High-risk security reports

S

SIWA Online GmbH

siwa.at

0

SIWA Online GmbH is a medium-sized Austrian digital agency specializing in web, app, and e-commerce solutions. The company emphasizes consulting, design, development, and ongoing support services, positioning itself as a trusted partner with ISO 27001 certification. Their market presence is supported by multiple client testimonials and a professional online presence. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and hosted on AWS CloudFront, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which undermines secure communications. The site implements strong security headers and content policies but lacks full TLS protocol support and HSTS enforcement. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business demonstrates strong credibility and professionalism but must urgently address SSL/TLS issues to improve security posture and trust.

E

Energie AG

energieag.at

0

Energie AG is a well-established regional energy provider in Upper Austria, offering a broad range of services including electricity, gas, internet, photovoltaic solutions, and electromobility products. The company positions itself as a modern and reliable energy supplier with a strong focus on customer service and sustainability. Their website reflects a mature digital presence with comprehensive content and professional design, targeting both private and business customers. Technically, the site uses a modern technology stack with various JavaScript libraries and integrates multiple analytics and marketing tools. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Despite this, the site implements several security headers and privacy policies that comply with GDPR requirements. Overall, the business appears legitimate and trustworthy, but urgent improvements in SSL/TLS configuration are necessary to enhance security and user trust.

E

ELK GmbH

elk.at

0

ELK GmbH is a well-established Austrian company specializing in prefabricated houses, boasting over 60 years of market leadership. Their website reflects a mature business with a strong brand presence, offering a variety of housing solutions including single-family homes, bungalows, multi-family houses, and apartments. The company emphasizes sustainability and customer service, supported by multiple industry awards and partnerships such as with RB Leipzig. Technically, the website uses modern web technologies including Cloudflare CDN, Bootstrap, jQuery, and Vimeo for video content, ensuring a rich user experience and mobile responsiveness. However, the site lacks a valid SSL certificate, which is a critical security flaw that undermines user trust and data protection. Security headers are properly configured, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism. Contact information is primarily via contact forms and social media channels, with no explicit emails or phone numbers displayed. Overall, ELK GmbH's digital presence is professional and content-rich but requires urgent improvements in security and privacy compliance to align with best practices and regulatory requirements.

C

Choctaw Casinos & Resort

choctawcasinos.com

0

Choctaw Casinos & Resort operates a network of casino and resort properties primarily in Oklahoma, offering gaming, hospitality, live entertainment, dining, and rewards programs. The business is positioned as a regional leader with a strong brand presence and a focus on customer experience. Technically, the website is built on WordPress, hosted on WP Engine, and uses modern web technologies and third-party integrations such as Google Tag Manager and Vimeo. However, the absence of a valid SSL certificate and HTTPS support is a critical security vulnerability that undermines user trust and data protection. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance practices. Overall, the website is professionally designed and content-rich but requires urgent security improvements to meet modern standards.

I

ICSL GmbH

icsl.at

0

ICSL GmbH is a specialized provider of secure communication systems, focusing on high-quality, NATO-approved solutions such as Silentel and SecuSUITE. With over 20 years of experience and 13 years dedicated to secure communication, ICSL positions itself as a trusted partner for government and enterprise clients requiring robust security. The website reflects a professional and consistent brand image, targeting a niche market with a clear business model centered on consulting and secure communication services. Technically, the site is built on WordPress with a modern plugin ecosystem, but suffers from critical security shortcomings due to an invalid SSL certificate and lack of HTTPS, which significantly impacts its security posture. Privacy and legal compliance are well addressed with accessible policies and cookie consent mechanisms. Overall, ICSL demonstrates strong business credibility but must urgently address its SSL/TLS configuration to enhance trust and security.

A

ACI Worldwide

aciworldwide.com

0

ACI Worldwide is a mature, enterprise-level financial technology company specializing in global payments software and solutions. The company offers a broad portfolio of services including payments orchestration, fraud management, bill pay, and real-time payments, targeting banks, merchants, and billers worldwide. The website reflects a strong market position with extensive customer testimonials, partner logos, and a global reach across 95 countries. Technically, the site is built on WordPress hosted on WP Engine with Cloudflare CDN, leveraging modern marketing and analytics tools such as Google Tag Manager, Hotjar, and HubSpot. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture score. Security headers and content security policies are well implemented, but the lack of HTTPS is a major vulnerability. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

Hagleitner Hygiene International GmbH is a well-established Austrian family-owned company specializing in innovative hygiene solutions, including cleaning and disinfectant products, cosmetics, dispensers, dosing devices, and digital hygiene applications. Founded in 1971 and headquartered in Zell am See, Austria, the company operates internationally with 27 locations across 12 countries and a broad distribution network. Their market position is strong, particularly in dispenser systems and hygiene technology, supported by numerous certifications and a commitment to sustainability. Technically, the website is built on TYPO3 CMS with modern frontend technologies such as jQuery, Bootstrap, and various JavaScript libraries for enhanced user experience. Hosting is managed via Cloudflare CDN with Apache on Rocky Linux. However, the website suffers from a critical security flaw: the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and user trust. Security-wise, while the company demonstrates compliance with multiple ISO standards and environmental certifications, the website's SSL/TLS misconfiguration is a significant vulnerability. Security headers are minimal, and no advanced protections like OCSP stapling or session resumption are implemented. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the business is credible and professionally presented online, but the lack of HTTPS is a critical risk that must be addressed immediately to protect user data and maintain trust. Strategic improvements in SSL configuration and enhanced security headers are recommended to elevate the security posture and align with best practices.

K

Kellner & Kunz AG

reca.co.at

0

Kellner & Kunz AG, part of the RECA Group, is a leading specialist in C-parts management with a strong presence across Europe. The company offers a comprehensive range of over 140,000 quality products and services tailored to industry and trade sectors, supporting customers in optimizing their work processes and gaining competitive advantages. Their business model focuses on B2B supply and service, leveraging an extensive network of subsidiaries and partners across multiple countries. Technically, the website is built on WordPress with modern technologies such as Vue.js for search, Algolia, and Factfinder integrations, providing a good user experience with responsive design and SEO optimization. However, the site suffers from a critical security issue due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts its security posture. Security headers are well implemented, and privacy policies are comprehensive and GDPR compliant, but the lack of proper SSL/TLS encryption is a major vulnerability. The site uses standard tracking tools like Google Analytics and Facebook Pixel with moderate user tracking levels and appropriate consent mechanisms. Overall, the website is professional and trustworthy in content and business representation but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL/TLS certificate installation, enabling HSTS, and improving security configurations.

E

ENGEL

engelglobal.com

0

ENGEL is a large, established manufacturing company specializing in injection moulding solutions, including machines, automation, and digital process optimization. The website reflects a professional B2B business model targeting manufacturing industries globally, with multi-language support and a comprehensive content offering. Technically, the site uses modern technologies such as Vue.js and Storyblok CMS, hosted on AWS CloudFront, with good SEO and mobile optimization. However, the lack of a valid SSL certificate and disabled TLS protocols represent significant security weaknesses. The site implements strong security headers and a content security policy but lacks incident response and security policy disclosures. Privacy compliance is addressed with GDPR-consent mechanisms and a detailed data protection page. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

W

Webster University

webster.edu

0

Webster University is a well-established nonprofit higher education institution founded in 1915, serving over 13,000 students globally through multiple campuses and online programs. The website reflects a mature digital presence with comprehensive academic offerings, international reach, and strong branding consistency. Technically, the site uses modern JavaScript libraries, Google Tag Manager, and a consent management platform, indicating a commitment to privacy and analytics. However, the security posture is critically weak due to the absence of a valid SSL certificate and lack of HTTPS support, exposing users to potential risks. Privacy policies and cookie consent mechanisms are implemented effectively, supporting GDPR compliance. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

The website alu.hr represents the Akademija likovnih umjetnosti, an established fine arts academy affiliated with the University of Zagreb in Croatia. It serves students, faculty, and visitors by providing academic information, event announcements, and cultural project details. The institution is mature with a domain age of 22 years and a consistent registration profile. Technically, the site runs on Apache with Ubuntu, uses CMS Contenido 4.8, and includes older JavaScript libraries such as jQuery 1.9.0. However, the website suffers from outdated technology and lacks modern performance and accessibility optimizations. Security posture is weak due to the absence of a valid SSL certificate and proper HTTPS configuration, exposing users to risks. Privacy compliance is minimal, with no visible privacy or cookie policies, and no contact information is explicitly provided on the homepage. Overall, the site is functional but requires significant improvements in security, privacy, and technical modernization to meet current standards.

A

AOP Orphan Pharmaceuticals GmbH

aoporphan.com

0

AOP Orphan Pharmaceuticals GmbH operates as a European pioneer in integrated therapies for rare diseases and critical care, serving patients, healthcare professionals, and partners. The company is positioned as a medium-sized entity within the healthcare sector, with a strong focus on niche markets and sole supplier status for key therapeutic agents. Their website reflects a professional and consistent brand image, with comprehensive content and clear navigation tailored to their target audience. Technically, the site is built on TYPO3 CMS with Vue.js components and employs Matomo and LinkedIn for analytics and marketing. However, the absence of a valid SSL certificate significantly undermines the security posture, exposing the site to risks and reducing trust. Privacy compliance is well addressed with detailed policies and consent mechanisms. Overall, the business demonstrates credibility and transparency, but must urgently address its SSL/TLS configuration to enhance security and user trust.

Raiffeisenverband Salzburg eGen operates as a large regional banking cooperative in Austria, providing a comprehensive range of financial services including retail banking, corporate banking, investment products, insurance, and real estate services. The website targets private and corporate customers primarily in the Salzburg region, emphasizing local presence and digital innovation. The business is well-positioned as the largest banking group in Austria by branch count and employees, with a strong community and regional focus. Technically, the website is built on Adobe Experience Manager CMS with modern web technologies and responsive design, offering good user experience and accessibility. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information and trust indicators are prominently presented, supporting business credibility. Overall, the site is professional and content-rich but urgently requires SSL implementation to secure user data and maintain trust.

I

Interlingua Language Services ILS GmbH

interlingua.at

0

Interlingua Language Services ILS GmbH is a professional translation service provider based in Vienna, Austria, offering certified language services in over 90 languages. The company holds ISO certifications (EN ISO 17100 and EN ISO 9001:2015), positioning itself as a reliable and quality-focused player in the language services market. Their website is content-rich, professionally designed, and targets both business and private customers seeking translation, localization, and related services. Technically, the website is built on WordPress with modern plugins and multilingual support, but suffers from a critical lack of a valid SSL certificate, which undermines its security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. Overall, the business demonstrates strong credibility through certifications, testimonials, and clear contact information.

L

Lürzer's Archive

luerzersarchive.com

0

Lürzer's Archive is a well-established media company specializing in providing a comprehensive archive and magazine platform for advertising professionals worldwide. With over 30 years of curated creative content, it serves as a leading resource for creatives, agencies, and industry stakeholders. The website offers subscription services, a searchable archive of print campaigns, TV commercials, and digital designs, as well as a profiles platform connecting creatives and agencies. Technically, the site is built on WordPress with WooCommerce and leverages Cloudflare CDN for performance and security. However, the absence of a valid SSL certificate and HTTPS significantly undermines its security posture. While the site includes privacy and terms policies, cookie consent mechanisms and explicit security policies are lacking, indicating room for compliance improvements. Overall, the site is professionally designed with rich content but requires urgent security enhancements to protect user data and maintain trust.

F

FLOCERT GmbH

flocert.net

0

FLOCERT GmbH is a globally recognized certification and social auditing body, primarily serving as the sole certifier for Fairtrade products. Established in 2003 and based in Germany, FLOCERT offers a comprehensive suite of services including Fairtrade and EDGE certification, social audits, and customized sustainability programs. Their mission centers on promoting fairness in global trade, ensuring ethical business practices, and supporting sustainable development across diverse sectors. The website reflects a mature digital presence with rich content, multi-language support, and strong branding aligned with their non-profit sector focus. Technically, the site is built on WordPress with modern SEO and marketing tools, but currently lacks a valid SSL certificate, which significantly impacts its security posture. Despite this, the site maintains good privacy compliance with clear policies and consent mechanisms. The absence of HTTPS and modern TLS protocols is a critical security gap that should be addressed promptly to protect user data and enhance trust. Overall, FLOCERT demonstrates a strong market position and credible business model, but must improve its technical security to align with best practices.

T

TROTEC LASER INC.

troteclaser.com

0

Trotec Laser GmbH is a well-established manufacturer of professional laser machines and materials, serving a global market including manufacturers, engravers, schools, and print shops. With over 25 years of experience, the company offers a comprehensive product portfolio including laser cutters, engravers, markers, software, and consumables, supported by a worldwide network and strong customer base. The website is professionally designed, content-rich, and supports multiple languages and regions, reflecting a mature digital presence. Technically, the site uses TYPO3 CMS and Nuxt.js, hosted behind Cloudflare CDN, but lacks a valid SSL certificate, which is a critical security gap. Security headers are partially implemented, but modern TLS protocols and HSTS are missing, reducing the overall security posture. Privacy compliance is moderate with a clear privacy policy and terms of service, but no cookie consent mechanism is detected. Contact information is comprehensive and clearly presented. Overall, the site demonstrates strong business credibility and user experience but requires urgent security improvements to protect users and maintain trust.

E

Erne Fittings GmbH

ernefittings.com

0

Erne Fittings GmbH is a well-established manufacturer of premium quality pipe fittings with over 100 years of experience, serving a global industrial clientele primarily in the manufacturing and energy sectors. The company offers a comprehensive range of products including stock and production programs as well as special-purpose solutions, supported by quality certifications and a dedicated test laboratory. Their website reflects a professional and consistent brand image with clear navigation and multilingual support, targeting industrial distributors and project businesses worldwide. Technically, the site is built on WordPress with modern plugins and hosted behind Cloudflare CDN, but suffers from critical SSL/TLS misconfigurations that undermine secure communications. Security headers are partially implemented, but the lack of a valid SSL certificate and modern TLS protocols significantly lowers the security posture. Privacy compliance is generally good with a comprehensive privacy policy and terms of service, though no cookie consent mechanism is evident. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and maintain trust.

The website zumtobelgroup.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) security challenge page that requires JavaScript and cookies to be enabled. This prevents access to any substantive content, metadata, or business information on the site. The domain is hosted behind Cloudflare and uses Microsoft Outlook for email services, indicating a professional infrastructure. However, the SSL certificate is invalid or missing, resulting in no HTTPS support, which is a critical security issue. Due to the blocked content, no privacy policies, cookie consent mechanisms, or contact information are available for review. The WHOIS data indicates a legitimate registration consistent with the Zumtobel Group business identity, with no suspicious patterns detected. Overall, the site’s security posture is weak due to lack of HTTPS and incomplete security configurations, and the content quality cannot be assessed. The AI overall score is low due to these critical issues and lack of accessible content.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

M

MM Group

mm-karton.com

0

MM Group is a global leader in consumer packaging, specializing in cartonboard, folding cartons, kraft papers, uncoated fine papers, leaflets, and labels. The company targets businesses in the packaging and manufacturing sectors, emphasizing sustainability and innovation. Their website reflects a mature digital presence with multilingual support, comprehensive business information, and investor relations transparency. Technically, the site is built on WordPress with modern JavaScript libraries and integrates analytics and consent management tools. However, the security posture is weak due to the absence of a valid SSL certificate and lack of TLS support, which poses risks to data confidentiality and user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security.

P

Precision Valve & Automation, Inc.

pva.net

0

Precision Valve & Automation, Inc. (PVA) is a medium-sized manufacturing company specializing in precision fluid dispensing, selective conformal coating, and custom automation equipment. The company positions itself as a leader in its niche, serving global manufacturers with a comprehensive product and service offering. Their website reflects a professional and well-structured digital presence, leveraging WordPress CMS with advanced plugins and integrations for marketing, analytics, and user engagement. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to potential risks and undermining trust. While privacy compliance is well addressed through cookie consent mechanisms and a comprehensive privacy policy, the lack of HTTPS significantly impacts the overall security posture. Strategic improvements in SSL implementation and security policy transparency are recommended to enhance trust and compliance.

E

EXIAS Medical GmbH

exias-medical.com

0

EXIAS Medical GmbH is a specialized healthcare company founded in 2014, focusing on the development and distribution of analyzers for point-of-care and laboratory applications. The company maintains a professional online presence with detailed product information and a clear business model targeting healthcare professionals and laboratories. Technically, the website is built on WordPress with modern plugins and SEO optimizations, though it suffers from a critical lack of HTTPS, which undermines security. Privacy compliance is strong, with GDPR-aligned cookie consent and a comprehensive privacy policy. The security posture is weak due to missing SSL/TLS and modern security headers, posing risks to user data and trust. Overall, the website is credible and well-structured but requires urgent security improvements to protect visitors and enhance trust.

V

Van Wagner

vanwagner.com

0

Van Wagner is a prominent full-service sports advertising and entertainment agency specializing in creating, connecting, and selling on behalf of world-class sports leagues, teams, colleges, and brands. The company offers a broad range of services including TV-visible signage, event production, college marketing, aerial advertising, and broadcast control center solutions. Their market position is strong, supported by partnerships with major sports leagues and Fortune 500 companies. The website reflects a mature digital presence with professional design, rich content, and effective SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. The site leverages modern web technologies and is hosted on a reputable platform, but performance could be improved. Overall, the business demonstrates credibility and professionalism but must address fundamental security issues to enhance trust and protect visitors.

U

Universalmuseum Joanneum GmbH

museum-joanneum.at

0

The Universalmuseum Joanneum is Austria's oldest and second largest museum institution, operating 20 museums and one zoo across 14 locations in the Steiermark region. Founded in 1811, it offers a rich cultural, historical, and natural heritage experience to a broad audience including families, schools, and art enthusiasts. The website reflects a professional and comprehensive digital presence with excellent content quality and user experience, supported by a mature TYPO3 CMS platform. However, the technical infrastructure shows significant security weaknesses, notably the absence of a valid SSL certificate and lack of HTTPS support, which critically impacts the site's security posture. Privacy and cookie policies are well implemented and GDPR compliant, but incident response and security policy information are absent. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

O

One Collective

iteams.us

0

One Collective is a US-based non-profit organization dedicated to creating sustainable and lasting change in marginalized communities worldwide through a faith-inspired, collaborative model. Their approach centers on empowering local leaders and fostering holistic community development. The website is hosted on Squarespace and integrates modern web technologies including PostHog for analytics and Termly for cookie consent management. While the site presents well-structured content and clear navigation, it suffers from a critical security issue due to an invalid SSL certificate, which undermines user trust and security. Privacy compliance is basic, with no explicit privacy policy or terms of service pages found, though cookie consent mechanisms are in place. The organization maintains active social media channels and uses a donation platform to support its mission. Overall, the website demonstrates moderate digital maturity but requires urgent improvements in security and privacy transparency to enhance trustworthiness and compliance.

LEDVANCE GmbH operates a comprehensive corporate website focused on professional lighting, home lighting, and renewable energy solutions. The company positions itself as a leading global provider in the lighting industry, targeting both professional lighting experts and consumers. The website offers extensive product catalogs, services, and sustainability information, reflecting a mature and well-established business model. Technically, the site uses modern technologies including nginx and Pimcore CMS, with integrations such as Google Tag Manager and Usercentrics for consent management. However, the SSL/TLS configuration is currently invalid or missing, which is a critical security concern. Security headers are well implemented, but the lack of valid HTTPS reduces the overall security posture. Privacy policies and cookie consent mechanisms are present and comprehensive, indicating good compliance with GDPR. Contact information is primarily available via contact forms, with no explicit emails or phone numbers found. Overall, the website is professional and content-rich but requires urgent improvements in SSL configuration to enhance security and trust.

F

Felder Group

felder-group.com

0

Felder Group is a well-established manufacturer and distributor of woodworking machines with a global presence and multiple premium brands. The company offers a wide range of products including bandsaws, CNC machines, edgebanders, and automation solutions, targeting professional woodworking trade and industry sectors. The website is professionally designed, multilingual, and rich in content, supporting a strong brand image and customer engagement through testimonials and social media. Technically, the site uses Pimcore CMS, Cloudflare CDN, and integrates Usercentrics for consent management, but lacks a valid SSL certificate, which is a critical security gap. Security headers are minimal, and no advanced security policies or incident response information is published. Privacy compliance is well addressed with clear privacy and cookie policies. Overall, the site is credible and trustworthy but requires urgent security improvements to enable HTTPS and strengthen its security posture.

H

HARTL HAUS

hartlhaus.at

0

HARTL HAUS is a well-established Austrian manufacturer specializing in prefabricated wooden houses, with over 125 years of market presence. The company offers a range of modern bungalow and two-story homes, including individually planned dream houses, all produced in Austria with an integrated carpentry workshop. Their market position is strong, being a quality leader with high customer satisfaction. Technically, the website runs on TYPO3 CMS hosted on an Apache Ubuntu server, with modern marketing and consent tools integrated. However, the lack of a valid SSL certificate and HTTPS support is a significant security gap. The site includes comprehensive privacy and cookie policies with consent mechanisms, but lacks explicit terms of service and incident response information. Overall, the business is credible and trustworthy, but the security posture requires urgent improvement to protect user data and enhance trust.

The website elsner.at is a parked domain sale page operated by CORNUCOPIAS.COM OÜ, an Estonian company specializing in domain resale. The site offers the domain for sale via well-known domain marketplaces Sedo and DAN.com, highlighting experience and buyer protection programs. The technical infrastructure relies on Amazon S3 and CloudFront CDN, with minimal content and basic design elements such as Google Fonts. However, the site lacks HTTPS support due to an invalid or missing SSL certificate, which significantly impacts security and trust. No privacy, cookie, or terms of service policies are present, and no contact information is provided, limiting user trust and compliance with privacy regulations.

B

Big Brothers Big Sisters of America

bbbs.org

0

Big Brothers Big Sisters of America is a large, well-established non-profit organization dedicated to youth mentoring across the United States. The website provides comprehensive information about their programs, impact, and notable individuals associated with the organization. The technical infrastructure is based on WordPress with modern web technologies and analytics tools, hosted on Pantheon. While the site is professionally designed and content-rich, it suffers from a critical security issue due to the lack of a valid SSL/TLS certificate and proper HTTPS configuration, which significantly impacts its security posture. Privacy compliance is basic, with no clear cookie consent mechanism detected. Overall, the site is trustworthy and authoritative in its domain but requires urgent security improvements.

T

The Ritz London

theritzlondon.com

0

The Ritz London is a prestigious luxury 5-star hotel located in Mayfair, London, offering premium accommodation, Michelin starred dining, and exclusive services such as chauffeur and butler service. The website reflects a high level of professionalism with rich multimedia content and clear navigation, targeting affluent travelers seeking an iconic hospitality experience. Technically, the site is built on WordPress with WooCommerce and uses common libraries like jQuery and Owl Carousel, hosted behind Cloudflare. However, a critical security issue is the absence of a valid SSL certificate and HTTPS, which significantly impacts the security posture. Privacy and terms policies are present, but no cookie consent mechanism is detected. The business information is consistent and trustworthy, supported by WHOIS data and trust indicators such as the Royal Warrant and affiliation with The Leading Hotels of the World.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

SONNENTOR Kräuterhandels GMBH operates a professional e-commerce and retail platform specializing in organic teas and spices with a strong commitment to sustainability, direct trade, and eco-friendly packaging. The company has a well-established market presence since 1988, targeting consumers interested in organic and sustainable products. The website is well-designed, mobile-optimized, and provides comprehensive content and navigation. Technically, the site uses modern technologies including Pimcore CMS, Bootstrap framework, and integrates multiple marketing and analytics tools such as Google Tag Manager, Matomo, Emarsys, and Kameleoon. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue that must be addressed promptly to protect user data and maintain trust. Privacy compliance is strong with clear cookie consent mechanisms and GDPR-aligned privacy policies. Overall, the business credibility is high, supported by clear contact information, certifications, and consistent WHOIS data.

M

MBIT Solutions GmbH

mbit.at

0

MBIT Solutions GmbH is an established Austrian IT service provider specializing in tailored web and software solutions for medium to large enterprises and public organizations. Their offerings include enterprise-grade websites, web development, industry-specific solutions, and B2B e-commerce platforms. The company has a strong market position supported by over two decades of experience and a portfolio of reputable clients. Technically, the website is built on TYPO3 CMS, hosted on Apache servers, and integrates modern marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which undermines HTTPS security despite the presence of security headers and content security policies. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Overall, the website demonstrates high professionalism and trustworthiness but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

L

LEITNER

leitner-ropeways.com

0

LEITNER is a well-established company specializing in the manufacturing and supply of ropeway systems and components, serving sectors such as winter sports, urban transportation, tourism, and material transport. Founded in 1888 and part of the HTI Group, LEITNER holds a strong market position with a global footprint and a comprehensive portfolio of products and services including after-sales support and training. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and integrates marketing and analytics tools such as Google Analytics and Microsoft Clarity. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is comprehensive and includes multiple phone numbers, emails, and forms. Overall, LEITNER's website is professional and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

L

Ludwig Boltzmann Gesellschaft

rare-diseases.at

0

The Ludwig Boltzmann Institute for Rare and Undiagnosed Diseases (LBI-RUD) is a specialized Austrian research institute focused on investigating rare diseases, particularly those affecting the immune system, blood formation, and nervous system. The institute operated for seven years until March 2023, contributing valuable scientific insights and supporting patients through its research. The website serves as an informational platform targeting researchers, medical professionals, and affected patients, providing news, research areas, and organizational information. The business model is non-profit, funded by grants and public sources, and it operates under the Ludwig Boltzmann Gesellschaft umbrella. Technically, the website is built on WordPress and hosted on servers associated with domaindiscount24.net. While the site has a professional design with good navigation and mobile optimization, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. This exposes visitors to potential risks and undermines trust. The site uses Matomo analytics for user tracking and includes a cookie consent banner, indicating some level of privacy compliance, though GDPR compliance is not fully evident. Security posture is weak due to missing HTTPS, lack of security headers, and outdated SSL/TLS configurations. No incident response or security policies are publicly disclosed. Contact information is clearly provided, including phone, address, and an obfuscated email address. Social media presence is active across major platforms, enhancing outreach and trust. Overall, the website is functional and informative but requires urgent security improvements to protect users and enhance credibility. Strategic recommendations include implementing HTTPS, improving security headers, and enhancing privacy compliance documentation.

N

Norske Skog ASA

norskeskog.com

0

Norske Skog ASA is a well-established Norwegian manufacturing company specializing in publication and packaging paper products, with a strong emphasis on sustainability and innovation. The company holds a significant market position as one of the largest suppliers of newsprint and recycled containerboard in Europe. Their website reflects a professional business with clear investor relations, product information, and sustainability commitments. Technically, the site uses a traditional tech stack including jQuery, Bootstrap, and Dynamicweb CMS, with Google Tag Manager for analytics. However, the absence of HTTPS and modern security protocols is a critical vulnerability that undermines user trust and data security. Privacy compliance is minimal, with a basic privacy policy but no cookie consent mechanism. Overall, the website is content-rich and professionally presented but requires urgent security improvements.

V

VAMED WWH

vamed.com

0

VAMED WWH is a globally recognized provider of modern hospital solutions, specializing in turnkey projects that encompass design, construction, medical equipment supply, and operational support for healthcare facilities. The company has a strong international presence with a portfolio of approximately 1,000 projects across more than 98 countries, serving government health ministries and healthcare providers. The website reflects a professional and comprehensive presentation of their services and project achievements, targeting healthcare infrastructure stakeholders worldwide. Technically, the site is built on WordPress with Elementor and related plugins, offering good mobile optimization and accessibility but suffers from the critical absence of a valid SSL certificate, resulting in no HTTPS support. This significantly impacts the site's security posture and user trust. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Overall, the business credibility and content quality are high, but the lack of HTTPS is a major security concern that needs immediate remediation.

The website realityconsult.com currently hosts minimal content, consisting solely of a redirect script to a /lander page. There is no visible business information, metadata, or structured data to describe the company or its services. The domain is registered and uses Amazon AWS IP addresses but lacks a valid SSL certificate, resulting in no HTTPS support. This severely impacts the security posture and trustworthiness of the site. No privacy, cookie, or terms of service policies are present, and no contact or social media information is available. Overall, the website appears inactive or under construction, providing no meaningful user experience or business insight. The lack of security best practices such as DNSSEC, CAA records, and security headers further weakens the site's security stance.

Raiffeisen Zertifikate is a leading Austrian financial services provider specializing in certificate investment products, with a strong market position evidenced by multiple awards. The website is professionally designed, content-rich, and targets investors interested in sustainable and flexible investment options. Technically, the site uses TYPO3 CMS, integrates modern analytics and marketing tools, and is hosted behind Cloudflare. However, the security posture is weakened by the absence of a valid SSL certificate and disabled modern TLS protocols, which poses risks to data confidentiality and user trust. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the site is trustworthy but requires urgent SSL/TLS remediation to improve security and user confidence.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

L

LOOP New Media GmbH

agentur-loop.com

0

LOOP New Media GmbH is a global digital agency specializing in digital brand building, technology, and content production for leading consumer brands. With over 400 talents across 7 offices worldwide, the company serves a diverse portfolio of high-profile clients such as Puma, Red Bull, Audi, and Breitling. The website reflects a professional and consistent brand image targeting enterprises seeking comprehensive digital marketing and content services. Technically, the site is built on Craft CMS, uses Cloudflare for hosting and CDN, and integrates Google Tag Manager for analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap. Security headers are partially implemented, but modern TLS protocols and HSTS are missing, reducing the overall security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Contact information is primarily via email with multiple office locations listed, but no phone numbers are explicitly provided. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

V

Viewpointsystem: Smart Glasses und Eye Tracking

viewpointsystem.com

0

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 27 security findings identified across all modules.

Bacardi Limited is the world's largest privately held spirits company, with a rich heritage dating back over 160 years. The company operates globally with a portfolio of over 200 brands and labels, serving a diverse audience including consumers, industry professionals, investors, and job seekers. The website reflects a mature business model focused on brand management, production, distribution, and corporate sustainability initiatives. Technically, the site is built on WordPress, hosted on WP Engine with Cloudflare CDN, and integrates modern marketing and analytics tools such as Google Tag Manager and OneTrust for cookie consent. However, the absence of a valid SSL certificate and lack of HTTPS significantly undermine the site's security posture, exposing users to potential risks. Privacy compliance is well addressed with clear policies and consent mechanisms, but explicit security policies and incident response information are missing. Overall, the site is professional and trustworthy but requires urgent security improvements to align with best practices.

E

evolaris next level GmbH

evolaris.net

0

evolaris next level GmbH is a technology-focused company specializing in mobile communication and digital innovation services. Their website highlights their role as a bridge between science and business, offering digital assistance systems, customized solutions, software engineering, user experience design, and research activities. The company targets enterprises seeking to enhance their digital capabilities and innovation potential. The website is professionally designed, with clear navigation and relevant content, supporting their market position as an established innovation center in Austria. Technically, the website runs on WordPress CMS with common plugins such as NextGEN Gallery and EvoSlider, and uses Apache server hosting likely provided by Hetzner. While the site includes Google Analytics for user tracking, performance metrics are not optimal, and mobile optimization is good. However, a critical technical shortfall is the lack of a valid SSL certificate and HTTPS support, exposing users to security risks. From a security perspective, the site lacks HTTPS, HSTS, and modern TLS protocol support, which are fundamental for secure communications. No advanced security headers or incident response contacts are found. The absence of cookie consent mechanisms and limited privacy policy details indicate partial GDPR compliance. The WHOIS data aligns well with the website's business information, supporting legitimacy. Overall, the website presents a moderate risk profile primarily due to missing HTTPS and security best practices. Strategic improvements in SSL configuration, security headers, and privacy compliance would significantly enhance trust and security posture.

thyssenkrupp AG is a large multinational industrial technology group focused on engineering innovative and sustainable solutions for future challenges. The website reflects a mature digital presence with comprehensive content targeting industrial clients, investors, and job seekers. Technically, the site uses modern frameworks like Angular and is hosted on Amazon CloudFront, but lacks a valid SSL certificate and HTTPS enforcement, which is a critical security deficiency. Security headers are well implemented, but the absence of TLS protocols and session security features lowers the security posture significantly. Privacy compliance is good with a clear privacy policy and GDPR adherence, though no cookie consent mechanism was detected. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

CARE Österreich is a well-established non-profit organization focused on humanitarian aid and sustainable development in over 100 countries. The website reflects a professional and content-rich platform targeting donors, partners, and beneficiaries. The technical infrastructure is based on WordPress hosted on WP Engine, utilizing modern plugins and tracking tools with GDPR-compliant cookie consent. However, the absence of a valid SSL/TLS certificate is a critical security flaw that exposes users to risks and undermines trust. While privacy policies and contact information are comprehensive and transparent, the lack of incident response and security policy pages indicates room for improvement in security governance. Overall, the site demonstrates strong business credibility and user experience but requires urgent security enhancements.

Security assessment completed with an overall score of 0/100 (unknown risk). 6 critical issues require immediate attention. Total of 30 security findings identified across all modules.

Volkswagen Versicherungsdienst GmbH (VVD) is a medium-sized insurance service company operating as a subsidiary of Porsche Bank in Austria. It specializes in providing automotive insurance products and services to customers of Volkswagen Group brands and other vehicle owners. The website presents a professional and consistent brand image with comprehensive service offerings including liability, partial and full coverage insurance, legal protection, and additional guarantees. Technically, the site is built on Craft CMS and leverages Cloudflare for hosting and security, along with modern marketing and analytics tools such as Google Tag Manager and Facebook Pixel. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines the security posture. Privacy compliance is well addressed with a detailed privacy policy and cookie consent mechanism. Contact information is clearly provided, enhancing business credibility.