Security Directory

I

Intemann GmbH

intemann.com

24

Intemann GmbH is a medium-sized Austrian company specializing in technical building services across multiple sectors including energy, industrial plants, commercial and residential construction, and hospitality. The company offers comprehensive services such as planning, prefabrication, ventilation technology, and maintenance. Their market position is that of an established regional player with international project reach, supported by a consistent brand presence and certifications. Technically, the website is built on TYPO3 CMS with a modern JavaScript stack but lacks HTTPS, which is a critical security shortfall. The site includes cookie consent mechanisms and clear contact information, supporting GDPR compliance. However, the absence of SSL/TLS and security policies reduces the overall security posture. Strategic improvements in security infrastructure and incident response readiness are recommended to enhance trust and compliance.

F

Foggia Città Aperta

foggiacittaaperta.it

33

Foggia Città Aperta is a local news media website providing news, videos, blogs, and event information focused on the Foggia province in Italy. Established in 2012, it serves a regional audience with content spanning politics, sports, culture, and society. The website demonstrates a consistent brand presence and active social media engagement. Technically, the site uses a variety of JavaScript libraries and frameworks such as jQuery and Bootstrap, hosted on Aruba infrastructure. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a significant security concern. Cookie consent is implemented, but privacy policies are basic and lack comprehensive GDPR compliance indicators. No explicit security or incident response policies are found. Overall, the site is functional and content-rich but requires urgent security improvements to protect user data and enhance trust.

G

GTW Management Consulting GmbH

gtw-mc.com

24

GTW Management Consulting GmbH is an established international IT consulting firm specializing in SAP-based mass customer billing and related services. With offices in Austria, Switzerland, and Germany, the company serves a broad range of industries including transport, energy, telecommunications, finance, and manufacturing. Their key offerings include SAP BRIM consulting, subscription billing, credit management software, and data migration tools. The website reflects a professional and consistent brand presence with strong client testimonials and partnership with SAP. Technically, the site is built on TYPO3 CMS with common JavaScript libraries, but lacks a valid SSL certificate, which is a critical security shortfall. Privacy compliance is well addressed with clear cookie consent and privacy policies. Overall, the company demonstrates solid business credibility but must urgently address its security posture to protect user data and maintain trust.

A

ace Neue Informationstechnologien GmbH

ace.at

26

ace Neue Informationstechnologien GmbH is an established Austrian IT company with over 25 years of experience specializing in digital transformation solutions, including foundation management software, CRM based on Microsoft Dynamics 365, and business applications leveraging Microsoft Azure. Their market position is that of a trusted regional provider targeting foundations, public sector entities, and businesses seeking efficient CRM and digital solutions. The website reflects a professional and consistent brand image with clear service offerings and contact information. Technically, the site uses a modern frontend stack with SilverStripe CMS and popular JavaScript libraries, but lacks HTTPS, which is a critical security shortfall. The cookie consent mechanism and privacy policy indicate good GDPR compliance. Security posture is basic with no advanced headers or incident response information published. Overall, the site is functional and professional but requires urgent SSL implementation to improve security and trust.

I

iMedia Web Solutions

imediasolutions.biz

22

iMedia Web Solutions is a small technology company based in India specializing in web design, WordPress development, eCommerce solutions, and responsive websites. With over 9 years of operation and more than 500 satisfied clients, the company positions itself as a reliable service provider offering white label and outsourcing solutions. The website is built on WordPress with a modern tech stack including PHP 7.4, LiteSpeed server, and popular plugins such as WPBakery and Slider Revolution. However, the site lacks a valid SSL certificate, which critically impacts its security posture. No privacy or cookie policies are present, indicating poor compliance with data protection regulations. Contact information is clearly provided, including phone, email, physical address, and a detailed contact form. Overall, the site demonstrates good content quality and business credibility but suffers from significant security and privacy shortcomings.

B

bulmor industries GmbH

bulmor-airground.com

37

Bulmor airground technologies GmbH is a specialized manufacturer of medical highloaders (Ambulift SideBull) designed to facilitate safe and efficient boarding of mobility-impaired passengers at airports. The company has a niche market position with patented technology and partnerships with major airports and airlines. The website is built on TYPO3 CMS and uses several JavaScript libraries for enhanced user experience. However, the site lacks a valid SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. The domain is mature and trustworthy, registered since 2011 with no suspicious patterns beyond lack of domain protection locks.

S

Sonnenberg-Apotheke, Helge Lehnert e.K.

sonnenberg-apotheke.com

38

Sonnenberg-Apotheke is a well-established local pharmacy in Chemnitz, Germany, operating since 2001. The business offers a range of pharmaceutical services including certified travel vaccination advice, medication reservation, rental of medical devices, and substitution care for opioid-dependent patients. The website reflects a professional and consistent brand presence targeting local customers with additional online service capabilities. Technically, the site uses a modern front-end stack with Foundation framework and common JS libraries but lacks performance metrics and has no valid SSL certificate, which is a critical security concern. Security headers are partially implemented but the absence of HTTPS and modern TLS protocols significantly weakens the security posture. Privacy and cookie policies are present, indicating GDPR awareness, though the cookie consent mechanism is minimal. Contact information is clearly provided and consistent with WHOIS data, supporting business credibility. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

M

MTEL Austria

mtel.at

39

MTEL Austria is a telecommunications provider offering a range of services including mobile tariffs, internet, and TV entertainment packages primarily targeting private and business customers in Austria. The company is part of the Telekom Serbien Group, indicating a solid regional market presence. The website is professionally designed with good content quality, clear navigation, and mobile optimization. It leverages modern JavaScript libraries and integrates marketing and analytics tools such as Google Tag Manager, Hotjar, and Cookiebot for consent management. However, the site currently lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are properly configured, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with a consent mechanism in place. Contact information including email and phone numbers is clearly provided, enhancing business credibility. Overall, the website is functional and professional but requires urgent security improvements to protect user data and build trust.

B

Baschnegger Ammann Partner

bap.cc

25

Baschnegger Ammann Partner is a well-established creative agency based in Dornbirn, Austria, specializing in branding, design, communication, and digital marketing services. With over 40 years of experience, the agency targets small to large companies primarily in the Bodensee region and surrounding economic areas. Their market position is strong within western Austria, supported by a professional website showcasing client references and a consistent brand image. Technically, the website is built on WordPress with a modern tech stack including PHP 8.4.8 and various JavaScript libraries, optimized for mobile and SEO. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. The site implements GDPR-compliant cookie consent mechanisms and uses reputable analytics and marketing tools such as Google Analytics and HubSpot. Overall, the business demonstrates high professionalism and trustworthiness but must address its SSL deficiency to improve security posture and user trust.

H

Hackabu Growth Consulting

hackabu.com

40

Hackabu Growth Consulting is a specialized digital marketing and growth consulting firm based in Austria, serving both B2C and B2B clients. The company offers a broad range of services including online marketing, marketing automation, performance marketing, programmatic advertising, social recruiting, AI consulting, and workshops. Their market position is that of a leading online marketing and growth consultancy with a strong focus on data-driven strategies and innovative technologies. The website is professionally designed, content-rich, and targets businesses seeking growth through digital channels. Technically, the site is built on WordPress with Elementor and uses various modern web technologies and optimization tools. However, a critical security issue is the absence of a valid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, the business credibility is high, supported by clear contact information, social media presence, and client logos. Strategic recommendations include immediate SSL implementation and enhancement of security configurations to protect user data and improve trust.

V

Venionaire Capital AG

worldventureforum.info

43

World Venture Forum 2025 is a well-established international event focused on fostering global relations in the venture capital, crypto, family office, corporate innovation, and impact investing sectors. The event is held in Kitzbühel, Austria, and features a comprehensive program with multiple unique mountain chalet venues, keynote speakers, workshops, and networking opportunities. The business model revolves around event organization, ticket sales, and sponsorship packages, targeting investors, entrepreneurs, and industry leaders. The website is professionally designed with rich content, clear navigation, and strong branding consistency. Technically, the website is built on WordPress using Elementor and several event-related plugins. It integrates Google Analytics for tracking and uses Borlabs Cookie for cookie consent management. However, the site lacks HTTPS, which is a critical security flaw, and does not implement important security headers or modern TLS protocols. Performance is moderate to slow, and while mobile optimization and accessibility are good, the absence of SSL significantly impacts the security posture. Security-wise, the site has no SSL/TLS encryption, no HSTS, no OCSP stapling, and no secure cipher suites, exposing users to potential risks. There is no visible security policy or incident response information. Privacy compliance is good with a comprehensive privacy policy and cookie consent mechanism. Business credibility is supported by detailed company information, multiple contact methods, and trust indicators such as testimonials and partner listings. Overall, the site presents a strong business and content profile but requires urgent security improvements to protect users and enhance trust. Strategic recommendations include immediate SSL implementation, adding security headers, and enhancing incident response transparency.

A

African Diaspora Youth Forum in Europe (ADYFE)

adyfe.eu

40

The African Diaspora Youth Forum in Europe (ADYFE) is a well-established non-profit platform founded in 2014, serving nearly 110 youth organizations across 31 to 41 European countries. It focuses on empowering African diaspora youth through entrepreneurship, employability, and civic engagement initiatives. The website is built on WordPress with a modern tech stack including Bootstrap and popular plugins for galleries and forms. However, the site suffers from a critical security issue: the lack of a valid SSL certificate, resulting in no proper HTTPS support. Security headers are partially implemented but ineffective without SSL. Privacy compliance is weak, with no visible privacy or cookie policies, and no incident response or vulnerability disclosure mechanisms. Contact information is available via email and contact forms, and social media presence is active on major platforms. Overall, the site presents good content and business credibility but requires urgent security and compliance improvements.

Theater in der Josefstadt Betriebsges.m.b.H. operates a well-established cultural institution in Austria, providing theatrical performances, ticketing services, subscriptions, and related cultural events. The website serves as a comprehensive portal for current programming, ticket sales, and audience engagement, targeting theatergoers and cultural enthusiasts primarily in Austria. The business enjoys a mature domain with consistent registration details aligning with its public identity. Technically, the website is built on TYPO3 CMS with modern frontend components such as Owl Carousel and YouTube video integration. However, performance metrics are lacking, and the site shows signs of slow loading. Mobile optimization and SEO are adequately addressed, but accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS enforcement, exposing users to potential risks. While some security headers are present, critical TLS protocols and best practices are missing. Privacy compliance is partially met with a privacy policy and terms of service, but no cookie consent mechanism is implemented. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and trust. Strategic enhancements in SSL/TLS deployment, cookie consent, and performance optimization will significantly improve the site's security and user experience.

N

Nemak

nemak.com

35

Nemak is a large manufacturing company specializing in aluminum automotive components, with a strong focus on sustainability and decarbonization initiatives. The company targets automotive manufacturers, investors, suppliers, and job seekers, positioning itself as a global leader in its sector. The website reflects a professional corporate presence with good content quality and consistent branding. Technically, the site uses modern JavaScript libraries and frameworks hosted on Microsoft Azure, but lacks a valid SSL certificate, which is a critical security shortfall. The security posture is weak due to missing HTTPS, lack of security headers, and no published security policies. Privacy compliance is basic, with cookie consent implemented but no detailed GDPR compliance indicators. Contact information and social media presence are well established, supporting business credibility. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

M

mtms Solutions

eventdata-services.com

40

mtms Solutions is an Austrian technology company specializing in SaaS software solutions for the event management industry. Their offerings include ticketing, accreditation, messaging services, guest management, live streaming, and business intelligence solutions. The company targets event organizers and businesses requiring integrated event and messaging platforms, positioning itself as a flexible and innovative provider in the event technology sector. The website is professionally designed with consistent branding and clear navigation, supporting multiple languages and featuring customer testimonials and certifications such as the Sport Leading Company seal. Technically, the site uses a variety of modern web technologies including Apache, Bootstrap, jQuery, and Matomo analytics, and appears to be built on the Redaxo CMS. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. Security headers are minimal, and no incident response or security policy information is provided. Privacy compliance is well addressed with comprehensive privacy and cookie policies and a consent mechanism. Overall, the site demonstrates good business credibility and content quality but requires urgent improvements in security posture to protect user data and enhance trust.

Kathrein USA operates as a technology company specializing in broadcast, cellular, and IoT antennas, providing connectivity solutions primarily targeting businesses in telecommunications and related sectors. The website presents itself as a medium for sharing industry-related content and company information but lacks comprehensive contact and compliance documentation. Technically, the site is built on WordPress with common web technologies such as jQuery and Bootstrap, hosted behind Cloudflare. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture and user trust. Security headers are partially implemented, but critical modern TLS protocols and encryption are missing. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. The site uses Clicky Analytics for user tracking without clear privacy disclosures. Overall, the website demonstrates moderate business credibility but requires significant improvements in security and privacy to meet industry standards.

A

AFFiRiS AG

affiris.com

27

AFFiRiS AG is a clinical-stage biopharmaceutical company based in Austria, specializing in the development of novel immunotherapies for chronic diseases such as neurodegenerative disorders and hypercholesterolemia. The company leverages its proprietary AFFITOME® technology to create Specific Active ImmunoTherapies (SAIT) aimed at improving patient outcomes beyond current treatment options. The website presents a professional and well-structured digital presence targeting patients, investors, and healthcare professionals, with clear business and contact information. However, the absence of a valid SSL certificate and HTTPS implementation represents a significant security risk that undermines user trust and data protection. The site uses WordPress CMS with common plugins and libraries, but performance metrics indicate slow loading times, suggesting room for technical optimization. Privacy compliance is addressed through a cookie consent banner and a privacy policy, though terms of service and explicit security policies are not evident. Overall, AFFiRiS demonstrates a credible business profile with a need to urgently improve its security posture to protect visitors and comply with best practices.

M

Mayr-Melnhof Holz Holding AG

mm-holz.com

40

Mayr-Melnhof Holz is a leading European manufacturer in the wood industry, specializing in engineered wood products such as glued laminated timber and cross-laminated timber. With a history spanning over 170 years, the company holds a strong market position and offers a comprehensive range of wood construction solutions. The website reflects a mature digital presence with detailed product information, references, and a multilingual interface targeting architects, planners, and industry professionals. Technically, the site is built on TYPO3 CMS and employs modern JavaScript libraries like Owl Carousel and Google Analytics for user tracking. However, the site suffers from slow load times and lacks a valid SSL certificate, which significantly impacts its security posture. The absence of HTTPS and modern TLS protocols is a critical vulnerability that needs immediate remediation. Security-wise, the company has implemented SPF records and avoids subdomain takeover risks, but the lack of DNSSEC, HSTS, and OCSP stapling reduces its overall security maturity. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism, aligning with GDPR requirements. Overall, the website is professional and content-rich but requires urgent security improvements, especially regarding SSL/TLS configuration, to enhance trust and protect user data.

A

American Superconductor

amsc.com

40

American Superconductor (AMSC) is a medium-sized US-based technology company specializing in advanced power electronics and superconductor systems that support smarter, cleaner energy solutions globally. The company serves energy utilities, renewable energy developers, and marine power sectors, positioning itself as a key player in the energy technology market with NASDAQ listing and a global footprint. The website reflects a professional digital presence with clear business descriptions, investor relations, and product offerings focused on grid and renewable energy solutions. Technically, the site is built on WordPress with modern JavaScript libraries and frameworks, hosted on Pantheon, and optimized for mobile users. However, performance is moderate and accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, exposing the site to risks and reducing trust. Privacy compliance is well addressed with comprehensive privacy and cookie policies. Overall, the site is credible but requires urgent security improvements to protect users and enhance trust.

P

PageGroup

page.com

40

PageGroup is a well-established global recruitment consultancy operating since 1976 with a strong market position and multiple specialist brands. The website reflects a professional corporate presence with comprehensive content targeting job seekers, employers, and investors. Technically, the site uses a mature Drupal CMS platform with modern front-end libraries and integrates multiple analytics and marketing tools. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which critically impact secure communications. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy but requires urgent security improvements to protect user data and maintain credibility.

D

Das Österreichische Patentamt

patentamt.at

40

Das Österreichische Patentamt is the central government authority in Austria responsible for intellectual property rights including patents, trademarks, and designs. The website serves as an information and service hub offering online filing, advisory services, and educational programs such as the IP Academy. The organization holds ISO 9001 and ISO 27001 certifications, reinforcing its commitment to quality and information security. The site targets a broad audience including inventors, businesses, startups, legal professionals, and students. Technically, the website is built on TYPO3 CMS with modern frontend libraries and frameworks, providing a professional and accessible user experience. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Security headers are well implemented but cannot compensate for the lack of encryption. Privacy compliance is strong with comprehensive cookie consent mechanisms and GDPR-aligned policies. Overall, the site is authoritative and trustworthy but requires urgent improvements in SSL/TLS deployment to enhance security posture.

ISIS Papyrus Europe AG operates a comprehensive digital Customer Communication and Process Platform targeting large enterprises globally, especially in banking, insurance, and telecommunications sectors. The company offers a broad suite of software solutions including CCM, ECM, Intelligent Document Processing, Adaptive Case Management, and Omni-Channel communication platforms. The website reflects a mature, enterprise-grade business with strong market positioning, evidenced by partnerships with IBM and recognition from Gartner Peer Insights. Technically, the website employs a modern tech stack with Bootstrap, jQuery, and various multimedia integrations, but suffers from a critical lack of HTTPS due to an invalid or missing SSL certificate, severely impacting security posture. Security headers are present but insufficient without proper SSL/TLS. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism despite tracking scripts. Overall, the site is professionally designed and content-rich, but the lack of HTTPS is a major risk that must be addressed urgently.

E

ELK GmbH

elk.at

40

ELK GmbH is a well-established Austrian company specializing in prefabricated houses, boasting over 60 years of market leadership. Their website reflects a mature business with a strong brand presence, offering a variety of housing solutions including single-family homes, bungalows, multi-family houses, and apartments. The company emphasizes sustainability and customer service, supported by multiple industry awards and partnerships such as with RB Leipzig. Technically, the website uses modern web technologies including Cloudflare CDN, Bootstrap, jQuery, and Vimeo for video content, ensuring a rich user experience and mobile responsiveness. However, the site lacks a valid SSL certificate, which is a critical security flaw that undermines user trust and data protection. Security headers are properly configured, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism. Contact information is primarily via contact forms and social media channels, with no explicit emails or phone numbers displayed. Overall, ELK GmbH's digital presence is professional and content-rich but requires urgent improvements in security and privacy compliance to align with best practices and regulatory requirements.

T

The Ritz London

theritzlondon.com

35

The Ritz London is a prestigious luxury 5-star hotel located in Mayfair, London, offering premium accommodation, Michelin starred dining, and exclusive services such as chauffeur and butler service. The website reflects a high level of professionalism with rich multimedia content and clear navigation, targeting affluent travelers seeking an iconic hospitality experience. Technically, the site is built on WordPress with WooCommerce and uses common libraries like jQuery and Owl Carousel, hosted behind Cloudflare. However, a critical security issue is the absence of a valid SSL certificate and HTTPS, which significantly impacts the security posture. Privacy and terms policies are present, but no cookie consent mechanism is detected. The business information is consistent and trustworthy, supported by WHOIS data and trust indicators such as the Royal Warrant and affiliation with The Leading Hotels of the World.

Primetals Technologies is a global leader in metallurgical plant solutions, offering a comprehensive portfolio of services and technologies across the steel production value chain. Their website reflects a mature enterprise-level business with a strong focus on innovation, digitalization, and sustainability, including green steel initiatives. The company targets industrial clients and professionals in the steel and metallurgical sectors, providing automation, lifecycle services, and integrated plant solutions. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and includes multilingual support and professional design. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap that undermines data protection and user trust. Security headers are well implemented, but the lack of encryption and modern TLS protocols significantly lowers the security posture. Privacy compliance is well addressed with Cookiebot and Google Consent Mode integration, ensuring GDPR alignment. Overall, the site demonstrates high business credibility and professionalism but requires urgent security improvements to meet modern standards.

B

Base-IT GmbH

baseit.at

22

Base-IT GmbH is an Austrian IT service provider specializing in consulting, planning, installation, and maintenance of IT systems, with a strong focus on cybersecurity and managed services for small and medium enterprises (KMU). The company holds recognized ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications, underscoring its commitment to information security and data privacy. Their market position is supported by a portfolio of diverse IT services and a visible client base, including references and social media presence. Technically, the website is built on a SilverStripe CMS platform with modern JavaScript libraries such as jQuery, MDBootstrap, Owl Carousel, and Swiper. The hosting appears to be provided by Hetzner. While the site is mobile-optimized and well-structured with good SEO practices, performance data is lacking, and accessibility is basic. The site uses a cookie consent mechanism compliant with GDPR and integrates Google Analytics for performance and user tracking. From a security perspective, the absence of HTTPS and a valid SSL/TLS certificate is a critical vulnerability, severely impacting the overall security posture. Other security best practices such as HSTS, OCSP stapling, and security headers are missing. The company demonstrates good security governance through certifications but lacks visible incident response or vulnerability disclosure policies on the website. Overall, the website is professional and content-rich but requires urgent security improvements to enable HTTPS and enhance security headers. Strategic recommendations include implementing SSL/TLS, publishing incident response policies, and enhancing security controls to improve trust and compliance.

V

VDEL

vdel.com

31

VDEL is an established software company founded in 1993, specializing in customized software solutions including document and process management, blockchain, big data, and AI. The company operates internationally with subsidiaries in Belgrade and Katowice and serves businesses seeking integrated IT solutions. Their business model includes distribution and multilingual support, leveraging partnerships such as Software United. Technically, the website uses Bitrix CMS with common web technologies and Google Tag Manager for analytics. However, the absence of a valid SSL certificate and lack of privacy and cookie policies indicate significant security and compliance gaps. The security posture is weak due to missing HTTPS and security policies, exposing users to risks. Overall, the website is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

K

Klapty

klapty.com

62

Klapty is a Swiss-based online platform specializing in the creation, sharing, and exploration of virtual tours in 360°, VR 360, and 3D. Established in 2019, it serves a diverse audience including real estate professionals, photographers, and tourism-related businesses. The platform offers a comprehensive suite of services such as virtual tour creation, embedding, QR code generation, and a marketplace for professional photographers. Technically, the website employs modern web technologies including jQuery, Bootstrap, and various analytics and monitoring tools, hosted behind Cloudflare for performance and security. Security measures include HTTPS with a valid SSL certificate, SPF and DMARC email policies, and basic domain protection, though improvements like HSTS and DNSSEC are recommended. The site demonstrates strong business credibility with consistent branding, extensive content, and active social media presence. However, the absence of a cookie consent mechanism and explicit security policies suggests areas for compliance enhancement. Overall, Klapty presents a mature, professional, and trustworthy digital presence with moderate performance that could benefit from technical optimizations and enhanced privacy controls.

B

BCS Koolitus AS

bcskoolitus.ee

40

BCS Koolitus AS is a well-established Estonian company specializing in IT training and certification services for both IT specialists and general computer users. The company offers a broad range of courses including Microsoft Office, IT infrastructure management, programming languages, and e-learning platforms. Their market position is strong within Estonia, supported by extensive project experience and recognized quality certifications such as the HAKA quality mark. The website reflects a professional and consistent brand image with detailed service descriptions and active client engagement through testimonials and project showcases. Technically, the site is built on WordPress with modern technologies and includes multilingual support, though performance optimization is needed due to slow load times and large page size. Security posture is generally good with HTTPS and OCSP stapling, but improvements are recommended in DNS and email security configurations. Privacy compliance is basic with cookie consent mechanisms and privacy policies present, but GDPR compliance could be enhanced. Overall, the company demonstrates credible business operations with clear contact information and a moderate level of digital maturity.

B

BCS

bcs.ee

40

BCS is a well-established Estonian IT services company founded in 1989, specializing in IT management, cybersecurity, and business IT solutions. The company positions itself as a trusted partner for digital innovation and security, targeting businesses and organizations in Estonia. Their website reflects a mature digital presence with comprehensive service offerings and a focus on cybersecurity through their Infoturbekeskus. Technically, the site is built on WordPress with modern technologies such as TLS 1.3, reCAPTCHA, and LiveChat integration, though performance could be improved due to high resource count and load time. Security posture is solid with proper SSL configuration, SPF and DMARC email protections, and no critical vulnerabilities detected. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, though terms of service and explicit security policies are not found. Overall, the site demonstrates good business credibility and technical maturity with room for security header enhancements and performance optimization.

S

Smelt by Polaria

smeltbypolaria.no

50

Smelt by Polaria is a Norwegian e-commerce retailer specializing in sustainable, locally sourced interior and lifestyle products. The company targets environmentally conscious consumers in Norway, offering a broad product range from Nordic and European suppliers. Their business model focuses on online sales with additional services like click-and-collect and flexible payment options. The website demonstrates good content quality, clear navigation, and consistent branding, supported by trust signals such as certifications and customer reviews. Technically, the site uses modern JavaScript libraries and frameworks but suffers from a critical lack of HTTPS due to an invalid SSL certificate, which severely impacts security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and build trust.

N

NextGen | GTA

kellytelecom.com

54

NextGen | GTA, a Kelly Telecom company, is a leading provider of innovative engineering, deployment, and talent solutions in the telecommunications and digital infrastructure industry. The company specializes in staffing, scope of work, and direct hire services, serving Tier-1 carriers and technology firms across the United States and Canada. Their market position is strong, supported by extensive client testimonials, industry awards, and a comprehensive service portfolio including 5G, fiber, RF design, and network optimization. Technically, the website is built on WordPress with modern plugins and integrations such as Gravity Forms, Cookiebot, and Google Analytics, hosted behind Cloudflare CDN. However, the site lacks a valid SSL certificate and HTTPS, which is a critical security gap. Security headers are partially implemented but the absence of TLS protocols and certificate transparency compliance significantly lowers the security posture. Privacy compliance is good with a clear privacy policy and cookie consent mechanism. Overall, the website is professional and trustworthy but urgently needs to address SSL/TLS issues to improve security and user trust.

A

ASDASD srl

popwifi.it

38

PopWiFi is a small Italian telecommunications company specializing in wireless internet connectivity and fiber optic services targeted at residential and business customers in select provinces of Italy. The company offers various internet plans with promotional pricing and includes VoIP telephone services as an experimental feature. The website demonstrates a consistent brand presence with customer testimonials and active social media links. Technically, the site uses a modern front-end stack including Bootstrap and jQuery, but suffers from slow load times and lacks a valid SSL certificate, exposing users to security risks. Privacy and cookie policies are present and appear GDPR compliant, though no explicit consent mechanism is implemented. Overall, the business appears legitimate and regionally focused, but the lack of HTTPS and security headers significantly impacts its security posture.

Z

Zong

zong.com.pk

40

Zong is a leading telecommunications provider in Pakistan, offering a wide range of prepaid, postpaid, business, and value-added services with a strong focus on 4G data coverage. The website reflects a mature digital presence with comprehensive service offerings and a consistent brand aligned with its parent company, China Mobile. Technically, the site uses modern JavaScript libraries and tracking technologies but suffers from critical security shortcomings due to the absence of a valid SSL certificate and HTTPS support. This exposes users to potential risks and undermines trust. Privacy compliance is minimal, with no cookie consent mechanisms or explicit GDPR indicators. Overall, while the business and content quality are strong, the security posture requires urgent improvement to protect users and enhance credibility.

L

Landmarc Solutions

landmarcsolutions.com

36

Landmarc Solutions is a well-established service provider specializing in safe and sustainable training solutions for the Armed Forces in the United Kingdom. With over 20 years of experience, the company offers a range of services including training areas and ranges, rural management, project management, facilities management, and MOD event locations. The website reflects a professional and consistent brand image targeting military and government clients. Technically, the website is built on WordPress using Elementor and integrates modern tools such as Cookiebot for privacy compliance and Google Analytics for visitor insights. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate, resulting in no HTTPS support and lack of security headers, which significantly impacts its security posture. Privacy compliance is strong with clear policies and consent mechanisms in place. Overall, the website is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

Board24 is a UK-based manufacturer specializing in corrugated sheet board and cases, providing sustainable packaging solutions tailored to business needs. The company operates multiple sites across the UK, including Coalville, Preston, and Eurocentral, and offers tools such as sheet board and case calculators to assist customers. The website is built on WordPress using Elementor and is hosted on a LiteSpeed server, featuring modern web technologies and good mobile optimization. However, the site lacks a valid SSL certificate, which is a critical security vulnerability that undermines user trust and data protection. Privacy and cookie policies are present but basic, with limited evidence of full GDPR compliance. Contact information is available, including a UK phone number and newsletter subscription, and social media presence is established on LinkedIn and YouTube. Overall, the site demonstrates good business credibility and content quality but requires urgent security improvements to enhance trust and compliance.

A

ASDASD srl

asdasd.it

22

ASDASD srl is a small Italian telecommunications wholesale provider specializing in IP transit, co-location, DSL, and Layer-2 services. The company targets business and carrier customers in Italy and Europe, offering a range of connectivity and hosting solutions including POPWIFI and FiberSurf. The website presents a professional image with relevant content and clear service descriptions, supported by social media presence and physical contact information. Technically, the website runs on outdated Apache and PHP versions without HTTPS, which significantly impacts security posture. The absence of a valid SSL certificate and modern security headers exposes the site to risks and reduces trustworthiness. Privacy compliance is minimal, with a privacy policy and cookie policy present but lacking active consent mechanisms. Overall, the site is functional but requires urgent security upgrades to meet modern standards and improve user trust.

L

Luminor

luminorcareers.ee

37

LuminorCareers.ee is a professional career portal for Luminor bank, primarily targeting job seekers in Estonia and the Baltic region. The website offers detailed job listings, employee testimonials, and career-related information, positioning Luminor as an employer of choice in the banking sector. The site leverages modern web technologies and a CMS platform to deliver content but suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. Privacy compliance is well addressed through OneTrust cookie consent and a comprehensive privacy policy. However, the lack of visible contact information and security policies limits transparency. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

G

Generalitat de Catalunya

atm.cat

66

Autoritat del Transport Metropolità (ATM) is a public consortium under the Generalitat de Catalunya, managing integrated transport tariffs and mobility projects in the Barcelona metropolitan area. The website serves as an official portal providing comprehensive information about transport tariffs, mobility plans, transparency, and customer support. It targets residents and public transport users in Catalonia, offering multilingual content and links to related government services. The business model is public sector focused, emphasizing transparency and service delivery rather than commercial revenue. Technically, the website is built on the Liferay CMS platform with modern web technologies including React and Bootstrap. While the site is content-rich and accessible, performance is hindered by a high load time and large page size. The site is mobile optimized and includes accessibility features. SEO and metadata are well implemented, including Open Graph tags. Security posture is adequate with HTTPS enforced, valid SSL certificates, and email authentication via DMARC and SPF. However, advanced security headers like HSTS and DNSSEC are missing, and domain protection locks are not enabled, which could be improved. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is trustworthy and professionally maintained, reflecting its governmental nature. Recommendations include enhancing security headers, enabling DNSSEC, improving performance, and adding explicit security and incident response policies to further strengthen trust and compliance.

I

Interact

interact-sport.com

62

Interact is a non-profit initiative focused on promoting Sport for All by supporting international sport organizations in capacity building, certification, and community engagement. The website presents a professional and content-rich platform targeting sport organizations and grassroots participants. Technically, the site is built on WordPress with common libraries and plugins, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is basic with HSTS enabled but no valid TLS protocols or certificate transparency compliance. Privacy compliance is well addressed with a cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure user interactions.

N

NISZ Nemzeti Infokommunikációs Szolgáltató Zrt.

nisz.hu

40

NISZ Nemzeti Infokommunikációs Szolgáltató Zrt. is a key Hungarian government IT and telecommunications service provider, supporting digital government infrastructure and public sector digital transformation. The company offers a range of services including mobile applications, telecommunication services, managed IT services, data center and cloud services, and videoconferencing platforms. The website reflects a mature and professional organization with clear business focus on government clients and public institutions. Technically, the site uses modern frontend technologies and integrates multiple analytics and marketing tools, but suffers from a critical security flaw due to the absence of a valid SSL certificate and lack of TLS support, which severely impacts its security posture. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and trust.

M

Magyar Rádió Művészeti Együttesei

mrze.hu

40

The website represents the official online presence of the Magyar Rádió Művészeti Együttesei, a Hungarian cultural organization focused on classical music ensembles including symphonic orchestra, choir, and children's choir. It serves as a platform for concert information, ticket sales, media content, and organizational news, targeting classical music enthusiasts and concert attendees primarily in Hungary. The site is built on WordPress with a variety of custom plugins and integrates media streaming services. However, a critical security gap exists as the site lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. The site includes a cookie consent mechanism and links to a comprehensive privacy policy hosted on the parent MTVA domain, indicating good privacy compliance. No direct contact emails or phone numbers are visible, but a contact form is available. Overall, the site is professionally designed with good accessibility and SEO practices but requires urgent security improvements.

M

Magyar Rádió Művészeti Együttesei

radiomusic.hu

40

radiomusic.hu is the official website for the Hungarian Radio's Artistic Ensembles, providing information about their symphonic orchestra, choir, children's choir, and related cultural events. The site serves a Hungarian-speaking audience interested in classical music and concert attendance, offering ticket sales, event calendars, galleries, and news updates. The organization is well-established with a history of over 80 years, supported by the parent media entity MTVA. Technically, the site is built on WordPress with a variety of plugins and JavaScript libraries to enhance user experience and functionality. However, the absence of a valid SSL/TLS certificate is a critical security shortfall, exposing users to potential risks and reducing trust. The site implements cookie consent mechanisms and links to legal and privacy pages, but lacks explicit security or incident response policies. Overall, the website is content-rich and professionally maintained but requires urgent security improvements to meet modern standards.

K

Közszolgálati Médiaakadémia Alapítvány

media-akademia.hu

40

The Média Akadémia website represents a Hungarian non-profit foundation dedicated to media education and talent development, primarily targeting future television and radio professionals. The site is well-structured with rich content including news articles, event information, and educational program details. It leverages WordPress CMS with a variety of plugins to deliver multimedia content and interactive features. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. The site implements a cookie consent mechanism but lacks comprehensive privacy and security policies. The domain registration is consistent and aligns with the organization's public media affiliations, indicating legitimacy. Strategic improvements in security posture and privacy compliance are necessary to enhance overall trustworthiness and compliance.

D

Duna Médiaszolgáltató Nonprofit Zrt.

dunamsz.hu

40

Duna Médiaszolgáltató Nonprofit Zrt. operates as a Hungarian public media service provider delivering television, radio, and online content primarily targeting Hungarian-speaking audiences. The website serves as a portal for accessing media services and related information, reflecting a nonprofit business model with a strong public service orientation. The company is positioned as a key player in Hungary's media landscape, supported by partnerships with official entities such as MTVA. Technically, the website is built on WordPress with a modern set of JavaScript libraries and plugins to support multimedia content delivery and user interaction. However, the absence of a valid SSL certificate and HTTPS support represents a critical security gap, exposing users to potential risks. The site includes a cookie consent mechanism but lacks explicit privacy, security, and incident response policies, which may affect compliance with GDPR and other regulations. Overall, the site is functional and professionally designed but requires urgent security enhancements to protect user data and improve trust.

A

AJUNTAMENT DE LLEIDA

paeria.cat

72

The website paeria.cat is the official digital presence of the Ajuntament de Lleida, the municipal government of Lleida, Spain. It serves as a comprehensive portal for residents and visitors to access city information, municipal services, online procedures, news, events, and citizen participation platforms. The site is well-positioned as a trusted government resource with a broad range of public services and cultural content. Technically, the website is built on the Plone CMS platform, leveraging modern web technologies such as jQuery, Owl Carousel, and Google Fonts, hosted on Microsoft Azure infrastructure. While the site offers good accessibility and SEO features, its performance is somewhat slow due to a large page size and high resource count. Security posture is solid with HTTPS enforced using TLS 1.3 and 1.2, OCSP stapling, and valid SPF and DMARC DNS records. However, improvements are recommended in enabling HSTS, DNSSEC, domain protection locks, and additional security headers. Privacy compliance is strong with clear privacy and cookie policies and GDPR adherence. Contact information is readily available, including phone numbers, physical address, and online forms, complemented by active social media channels. Overall, the website demonstrates a mature, professional, and trustworthy government digital service with room for technical and security enhancements.

C

Consorzio Terra di San Marino

terradisanmarino.com

49

Consorzio Terra di San Marino is a small-sized cooperative consortium focused on protecting and promoting typical agro-food products from the Republic of San Marino. The website serves as a platform to showcase their products, events, and cultural heritage, targeting local consumers and enthusiasts of traditional food and rural culture. Technically, the site is built on Drupal 7 with common web libraries and Google Analytics for tracking. However, the site suffers from critical security shortcomings, notably the absence of HTTPS and a valid SSL certificate, which exposes users to risks and undermines trust. Privacy compliance is basic, with a cookie policy and consent mechanism but no explicit privacy or security policies. The domain is mature and consistent with the business claims, enhancing credibility. Overall, the site provides good content and user experience but requires urgent security improvements to protect visitors and enhance trust.

M

Médiaszolgáltatás-támogató és Vagyonkezelő Alap (MTVA)

mtva.hu

40

MTVA.hu is the official website of the Hungarian public media organization Médiaszolgáltatás-támogató és Vagyonkezelő Alap (MTVA), providing a wide range of media services including television, radio, and online content. The site is well-structured, content-rich, and targets the Hungarian public with news, press releases, and organizational information. The business model is public service media, supported by government funding, positioning MTVA as a leading media broadcaster in Hungary. Technically, the site is built on WordPress with modern JavaScript libraries and accessibility features, hosted on Telekom.hu infrastructure. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. The site implements proper email security with SPF and DMARC records and includes a cookie consent mechanism compliant with GDPR. Overall, the website demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

T

TIM San Marino S.p.A.

telecomitalia.sm

56

TIM San Marino S.p.A. is a telecommunications company operating in the Republic of San Marino, providing fiber internet, mobile, and fixed telephony services primarily targeting residential and business customers. The website presents a professional and well-structured digital presence, leveraging WordPress CMS and common web technologies to deliver content and service information effectively. The company maintains clear contact channels and legal compliance with privacy and cookie policies, reflecting a mature approach to customer engagement and regulatory adherence. However, the website's security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which undermines secure communications and user trust. Despite this, the presence of security headers and a vulnerability disclosure page indicates some level of security awareness. Overall, the site is functional and credible but requires urgent improvements in SSL/TLS configuration to enhance security and user confidence.