user-friendly experience. However, the absence of an SSL certificate and HTTPS significantly impacts the security posture, exposing users to potential risks. The site implements GDPR-compliant cookie consent mechanisms and provides clear privacy and terms of service pages, reflecting good privacy compliance. Overall, the business appears legitimate and well-positioned in its niche, but security improvements are critical.

I

IT Services and Solutions, S. A. de C. V.

it-solutions.com.mx

36

IT Services and Solutions, S. A. de C. V., operating under the brand IT Solutions, is a Mexican technology company specializing in designing and implementing IT solutions to enhance business operations. Their offerings include infrastructure modernization, cybersecurity, digital transformation, cloud services, and support. The company targets businesses seeking comprehensive IT solutions and positions itself as a trusted partner with strong vendor alliances and professional services expertise. Technically, the website is built on WordPress with common plugins and sliders, but lacks a valid SSL certificate, resulting in no HTTPS support which is a critical security gap. The site includes contact forms with reCAPTCHA and social media links but lacks cookie consent mechanisms and detailed privacy compliance features. Security headers are minimal, and no incident response or security policies are publicly disclosed. Overall, the website presents a professional business image but requires urgent improvements in security posture and privacy compliance to meet modern standards.

K

KAUFMANN S.A

kaufmann.cl

36

Kaufmann S.A is a leading automotive company in Chile specializing in the sale and servicing of automobiles, commercial vehicles, and related products. The website reflects a comprehensive digital presence with extensive content covering various vehicle categories, after-sales services, and customer support. The company maintains a strong market position with a wide network of branches across Chile and partnerships with recognized brands and service providers. Technically, the site is built on the Liferay CMS platform, utilizing modern web technologies such as React and jQuery, but suffers from a critical lack of HTTPS support due to an invalid or missing SSL certificate, which significantly impacts its security posture. Security headers are present but insufficient without proper SSL/TLS implementation. Privacy compliance is moderate with a clear privacy policy but no visible cookie consent mechanism. Overall, the site offers good user experience and content quality but requires urgent security improvements to protect user data and enhance trust.

I

Institut Teknologi Sepuluh Nopember

its.ac.id

40

Institut Teknologi Sepuluh Nopember (ITS) is a prominent Indonesian university specializing in science, technology, and arts education. The website serves a broad audience including prospective and current students, faculty, staff, parents, and alumni. It offers comprehensive information on academic programs, research, innovation, and public services. The institution holds a strong market position with recognized rankings in Asia Pacific and globally. Technically, the website is built on WordPress with a modern tech stack including Visual Composer, Yoast SEO, and various JavaScript libraries, providing a rich user experience with good mobile optimization and accessibility. However, the website lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Security headers are present but insufficient without proper SSL. Privacy and cookie policies are not found, indicating compliance gaps. DNS records are missing or incomplete, raising concerns about domain configuration. Overall, the site is professional and trustworthy in content but requires urgent improvements in security and privacy compliance.

X

XYZ

wearexyz.com

36

XYZ is a creative visual production agency based in San Francisco specializing in 3D rendering, photography, retouching, video, motion graphics, and other visual content creation services. The company partners with notable brands to deliver compelling content and experiences that drive results. Their website showcases a strong portfolio of industry-leading clients, reflecting a solid market position in the media and creative production sector. Technically, the website is built on WordPress with Elementor and leverages modern JavaScript libraries and third-party services such as Vimeo and Google Analytics. Hosting is provided by WP Engine with Cloudflare as a CDN, indicating a professional infrastructure. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Security headers are minimal, and no advanced security policies or incident response contacts are found. Privacy and cookie policies are absent, which may impact compliance with GDPR and other regulations. Overall, the site presents a professional business front but requires urgent improvements in security and privacy compliance to reduce risk and enhance trust.

W

WK-Development GmbH

wk-development.com

38

WK-Development GmbH is a Vienna-based real estate development company specializing in exclusive residential projects in Vienna, its surroundings, and Eastern Europe. The company operates as a management holding for project companies involved in acquisition, development, and sale of high-end residential properties. With a portfolio exceeding 150,000 m² of new residential space developed in recent years, WK-Development targets private and institutional investors seeking profitable real estate investments. The website reflects a mature digital presence with detailed project showcases, team profiles, and partner information, supporting its market positioning as a reliable and growing player in Central European real estate development. Technically, the website is built on WordPress using Elementor and Yoast SEO, indicating a modern CMS and SEO-friendly infrastructure. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential data interception risks. The site lacks advanced security headers and email authentication mechanisms like DMARC, which could be improved to enhance trust and security. Performance data is unavailable, but the site uses WP Rocket for optimization and appears mobile responsive. Security posture is weak due to missing HTTPS and TLS protocols, no HSTS, and no OCSP stapling. Privacy compliance is partial; a comprehensive privacy policy exists, but no cookie consent mechanism is detected, which is a GDPR compliance risk. Contact information is clearly presented, including a company email and physical address, but no phone numbers are explicitly provided. Social media presence is active on Facebook, Instagram, and YouTube. Overall, WK-Development GmbH presents a professional and credible business front with strong content and branding but requires urgent security improvements to protect users and comply with privacy regulations. Strategic recommendations include immediate SSL implementation, enhanced email security, and cookie consent integration to align with best practices and regulatory requirements.

ALC Eventsolutions GmbH is a small Austrian company specializing in full-service event technology solutions, including project planning, corporate and private events, and technical equipment such as sound, lighting, media, stage technology, and special effects. The company targets event organizers and clients primarily in Vienna and surrounding areas, positioning itself as a reliable and innovative partner for memorable events. Their website reflects a professional and consistent brand image with clear service offerings and social media presence. Technically, the website runs on an Apache server with common JavaScript libraries like jQuery, Owl Carousel, and WOW.js for animations. The hosting DNS is managed via Oracle Cloud. However, the site lacks HTTPS, which is a significant security and trust concern. Performance data is missing, but the site appears to have basic mobile optimization and SEO features. No CMS or major frameworks were detected, suggesting a custom-built site. From a security perspective, the absence of an SSL certificate and HTTPS is a critical vulnerability, exposing users to potential data interception. No advanced security headers or policies are implemented, and there is no visible incident response or vulnerability disclosure information. Privacy compliance is minimal, with a basic privacy policy but no cookie consent mechanism or GDPR explicit statements. Overall, while the business appears legitimate and professionally presented, the website's security posture is weak, and privacy compliance is insufficient. Immediate improvements in SSL implementation and privacy practices are recommended to enhance trust and protect users.

B

BYTEPOETS

bytepoets.com

26

BYTEPOETS is a well-established software development company based in Graz, Austria, specializing in app development, web development, UI/UX design, and consulting services. With a domain age of 24 years and a recent integration into the MXP group, BYTEPOETS positions itself as a reliable partner for digital transformation projects, targeting businesses seeking tailored software solutions. The website content is professional, comprehensive, and clearly structured, reflecting a mature business with a strong client portfolio and detailed team information. Technically, the website employs modern technologies including Angular, Flutter, .NET Core, and various analytics tools such as Matomo and Google Tag Manager. However, the site lacks HTTPS, which is a critical security shortfall. The absence of a valid SSL certificate and related security headers significantly impacts the security posture, despite the presence of cookie consent mechanisms and privacy policies that indicate good privacy compliance. Security-wise, the site shows no evidence of incident response or vulnerability disclosure policies, and the SSL configuration is incomplete, lacking HSTS and OCSP stapling. The domain registration is consistent and mature, supporting the legitimacy of the business. Overall, BYTEPOETS demonstrates strong business credibility and digital maturity but must urgently address HTTPS implementation to improve security and trust. Strategically, BYTEPOETS should prioritize securing their website with a valid SSL certificate and enhancing security headers. Maintaining comprehensive privacy compliance and transparent contact information supports user trust and regulatory adherence. The integration with MXP suggests growth and potential for expanded market reach.

P

PRAXIS

praxispr.ca

40

PRAXIS is a Canadian marketing communications agency specializing in integrated services including PR, digital marketing, live events, social media management, and collaborations. The company positions itself as a leading Canadian-owned agency with a strong client portfolio including major brands such as Pepsi, Cineplex, and Purina. The website is professionally designed with rich content and clear navigation targeting Canadian businesses seeking marketing communications expertise. Technically, the site is built on WordPress with modern plugins and SEO tools, but suffers from a lack of HTTPS security due to an invalid or missing SSL certificate. Security headers are minimal but present, and no cookie consent or GDPR compliance mechanisms are evident. The agency maintains active social media presence and uses Google Analytics and LinkedIn Insight for tracking. Overall, the website reflects a credible and professional business but requires urgent security improvements to protect user data and enhance trust.

S

SOLVION information management GmbH

solvion.net

25

SOLVION information management GmbH is a well-established IT consulting and solutions provider specializing in digital workplace transformation within the Microsoft 365 ecosystem. With over 22 years of experience, the company serves medium-sized commercial enterprises primarily in the DACH region, focusing on sectors such as production, retail, services, and transportation. Their key services include strategic and technology consulting, adoption and change management, implementation of Microsoft-based solutions, and ongoing technical support. The website reflects a professional and consistent brand image with comprehensive content, active blogs, and customer testimonials, positioning SOLVION as a leading player in their market segment. Technically, the website is built on WordPress with the Divi theme and utilizes modern JavaScript libraries and marketing tools such as Google Tag Manager and Borlabs Cookie for consent management. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. Other security best practices like HSTS, OCSP stapling, and modern TLS protocols are also missing, exposing the site to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies, including a consent mechanism that aligns with GDPR requirements. The site employs extensive tracking and marketing tools, but these are transparently disclosed. Contact information is clearly presented, including a detailed contact form, phone number, and physical address, enhancing business credibility. Overall, while the business and content aspects of the website are strong and trustworthy, the lack of HTTPS and proper SSL configuration is a critical vulnerability that must be addressed immediately to protect user data and maintain trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern security protocols, and enhancing security headers to improve the site's security posture and compliance.

T

Thöni Industriebetriebe GmbH

thoeni.com

22

Thöni Industriebetriebe GmbH is a well-established family-owned industrial group based in Austria, specializing in aluminum manufacturing, automotive components, environmental energy technology, machinery and plant construction, and hose production. The company operates internationally with multiple production sites across Austria, Germany, Italy, and the USA. The website reflects a professional and comprehensive digital presence, targeting industrial clients and partners in related sectors. Technically, the site is built on WordPress with modern frontend frameworks and plugins, but suffers from a critical lack of HTTPS support due to an invalid or missing SSL certificate, which significantly impacts its security posture. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the business credibility and content quality are high, but the security deficiencies pose a risk to user trust and data protection.

A

A-Commerce

a-commerce.at

22

A-Commerce is a German-language online magazine specializing in e-commerce news, business insights, and marketing strategies primarily targeting e-commerce professionals and entrepreneurs in Austria and German-speaking regions. The website offers regularly updated content including articles, interviews, and tool reviews, positioning itself as a niche media outlet in the e-commerce sector. Technically, the site is built on WordPress with a modern tech stack including PHP 8, nginx, and various JavaScript libraries for UI enhancements. However, the site lacks HTTPS, which is a critical security deficiency. The cookie consent mechanism is implemented and GDPR compliant, but no explicit contact or security policies are published. Overall, the site demonstrates good content quality and user experience but requires urgent security improvements.

S

Schmied & Fellmann

schmied-fellmann.at

25

Schmied & Fellmann is a medium-sized Austrian company specializing in electrical engineering services including consulting, planning, installation, and maintenance. They also operate a retail business offering electrical devices, installation materials, postal services, and school and office supplies. The company targets businesses and institutions primarily in the St. Pölten and Wilhelmsburg regions. Their market position is solid locally, supported by certifications such as 'Leitbetrieb' and a broad portfolio of services and references. Technically, the website is built on TYPO3 CMS with common frontend libraries and demonstrates good content quality and navigation. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts security posture. No modern security headers or cookie consent mechanisms are implemented, and no analytics or tracking scripts are detected. Overall, the website is functional and professional but requires urgent security improvements to protect user data and improve trust. Strategic recommendations include obtaining a valid SSL certificate, implementing security headers, and adding privacy compliance features.

W

WunderLand Group

wunderlandgroup.com

37

WunderLand Group is a mature, medium-sized staffing solutions firm specializing in digital, creative, and marketing workforce services. The company offers a broad range of expertise including UX design, content editing, front-end development, and project management. Their market position is supported by strong client and consultant testimonials and industry awards such as the Best of Staffing®. Technically, the website is built on WordPress with Elementor and uses a variety of modern JavaScript libraries and marketing tools, hosted on WP Engine with Cloudflare CDN. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks and undermining trust. Privacy compliance is partially addressed with a cookie consent mechanism, but GDPR compliance is not clearly demonstrated. Overall, the business credibility is solid, but the security weaknesses require urgent remediation.

7

7LYTIX GMBH

7lytix.com

40

7LYTIX GMBH is a mature Austrian AI software company specializing in Action Intelligence solutions that optimize business processes such as predictive maintenance, supply chain management, and intelligent personalization. Recently acquired by the KEBA Group, 7LYTIX targets medium to large enterprises in manufacturing, retail, logistics, finance, and media sectors. The website reflects a professional and consistent brand presence with clear business information and customer trust indicators. Technically, the site uses modern JavaScript libraries and frameworks like Bootstrap and jQuery, with analytics implemented via Google Analytics and Matomo. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Privacy and cookie policies are present but basic, and no explicit security or incident response policies are found on the site. Overall, the business credibility is strong, but the security configuration requires urgent improvement to protect user data and maintain trust.

M

MCR

morse.com

40

MCR is a well-established and large hotel management and ownership company, recognized as the third largest hotel owner-operator in the United States. The company operates a diverse portfolio of hotels across multiple states and brands, with a strong reputation supported by numerous industry awards and recognitions. The website reflects a mature business with a professional online presence, targeting investors, partners, and hospitality professionals. Technically, the website is built on WordPress with a modern tech stack including jQuery and Google Maps integration, but suffers from a lack of HTTPS due to an invalid or missing SSL certificate, which significantly impacts its security posture. Security headers are well implemented, but the absence of SSL and modern TLS protocols is a critical vulnerability. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of use, but the lack of a cookie consent mechanism is a gap. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

P

Pacific National

pacificnational.com.au

37

Pacific National is Australia's largest private rail freight operator, providing comprehensive rail logistics services across the country. The company emphasizes safety, customer service, and operational excellence, serving a broad range of industries with extensive rail assets including locomotives and wagons. Their market position is strong as a trusted logistics partner with a large customer base and national presence. Technically, the website is built on WordPress hosted on WP Engine with Cloudflare CDN, utilizing common web technologies such as jQuery, Bootstrap, and Owl Carousel. The site is moderately optimized for performance and mobile responsiveness, with good SEO practices and structured data implemented for enhanced search visibility. From a security perspective, the site currently lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. Security headers are minimal, and advanced protections like HSTS and OCSP stapling are not enabled. While some security best practices like HttpOnly and Secure cookie flags are set, the overall security posture is weak and requires urgent improvement. Overall, the website is professional and content-rich but suffers from significant security shortcomings that impact user trust and compliance. Strategic improvements in SSL/TLS deployment and privacy compliance mechanisms are recommended to enhance security and regulatory adherence.

M

M.Tech Products Pte Ltd

mtechpro.com

40

M.Tech Products Pte Ltd is a leading distributor and solutions provider specializing in cyber security and network performance solutions across the Asia-Pacific region. The company maintains a strong market position with presence in 14 countries, 24 offices, and a reseller network exceeding 2,000 partners. Their business model focuses on partnering with market-leading vendors to deliver integrated security and network performance management solutions, complemented by professional services and training offerings. The website reflects a professional and consistent brand image with good content quality and clear navigation tailored for their target audience of enterprises and resellers. Technically, the website is built on WordPress using common libraries such as jQuery and Owl Carousel, with Gravity Forms for data collection. While the site is mobile optimized and SEO friendly, performance appears slow based on provided data. Critically, the site lacks a valid SSL certificate and proper HTTPS configuration despite having security headers like HSTS, which severely impacts its security posture. Analytics usage is moderate with Google Analytics implemented, but no cookie consent mechanism or explicit cookie policy was found. From a security perspective, the site demonstrates basic best practices through HTTP security headers but suffers from the absence of HTTPS and modern TLS protocols, exposing users to potential risks. No incident response or vulnerability disclosure information is available, and no security certifications are displayed. The domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness. Overall, the website is functional and professional but requires urgent security improvements, especially regarding SSL/TLS implementation, to protect user data and enhance trust. Privacy compliance is partially met with a comprehensive privacy policy but lacks cookie consent mechanisms. Strategic recommendations include securing the website with valid certificates, enabling modern security protocols, and enhancing privacy and incident response disclosures.

A

AMES - Aerospace and Mechanical Engineering Services

ames.aero

19

AMES - Aerospace and Mechanical Engineering Services is a mature Austrian company specializing in aerospace engineering, certification, production, maintenance, CAMO, consulting, and training services. With a domain age of 17 years and multiple aerospace certifications, AMES positions itself as a reliable service provider in the aerospace transportation sector. The website reflects a professional business model targeting aerospace industry professionals and companies requiring specialized engineering and certification services. The company maintains a consistent brand presence with clear contact information and social media engagement. Technically, the website employs a variety of established JavaScript libraries and frameworks such as jQuery, Bootstrap, and Owl Carousel, indicating a moderate level of digital maturity. However, the site lacks HTTPS encryption and modern security configurations, which significantly impacts its security posture. Performance is rated slow due to missing SSL and potential optimization gaps, though mobile responsiveness and navigation clarity are good. Security evaluation reveals critical vulnerabilities including the absence of SSL/TLS, no HSTS, no DNSSEC, and missing security headers. These gaps expose the site to potential interception and downgrade attacks. The domain's imminent expiry in 11 days adds operational risk. Privacy compliance is minimal, with basic privacy and terms documents available but no cookie consent or incident response contacts. Overall, AMES demonstrates solid business credibility and content quality but requires urgent security improvements to protect its digital assets and customer trust. Strategic recommendations include immediate SSL implementation, enhanced domain protection, and adoption of security best practices to elevate the security score and compliance posture.

L

Lebenshilfe Peine-Burgdorf GmbH

lhpb.de

24

Lebenshilfe Peine-Burgdorf GmbH is a regional non-profit organization dedicated to supporting people with disabilities and those requiring assistance in the Peine district and surrounding areas in Germany. The organization offers a broad range of services including counseling, childcare, residential support, employment and education programs, and leisure activities. Their business model focuses on social integration and empowerment of their target audience, which includes individuals with special needs, their families, and professional caregivers. Technically, the website is built on TYPO3 CMS and uses common web technologies such as Apache server, jQuery, and FontAwesome. While the site is well-structured, mobile-optimized, and content-rich, it lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Performance data is unavailable, but the site appears to have good navigation and accessibility features. From a security perspective, the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Although some security headers are present, key best practices like HSTS enforcement and OCSP stapling are missing. No explicit security or incident response policies are published on the site. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the website demonstrates moderate business credibility and good content quality but suffers from critical security deficiencies. Strategic improvements in SSL/TLS deployment and privacy compliance are recommended to enhance trust and security.

D

DIE FLIEGENDEN KÖCHE GMBH

fliegende-koeche.com

25

DIE FLIEGENDEN KÖCHE GMBH operates Austria's largest chefs agency, providing professional kitchen staff placement services nationally and internationally since 2007. The company targets gastronomy businesses such as restaurants and hotels, offering temporary and permanent staffing solutions including various chef roles. Their market position is strong within Austria, supported by over a decade of experience and multiple regional offices. Technically, the website is built on WordPress with common plugins and libraries but suffers from critical security shortcomings, notably the absence of a valid SSL certificate and use of outdated PHP. The site includes privacy and cookie policies with consent mechanisms, but lacks explicit security or incident response policies. Overall, the business credibility is good, but the security posture is weak, exposing the site to risks. Strategic improvements in HTTPS deployment, server software updates, and security headers are recommended to enhance trust and compliance.

G

Gradonna ****s Mountain Resort

gradonna.at

25

Gradonna Mountain Resort is a premium 4-star superior hospitality business located in Austria, offering luxury hotel and chalet accommodations with wellness, spa, and ski-in ski-out amenities. The website is professionally designed with comprehensive content targeting tourists seeking mountain resort experiences. Technically, the site uses TYPO3 CMS with modern JavaScript libraries and integrates Cookiebot and Google Tag Manager for privacy and analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security vulnerability that significantly impacts the site's security posture. The domain registration is consistent with the business claims and is owned by the Schultz Gruppe, a parent company. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and trust.

L

LKB

lkb.eu

23

LKB is a small healthcare-focused company based in Austria, specializing in the supply and distribution of life science and routine medical diagnostics products. The company holds ISO 9001 certification and emphasizes customer and technical support, targeting laboratories and medical diagnostics professionals. The website presents a professional design with clear navigation and relevant content, supporting the company's market position as a trusted supplier in the region. Technically, the website uses modern frontend technologies such as Bootstrap 5 and jQuery, hosted on SuperHosting.bg, but lacks HTTPS support and advanced security configurations, which significantly impacts its security posture. The absence of SSL/TLS encryption and security headers exposes the site to risks and undermines user trust. Privacy compliance is minimal, with a privacy policy present but no cookie policy or consent mechanisms. Contact information is comprehensive and clearly displayed, enhancing business credibility. Overall, while the business and website demonstrate professionalism and market relevance, critical security improvements are necessary to protect users and data.

Nástupište 1-12 is a Slovak non-profit cultural organization dedicated to contemporary culture with a focus on music, art, presentations, and educational activities. The website serves as a platform to announce events, workshops, exhibitions, and artistic residencies primarily targeting the local cultural community and children. The organization maintains a consistent brand presence and provides comprehensive event information with good use of structured data for SEO and social media integration. Technically, the website is built on the Smartweb CMS platform, utilizing various JavaScript libraries such as jQuery and Owl Carousel, and is hosted by Smartweb providers. However, the website suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. Overall, the site is functional and content-rich but requires urgent security improvements.

C

Caterpillar Energy Solutions GmbH

mwm.net

28

MWM, operating under Caterpillar Energy Solutions GmbH, is a well-established company specializing in highly efficient and environmentally friendly combined heat and power plants and block heating power plants. With over 150 years of experience, the company offers a broad portfolio of gas engines and power generation solutions targeting industrial, commercial, and public utility sectors globally. The website reflects a mature digital presence with comprehensive product and service information, supported by a global service and sales network. Technically, the site is built on WordPress with common libraries and plugins, but suffers from a critical lack of a valid SSL certificate, which severely impacts its security posture. Privacy policies and GDPR compliance are well addressed, and contact is primarily via web forms. Overall, the site is professional and trustworthy but requires urgent security improvements.

S

SRB Consulting Team GmbH

srb.at

23

SRB Consulting Team GmbH is a well-established IT service provider specializing in SAP consulting, implementation, and optimization services. With over 25 years of experience and a strong SAP Gold Partner certification, the company offers a broad range of SAP-related solutions including ERP, CRM, SCM, and SAP Business Technology Platform services. Their target audience includes businesses across various industries seeking digital transformation and SAP expertise. The website presents professional content, clear navigation, and consistent branding, supported by a solid social media presence. Technically, the website uses a variety of modern front-end libraries such as Bootstrap, jQuery, and Owl Carousel, but lacks a valid SSL certificate and HTTPS support, which is a critical security shortfall. Performance is slow with a high page load time and large page size, indicating potential optimization needs. Privacy compliance is well addressed with a GDPR-compliant cookie consent mechanism and a clear privacy policy. Security posture is weak due to the absence of HTTPS, missing security headers, and no visible incident response or security policies. This exposes the site and its users to risks and undermines trust. The WHOIS data confirms the domain's legitimacy and consistency with the business claims, reinforcing the company's credibility. Overall, while the business and content quality are good, the lack of HTTPS and security best practices significantly lowers the security score and overall rating. Immediate remediation of SSL/TLS issues and security hardening is recommended to improve trust and compliance.

A

American Austrian Foundation

aaf-online.org

22

The American Austrian Foundation is a well-established non-profit organization dedicated to fostering knowledge transfer and experience exchange in medicine, culture, and media through fellowship programs and bilateral exchanges. The website reflects a professional and consistent brand with clear program offerings and international reach. Technically, the site is built on WordPress with Elementor and uses modern web technologies, but suffers from a critical lack of HTTPS, which undermines security and user trust. The security posture is weak due to the absence of a valid SSL certificate and missing security headers, although no major vulnerabilities were detected. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Business credibility is strong, supported by trust badges and consistent WHOIS data. Overall, the site is functional and informative but requires urgent security improvements to protect users and enhance trust.