Security Directory

I

International Baccalaureate Organization

ibo.org

57

The International Baccalaureate Organization (IBO) is a globally recognized non-profit entity providing high-quality international education programs to over 1.9 million students across more than 5,800 schools worldwide. The website reflects a strong market position with comprehensive educational offerings, professional development services, and a robust global community. The content is well-structured, professionally designed, and highly relevant to its target audience of students, educators, and educational institutions. Technically, the website employs modern web technologies including JavaScript, jQuery, Google Tag Manager, and Cookiebot for privacy compliance. The use of Chakra UI framework enhances the user interface and accessibility. Hosting appears to be via Cloudflare, ensuring good performance and security. The site is mobile-optimized and includes accessibility features, contributing to a positive user experience. From a security perspective, the site enforces HTTPS, implements multiple security headers, and uses a comprehensive cookie consent mechanism with granular controls. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policies and incident response information are not publicly available, representing an area for improvement. Overall, the website demonstrates a mature digital presence with strong privacy and compliance practices, extensive analytics and marketing integrations, and a high level of professionalism. The risk profile is low, but strategic enhancements in security transparency and vulnerability disclosure could further strengthen trust and compliance.

G

Groupe SEB WMF Retail GmbH

wmf.com

63

WMF Onlineshop is the official e-commerce platform of Groupe SEB WMF Retail GmbH, a historic German company with over 170 years of tradition in premium kitchenware and coffee machines. The website offers a comprehensive product catalog, including cutlery, pots, pans, coffee machines, and kitchen accessories, targeting consumers seeking high-quality kitchen products. The platform integrates modern technologies such as Magento 2 with Hyvä Theme, Alpine.js, and various marketing and analytics tools, reflecting a mature digital infrastructure. From a security perspective, the website enforces HTTPS and employs monitoring tools like New Relic. It also implements robust privacy and cookie consent mechanisms via OneTrust, ensuring GDPR compliance. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not visibly configured, representing an area for improvement. No critical vulnerabilities or WAF blocking were detected, indicating a secure and accessible platform. Overall, WMF Onlineshop demonstrates a high level of professionalism, technical sophistication, and compliance with privacy regulations. It effectively balances user experience, security, and business needs, positioning itself as a trustworthy and reputable online retailer in the premium kitchenware market.

I

iPoint-systems gmbh

kerp.at

50

iPoint-systems gmbh operates a sophisticated software platform focused on Impact Intelligence, product compliance, and sustainability performance management. The company targets a broad audience including C-suite executives, product designers, and compliance experts, positioning itself as a recognized specialist in supply chain sustainability software. Their offerings include compliance software, sustainability tools, consulting services, and training, supported by certifications such as ISO 9001:2015 and ISO/IEC 27001:2022. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries like Swiper.js and integrates Google Tag Manager for analytics. The site is well-structured, mobile-optimized, and professionally designed, reflecting a mature digital presence. Security posture is solid with HTTPS and some best practices, but lacks visible security headers and explicit incident response contacts. Privacy compliance is partially addressed with a privacy policy but lacks a cookie consent mechanism despite tracking scripts. Overall, the domain registration aligns well with the business identity, supporting high legitimacy and trustworthiness.

M

ManpowerGroup

experis.com

63

Experis, a brand under ManpowerGroup, is a global leader specializing in IT staffing and project services. The company connects skilled IT professionals with organizations worldwide, offering flexible solutions that adapt to evolving technology demands. Their market position is strong, supported by a comprehensive portfolio of services including IT staffing, project services, business transformation, and cybersecurity expertise. The website reflects a mature digital presence with modern technologies and integrations such as HubSpot, Google Analytics, and Microsoft Azure B2C authentication, indicating a high level of digital maturity and customer engagement capabilities. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though some security headers could be improved. Privacy compliance is well addressed with clear policies and consent management. Overall, the website and business demonstrate high professionalism, trustworthiness, and alignment with industry standards.

C

Consys.it Srl

consys.it

52

Consys.it Srl is an Italian cybersecurity company specializing in managed security services, compliance solutions, and advanced cybersecurity technologies. The company positions itself as a trusted partner for businesses seeking to protect their digital assets and comply with stringent regulatory requirements. Their website presents a professional and consistent brand image, targeting B2B clients with a comprehensive portfolio of cybersecurity services including Security Operation Center, Security Automation, and Compliance Guard solutions. The technical infrastructure is based on WordPress CMS with modern plugins and integrations such as WPBakery Page Builder, Contact Form 7, Google Tag Manager, and Google reCAPTCHA, indicating a mature digital presence. The site is mobile optimized and includes privacy compliance mechanisms via Iubenda, reflecting attention to GDPR requirements. Security posture is strong with HTTPS enforced, use of reCAPTCHA on forms, and cookie consent management. However, explicit security headers and incident response contact details are not evident, suggesting areas for improvement. The WHOIS data aligns well with the website's business claims, supporting legitimacy and trustworthiness. Overall, Consys.it demonstrates a solid cybersecurity business presence with good technical and privacy compliance, though enhancements in security transparency and incident response communication would strengthen their posture further.

U

Unior d.d.

unior.com

49

Unior d.d. is a well-established Slovenian manufacturing company specializing in metal processing, particularly forging and hand tools. Founded in 1919, it holds a strong market position as a global leader in its industry segments, serving automotive and other industrial clients worldwide. The website reflects a professional and consistent brand image, with clear navigation and multilingual support, targeting global buyers and industry partners. Technically, the site uses modern tracking tools such as Google Tag Manager and Google Analytics, with a custom CMS and responsive design ensuring good user experience across devices. Security posture is moderate, with HTTPS implied and cookie consent mechanisms implemented, but lacking explicit security headers and published security policies. Privacy compliance is basic, with a privacy policy likely embedded in legal notices but no explicit GDPR statements or data protection officer contact. Overall, the website is trustworthy and professionally maintained, though improvements in security transparency and privacy compliance are recommended.

M

METRO AG

metro-cc.com

63

METRO AG operates as a leading international wholesaler specializing in food service and wholesale for professional customers such as HoReCa and Traders. The company maintains a strong market position with over 30 countries of operation, 623 wholesale stores, 94 delivery depots, and an online marketplace. Their business model focuses on multichannel marketing and tailored services, supported by a portfolio of own brands and subsidiaries. Technically, the website is built on a modern stack including Sitecore CMS, Bootstrap, and integrates analytics tools like Google Analytics and Siteimprove, with good mobile optimization and accessibility. Security posture is solid with cookie consent mechanisms, CSRF protection, and no visible vulnerabilities, though security headers and incident response contacts could be improved. Overall, the website is professional, trustworthy, and compliant with GDPR, reflecting a mature digital presence for an enterprise-level retail business.

E

ENPULSION GmbH

enpulsion.com

16

Enpulsion GmbH is a technology company specializing in advanced electric propulsion systems for small satellites such as CubeSats and SmallSats. The company is positioned as an innovative leader in the satellite propulsion market, offering modular and scalable thrusters designed to enhance satellite mobility and maneuverability. Their product portfolio includes high-performance propulsion units and a smart mobility interface, supported by proven flight heritage and industrial scale manufacturing capabilities. The website reflects a professional and modern digital presence, leveraging WordPress with advanced forms and interactive elements to engage their target audience of satellite manufacturers and space mission planners. Security posture is strong with HTTPS and no visible vulnerabilities, though some security headers could be improved. Privacy compliance is adequate with a clear privacy policy but lacks a cookie consent mechanism. Overall, the site demonstrates high business credibility and technical maturity, supporting Enpulsion's market position as a trusted provider in the space technology sector.

V

Vinzenz Harrer GmbH

harrer.at

11

Vinzenz Harrer GmbH is a well-established Austrian company specializing in wood construction solutions, operating for approximately 30 years. The company offers a comprehensive online shop with a wide range of products including insulation materials, system connectors, adhesives, and tools tailored for wood construction professionals and qualified craftsmen. Their market position is strong within Austria as a leading specialist, supported by a network of partner craftsmen and extensive customer service and training offerings. The website is professionally designed with clear navigation and good content quality, targeting primarily German-speaking users in Austria. Technically, the site uses ASP.NET WebForms with jQuery and modern tracking tools such as Google Analytics and Facebook Pixel, though some outdated libraries present minor security concerns. Security posture is good with HTTPS enforced and cookie consent implemented, but could be improved with updated libraries and additional security headers. Overall, the site demonstrates a mature digital presence with good privacy compliance and business credibility.

X

Xeikon

xeikon.com

20

Xeikon is a well-established manufacturer and provider of digital printing technology, specializing in high-quality dry toner and UV inkjet solutions. With over 30 years of experience and a strong market position as a pioneer in digital printing systems, Xeikon serves a B2B audience primarily in the manufacturing and packaging sectors. The company is a division of Flint Group, which adds corporate credibility and resources. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. Technically, the site employs modern frameworks and libraries such as Bootstrap, Livewire, and Font Awesome, ensuring good performance and mobile optimization. Security measures include HTTPS enforcement and cookie consent mechanisms, though some security headers like Content-Security-Policy could be enhanced. No critical vulnerabilities or WAF blocks were detected, indicating a solid security posture. Overall, Xeikon's online presence is professional, trustworthy, and compliant with privacy regulations, supporting its business credibility and customer engagement.

Niederberger Gruppe is a well-established German company specializing in facility services, including cleaning, technical services, and facility management. With over 90 years of experience, it holds a strong market position in Germany, serving a broad range of industries with tailored service offerings. The website reflects a professional and comprehensive presentation of their services and locations, targeting business clients across Germany. Technically, the site is built on modern frameworks such as Next.js and React, ensuring fast performance, mobile optimization, and good SEO practices. Security measures include HTTPS enforcement, Google reCAPTCHA v3 integration, and a cookie consent mechanism that respects user privacy by not using cookies. The absence of exposed sensitive data and the presence of privacy and legal policies indicate a mature security posture. Overall, the website is trustworthy, professional, and compliant with GDPR requirements, making it a reliable digital presence for the company.

Nissan Motor Corporation operates a comprehensive global website that serves as a central hub for corporate information, sustainability initiatives, investor relations, innovation, and career opportunities. The company is a major player in the transportation industry with a strong global brand and a focus on sustainable mobility and advanced automotive technologies. The website targets a broad audience including consumers, investors, partners, and potential employees. Technically, the site employs a modern technology stack including jQuery, Swiper.js, Google Tag Manager, and OneTrust for cookie consent, indicating a mature digital infrastructure. The site is mobile optimized and well-structured for user experience and SEO. Security posture is strong with HTTPS enforced and use of standard security best practices, although explicit security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site reflects a high level of professionalism and trustworthiness consistent with a large multinational corporation.

T

Tipico Careers

tipico-careers.com

54

Tipico Careers is the official recruitment portal for Tipico, a leading sports betting provider in Germany and a recognized technology company in the gaming industry. The website serves as a comprehensive platform for job seekers, showcasing open roles, company culture, and benefits. The business positions itself strongly in the sports betting market with a focus on innovation, teamwork, and excellence. The site targets professionals interested in careers within sports betting and technology sectors, emphasizing a vibrant and inclusive work culture. Technically, the website employs modern web technologies including jQuery, Popper.js, Google Tag Manager, Microsoft Clarity, Hotjar, and Crazy Egg for analytics and user experience optimization. The site is mobile-optimized, accessible, and SEO-friendly with proper meta tags and structured data. Performance is moderate with multimedia content and video integration. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms aligned with GDPR. However, explicit security headers and published security policies are absent, representing an area for improvement. No vulnerabilities or exposed sensitive data were detected. The domain registration details are consistent with the business claims, enhancing trustworthiness. Overall, the website is professional, secure, and compliant with privacy regulations, making it a reliable platform for prospective employees. Strategic recommendations include enhancing security headers, publishing incident response contacts, and adding vulnerability disclosure information to further strengthen security posture and trust.

E

Exel Composites

exelcomposites.com

19

Exel Composites is a global leader in composite design and manufacturing with over 60 years of experience. The company specializes in producing high-performance composite materials using continuous manufacturing methods such as pultrusion and pull-winding. Their business model focuses on B2B industrial clients across sectors including transportation, energy, infrastructure, and manufacturing. The website reflects a mature corporate presence with multilingual support, investor relations, and comprehensive product and case study information. Technically, the site is built on WordPress with modern JavaScript libraries and SEO optimizations, delivering a good user experience with mobile responsiveness and accessibility considerations. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and no visible vulnerabilities or exposed sensitive data. However, formal security policies and incident response information are not published, representing an area for improvement. Overall, the website is professional, trustworthy, and aligned with the company's market position and business objectives.

B

BANDEX

bandex.com

8

BANDEX is a well-established Austrian manufacturing company specializing in curtain and decorative bands, with a history dating back to 1955. The company offers a range of textile products including curtain tapes and technical textiles, supported by an online shop and innovative digital tools such as configurators and a virtual showroom. Their target audience includes retail customers, interior decorators, and textile professionals. The website is primarily in German and reflects a medium-sized enterprise with consistent branding and a good level of content quality. Technically, the website employs a modern tech stack including jQuery, Bootstrap, and Google Tag Manager, with additional tools for user interaction and tracking. The site is mobile-optimized and provides a good user experience with clear navigation and structured content. However, some technical details such as hosting provider and CMS are not explicitly identified. From a security perspective, the site uses HTTPS and implements a cookie consent mechanism compliant with GDPR. While no explicit security policies or incident response contacts are found, the site does not exhibit obvious vulnerabilities or exposed sensitive data. The use of third-party tracking services is moderate, and privacy compliance appears adequate. Security headers and advanced security practices could be improved. Overall, BANDEX presents a trustworthy and professional online presence with moderate risk. Strategic improvements in security policy transparency, incident response readiness, and security header implementation would enhance their security posture and compliance standing.

P

Provation

provationmedical.com

52

Provation is a well-established healthcare technology company specializing in clinical documentation and information management solutions. Their product suite includes cloud-based and on-premise software tailored for hospitals, ambulatory surgery centers, anesthesia providers, and care teams. The company emphasizes reducing clinician burden and improving patient care through intelligent, integrated workflows. Technically, the website is built on WordPress with modern plugins and frameworks, demonstrating good digital maturity and mobile optimization. Security posture is strong, supported by recognized certifications such as SOC 2, ISO 27001, and HIPAA compliance, although some security headers could be enhanced. Overall, the site reflects a professional, trustworthy business with a clear focus on healthcare providers. Strategic recommendations include enhancing security headers, adding explicit incident response contacts, and implementing a vulnerability disclosure policy to further strengthen trust and compliance.

D

Diakon

diakon.org

35

Diakon is a well-established non-profit organization founded in 1868, providing a broad range of social services including adoption, foster care, behavioral health, affordable housing, and senior services. The organization targets children, youth, families, and older adults, serving nearly 70,000 individuals annually. Their market position is strong within the non-profit social services sector, supported by a consistent brand presence and multiple service offerings. Technically, the website employs a modern tech stack including jQuery, Bootstrap, and Google Tag Manager, indicating moderate digital maturity. The site is mobile-optimized with good navigation and content relevance. Security posture is adequate with HTTPS usage and CSRF protections, but lacks explicit security headers and published security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is professional and trustworthy, with room for improvement in security and privacy transparency.

B

Brainloop AG

brainloop.com

23

Brainloop AG is a German-based technology company specializing in secure online collaboration and data room solutions for enterprises, particularly targeting DAX-40 companies and corporate governance professionals. Their product suite includes Brainloop MeetingSuite, BoardRoom, DealRoom, and CollaborationRoom, designed to facilitate confidential document handling and secure communication both internally and with external partners. The company positions itself as a leading provider in the DACH region with a strong focus on information security and compliance. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and Google Tag Manager, indicating a mature digital infrastructure. The site is mobile-optimized and SEO-friendly, though some accessibility features could be improved. Security-wise, the site enforces HTTPS and respects Do Not Track signals, but lacks explicit security headers and a cookie consent mechanism, which are recommended for enhanced compliance and protection. Overall, the domain registration data aligns well with the company's identity, supporting legitimacy and trust. Strategic recommendations include implementing cookie consent, publishing a security policy, and enhancing security headers to strengthen the security posture further.

A

Ableneo

ableneo.com

37

Ableneo is a medium-sized technology and transformation partner specializing in bridging business consulting with software engineering to support startups, scaleups, and corporates in driving innovation and growth. The company offers key services including AI & Data enabling, Business Optimization & Efficiency, Product Design & Development, and Software Engineering. With over 80 team members, multiple offices worldwide, and a client base exceeding 50, Ableneo positions itself as a trusted partner in the technology consulting space. Technically, the website is built on WordPress with modern plugins such as Yoast SEO, Contact Form 7, and Complianz GDPR for compliance. The hosting infrastructure appears to be on AWS, and the site uses various frontend technologies including Bootstrap, Swiper.js, and Lottie animations. SEO and mobile optimization are well implemented, though performance metrics indicate slow loading times. From a security perspective, the site lacks a valid SSL certificate and does not support any TLS protocols, which is a critical vulnerability. No advanced security headers or incident response policies are present. However, email authentication via SPF is configured, and no known SSL vulnerabilities like Heartbleed or POODLE are detected. Privacy compliance is strong with GDPR-aligned cookie consent and privacy policies. Overall, the website is professional and content-rich, but the absence of HTTPS significantly impacts its security posture and trustworthiness. Strategic improvements in SSL/TLS deployment and security headers are essential to enhance protection and user confidence.

M

Masternaut Limited

masternaut.com

40

Masternaut Limited operates as a leading UK provider of fleet telematics and tracking solutions, now branded under MICHELIN Connected Fleet. The company targets fleet operators seeking to optimize operations and reduce costs, offering telematics systems and fleet management services. The website reflects a professional B2B business model with a strong market position in transportation technology. Technically, the site is built on HubSpot CMS, leveraging modern marketing and analytics tools, but suffers from critical SSL certificate issues that undermine HTTPS security. Security headers are present but cannot compensate for the lack of a valid SSL certificate. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information is available via phone and a contact form, but no explicit security or incident response policies are published. Overall, the site is functional and professional but requires urgent remediation of SSL and privacy compliance gaps.

T

The Natural History Museum

nhm.ac.uk

40

The Natural History Museum website serves as a comprehensive digital portal for one of the UK's leading educational and cultural institutions. It offers extensive information on exhibitions, scientific research, educational resources, and visitor services, targeting a broad audience including the general public, educators, and researchers. The site is well-branded, professionally designed, and provides clear navigation and rich content relevant to its mission. Technically, the website leverages modern web technologies such as React with Next.js and Adobe Experience Manager as its CMS, hosted on Microsoft Azure. While the site is mobile-optimized and accessible, performance is currently hindered by an invalid SSL certificate and lack of enabled TLS protocols, which also impacts the security posture. Security-wise, the site implements some security headers like HSTS and X-Frame-Options but lacks a valid SSL certificate and proper TLS support, which are critical for secure communications. Privacy and cookie policies are comprehensive and GDPR compliant, with a clear consent mechanism in place. Social media integration and tracking tools like Google Tag Manager and Adobe DTM are used responsibly with privacy considerations. Overall, the website is trustworthy and professional but requires urgent remediation of SSL and TLS issues to ensure secure user interactions and improve its security score. Strategic improvements in SSL management and security best practices will enhance user trust and compliance.

CliftonLarsonAllen LLP (CLA) is a large, established professional services firm in the finance sector, offering integrated wealth advisory, digital, audit, tax, outsourcing, and consulting services. The company targets businesses and individuals seeking comprehensive financial and consulting solutions, operating across more than 130 locations in the United States. The website reflects a professional and consistent brand presence with rich content and multiple client engagement portals. Technically, the site uses modern JavaScript frameworks such as Vue.js, integrates marketing and analytics tools like Google Tag Manager, HubSpot, and Microsoft Web Tracking, and is hosted behind Cloudflare. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, severely impacting the security posture. Privacy compliance is well addressed with comprehensive privacy and cookie policies and consent mechanisms. Overall, the site demonstrates strong business credibility and digital maturity but requires urgent remediation of its SSL configuration to ensure secure communications and maintain trust.

Korean Air operates as a major airline company primarily serving air travelers with passenger and cargo transportation services. The website branding and metadata confirm the business identity as a South Korean airline with an enterprise scale. The technical infrastructure leverages Amazon Web Services for hosting and Akamai for content delivery, supplemented by multiple third-party analytics and marketing tools such as Dynatrace, Quantum Metric, Adobe DTM, and Google Tag Manager. However, the website lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical security deficiency. Security headers are present but insufficient without HTTPS, and no privacy or cookie policies are detected, indicating gaps in compliance and user trust mechanisms. The website content is accessible without WAF or security challenges, but the absence of contact information and legal policies reduces overall credibility. The domain registration data aligns well with the business claims, supporting legitimacy. Overall, the site requires urgent security improvements and enhanced privacy compliance to meet modern standards.

B

Bernd Gruber GmbH

bernd-gruber.at

24

Bernd Gruber GmbH operates as a boutique interior design and craftsmanship firm based in Austria, specializing in high-end interior architecture and handcrafted furniture. The company leverages a rich heritage of 60 years in woodworking combined with 20 years of interior design experience, targeting affluent clients seeking bespoke design solutions. Their business model includes both service delivery through projects and product sales via an online shop. The website reflects a professional and consistent brand image with good content quality and clear navigation, supporting their market positioning as a premium provider in the real estate and hospitality sectors. Technically, the website is built on TYPO3 CMS and hosted on Conova infrastructure, utilizing modern web technologies such as SVG graphics and Google Tag Manager for analytics and marketing. However, the site suffers from a critical security shortfall due to the absence of HTTPS, which severely impacts its security posture. Performance metrics are not optimal, indicating room for improvement in loading speed and technical optimization. Mobile responsiveness and SEO are adequately addressed. Security-wise, the lack of SSL/TLS encryption is a major vulnerability, exposing users to potential data interception risks. While some security headers are present, the overall security configuration is basic and requires urgent enhancement. Privacy compliance is well managed with a comprehensive cookie consent mechanism and clear privacy policy, aligning with GDPR requirements. Contact information is transparent and easily accessible, enhancing business credibility. Overall, the website presents a trustworthy and professional front but must prioritize implementing HTTPS and improving security configurations to protect user data and maintain compliance. Strategic recommendations include securing the site with a valid SSL certificate, enabling modern TLS protocols, and enhancing security headers. These steps will significantly improve the site's security score and user trust, supporting the company's premium market positioning.

The Scripps Research Institute is a well-established nonprofit research organization focused on pioneering scientific discovery and translational medicine to address major health challenges. With a century-long history and a strong reputation in the life sciences, it combines fundamental research with drug discovery and education. The website reflects a professional and content-rich platform targeting researchers, donors, and students. Technically, the site uses modern frameworks like Vue.js and integrates analytics and marketing tools such as Google Tag Manager and Klaviyo. However, the lack of a valid SSL certificate significantly impacts the security posture, exposing visitors to risks and undermining trust. No explicit privacy or cookie policies were found, and security policies or incident response contacts are absent, indicating compliance gaps. Overall, the site is credible and authoritative but requires urgent security improvements to protect user data and enhance trust.

RUD Gruppe is a well-established German manufacturing company specializing in chain systems and components for diverse industrial applications including lifting, securing, and transportation. With a history spanning approximately 140 years, the company operates globally and offers a broad product portfolio including lifting chains, securing devices, conveyor and drive technology, and specialized military and forestry chains. The website reflects a mature digital presence with multilingual support and structured navigation, powered by TYPO3 CMS and enhanced with caching and Google Tag Manager for analytics. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, exposing users to potential risks. Privacy policies and terms of service are present and comprehensive, supporting GDPR compliance, though cookie consent mechanisms are lacking. Social media integration is robust, enhancing brand trust and engagement.

Stepan Company operates as a global specialty and intermediate chemical supplier, providing chemical ingredients and formulations tailored to consumer and industrial markets. The company emphasizes innovation, sustainability, and extensive R&D capabilities, positioning itself as a large, reputable player in the manufacturing sector. Their website reflects a professional and comprehensive digital presence with clear navigation and rich content targeting B2B customers seeking chemical solutions. Technically, the website leverages Adobe Experience Manager as its CMS, integrates Salesforce platforms, and uses modern marketing and analytics tools such as Pardot, Adobe DTM, and Google Tag Manager. The site is hosted on Microsoft Azure DNS infrastructure and employs standard security headers and content security policies. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. From a security perspective, while some best practices like CSP and secure cookies are implemented, the lack of HTTPS and modern TLS protocols exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is primarily available via web forms, with no direct emails or phone numbers published. Overall, the site is trustworthy and professionally managed but requires urgent remediation of its SSL/TLS configuration to meet modern security standards and improve user confidence.

A

amazee.io

amazee.com

40

amazee.io is a managed open source enterprise hosting platform provider targeting large enterprises with a focus on data sovereignty, flexibility, and security. The company offers a fully managed PaaS leveraging Kubernetes and modern infrastructure, aiming to reduce time-to-market and increase ROI for its customers. The platform supports a wide range of frameworks and technologies, including Drupal, Gatsby, React, and more. Technically, the website is built using modern technologies such as React and Gatsby, with integrations for analytics and marketing tools like Google Tag Manager and HubSpot. The security posture is moderate, with essential security headers in place but lacking a valid SSL certificate and modern TLS support, which are critical for secure communications. Privacy compliance is strong, with clear privacy and cookie policies and GDPR considerations. Overall, the website presents a professional and trustworthy image, supported by certifications like ISO 27001 and SOC_NonCPA, and a parent company relationship with Mirantis.

I

i5invest corporate development

i5invest.com

36

i5invest corporate development is a medium-sized corporate development firm based in Austria, specializing in supporting innovative tech founders with strategy, business development, M&A, and capital provision. The company boasts a strong market position with over 250 transactions closed and a large executive network spanning multiple continents. Their business model focuses on long-term partnerships with tech scale-ups and providing hands-on support across capital, growth, and M&A processes. Technically, the website is built on WordPress with Elementor and integrates modern marketing and analytics tools such as Google Analytics and Tag Manager. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses a critical risk. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

U

Unverschwendet

unverschwendet.at

29

Unverschwendet is a small Austrian retail business specializing in transforming surplus fruits and vegetables into high-quality, sustainable food products such as jams, syrups, chutneys, and more. The company operates an e-commerce platform alongside physical market stands and partnerships with retail chains like HOFER under the 'Rettenswert' brand. Their business model focuses on sustainability and social responsibility, targeting environmentally conscious consumers and businesses seeking unique, sustainable gifts. Technically, the website is built on the Shopware platform, leveraging modern marketing and analytics tools including Google Tag Manager, Facebook Pixel, and Hotjar. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to insecure HTTP connections. Despite this, the site implements strong security headers and cookie consent mechanisms, demonstrating good privacy compliance. The domain registration is consistent and legitimate, supporting the business's credibility. Strategic improvements in security infrastructure are recommended to enhance user trust and compliance.

Wolters Kluwer Financial and Corporate Compliance is a division of Wolters Kluwer N.V., a global leader providing technology-enabled compliance, regulatory, and corporate services solutions primarily targeting financial institutions, corporations, and legal professionals. The website presents a professional, well-branded digital presence with comprehensive content describing their portfolio of compliance and regulatory products and services. The technical infrastructure leverages modern web technologies, including Cloudflare CDN, Azure DNS, and marketing/analytics tools such as Google Tag Manager, Marketo, and OneTrust for privacy compliance. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and lack of enabled TLS protocols, which severely impacts the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented with consent mechanisms, but no explicit security or incident response policies are published. Overall, the site reflects a mature enterprise business with strong branding and content quality but requires urgent remediation of its SSL/TLS configuration to meet security best practices.

Maillis Group is a well-established manufacturing company specializing in secondary packaging systems, including strapping, wrapping, and box handling solutions. With over 50 years of experience, the company serves industrial and manufacturing sectors, providing integrated packaging machines, consumables, and services. The website reflects a professional and consistent brand presence targeting industrial clients. Technically, the site is built on Drupal 8 with PHP 7.2 backend and hosted likely on AWS infrastructure. It employs modern tracking and marketing tools such as Google Analytics, Google Tag Manager, and Albacross, alongside a comprehensive cookie consent mechanism. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks and reducing trust. Security headers are well implemented but weakened by unsafe CSP directives. The domain registration data aligns well with the business claims, indicating legitimacy and consistency. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

T

TCG Lifesciences Pvt. Limited

tcgls.com

40

TCG Lifesciences Pvt. Limited is a well-established global Contract Research and CDMO company specializing in pharmaceutical and biotech R&D services. Founded in 2001 and headquartered in India, the company operates internationally with subsidiaries such as Clininvent Research Pvt. Ltd. Their service portfolio includes chemistry synthesis, pharmacology, DMPK, analytical development, and manufacturing. The website reflects a mature digital presence built on WordPress with modern UI frameworks and SEO optimizations. However, the absence of a valid SSL/TLS certificate is a critical security gap that undermines user trust and data protection. While security headers are present, the lack of HTTPS and modern TLS protocols significantly reduces the security posture. Privacy compliance is partially addressed with a privacy policy but lacks cookie consent mechanisms and terms of service. Overall, the business credibility is strong, supported by certifications and social proof, but technical and security improvements are necessary to align with best practices.

C

Cook Medical

cookmedical.com

40

Cook Medical is a family-owned healthcare company specializing in the development and manufacturing of minimally invasive medical devices. The company targets physicians, healthcare professionals, and patients globally, offering a broad portfolio of products and services including customer support, education, and innovation collaboration. The website reflects a well-established business with consistent branding and a professional online presence. Technically, the site is built on WordPress with modern technologies such as PHP 8, jQuery, and integrates third-party services like Google Tag Manager and Cookiebot for analytics and consent management. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly undermines the site's security posture despite the presence of strong security headers. Privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided, enhancing trust and compliance. Overall, the site demonstrates good content quality and business credibility but requires urgent security improvements to protect user data and maintain trust.

G

Global Voices

globalvoices.org

31

Global Voices is a reputable international non-profit media organization founded in 2005, focusing on multilingual journalism, digital rights, and human rights advocacy. The website serves a global audience with rich, regularly updated content and a strong contributor network. Technically, the site is built on WordPress with modern JavaScript libraries and integrates analytics and marketing tools such as Google Tag Manager, Plausible Analytics, and Mailchimp. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security gap. Privacy compliance is moderate, with a comprehensive privacy policy but no cookie consent mechanism detected. Overall, the website demonstrates excellent content quality and business credibility but requires urgent security improvements to protect user data and enhance trust.

.

.kloos digital GmbH

kloos.at

18

The website kloos.at represents .kloos digital GmbH, a small-sized digital marketing and SEO agency based in Vienna, Austria. The company offers a comprehensive suite of services including SEO, Google Ads, analytics, content marketing, social media marketing, web design, WordPress development, and training workshops. The site is professionally designed with excellent content quality and clear navigation, targeting businesses seeking digital marketing expertise primarily in the Austrian and German-speaking markets. Technically, the site is built on WordPress with modern libraries such as jQuery and uses plugins like Yoast SEO and Borlabs Cookie for SEO and privacy compliance. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical security shortfall. The cookie consent mechanism is well implemented, supporting GDPR compliance. Business contact information is clearly presented, including email, phone, and physical address, along with social media presence on LinkedIn, Facebook, and YouTube. Overall, the site demonstrates a strong market position with trust indicators such as client testimonials and structured data ratings.

A

Aura Light International AB

auralight.com

40

Aura Light International AB is a well-established company specializing in sustainable and energy-efficient lighting solutions for professional environments such as public spaces, industry, and retail. The company offers a broad range of products including luminaires, light sources, and smart lighting control systems, positioning itself as a leading player in the Nordic and international markets. The website reflects a professional B2B business model with clear product segmentation and customer engagement channels. Technically, the website is built on the Litium e-commerce platform with integrations such as Google Tag Manager and Cookiebot for analytics and privacy compliance. The site is well-structured, mobile-optimized, and SEO-friendly, although performance metrics are not available. Hosting appears to be via Fastly CDN with Varnish caching. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical vulnerability impacting user trust and data security. Security headers are partially implemented, but modern TLS protocols are disabled. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information is readily available, but no explicit security policy or incident response details are found. Overall, Aura Light's website demonstrates solid business credibility and content quality but requires urgent improvements in SSL/TLS configuration to enhance security posture and user trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, and publishing incident response contacts to strengthen security transparency.

L

Leifheit

leifheit.com

38

Leifheit is a well-established German retail company specializing in household and kitchen products, with a strong brand presence and a history of over 65 years. The website serves as an e-commerce platform built on Shopware 6, offering a wide range of products including cleaning tools, laundry drying solutions, and kitchen utensils. The site is professionally designed with good navigation, mobile optimization, and rich multimedia content, targeting household consumers seeking quality products. Technically, the site uses modern JavaScript libraries and integrates marketing and analytics tools such as Bazaarvoice, Klaviyo, and Google Tag Manager. However, a critical security gap exists as the website currently lacks a valid SSL/TLS certificate and does not enforce HTTPS, exposing users to potential risks. Security headers are partially implemented, but the absence of HTTPS severely impacts the overall security posture. Privacy and cookie policies are present and include consent mechanisms, indicating compliance with GDPR requirements. Contact information is available via a contact page, though no explicit emails or phone numbers are embedded in the HTML content. The domain registration and DNS records are consistent with the company's German origin and business claims, supporting legitimacy. Strategic recommendations include immediate implementation of HTTPS, enhancement of security policies, and improved incident response readiness to strengthen trust and compliance.

A

Ansorg GmbH

ansorg.com

31

Ansorg GmbH is a German-based expert company specializing in retail lighting solutions, offering innovative products, lighting planning, and sustainable concepts tailored for retail environments. The company operates under the parent company Trilux and targets retail businesses and professionals seeking high-quality lighting solutions. The website is built on TYPO3 CMS, uses Matomo for analytics, and integrates cookie consent mechanisms, reflecting a modern digital infrastructure. However, the lack of a valid SSL certificate and HTTPS implementation significantly weakens the security posture. Security headers are well configured, but the absence of TLS protocols and certificate transparency compliance are critical gaps. Overall, the website is professional, content-rich, and trustworthy but requires urgent SSL/TLS remediation to ensure secure communications and improve trust.

B

Blackburne & Sons Realty Capital Corporation

blackburneandsons.com

39

Blackburne & Sons Realty Capital Corporation is a specialized hard money commercial lending company founded in 1980, managing approximately $50 million in trust deed investments. The company targets accredited investors seeking first mortgage loans secured by income-producing commercial real estate. Their business model focuses on syndicating private investors to fund commercial loans, leveraging their ownership of C-Loans.com to source loan applications. The website presents a professional and consistent brand image with clear service offerings and multiple contact channels. Technically, the site is built on WordPress hosted by WP Engine, using common plugins such as Yoast SEO and Ninja Forms, but lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. The security posture is weak due to missing HTTPS and security headers, though no active vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and credible but requires urgent security improvements to protect user data and build trust.

I

Intermarket Bank AG

intermarket.at

36

Intermarket Bank AG is a specialized financial institution under the Erste Group umbrella, focusing on factoring and supply-chain finance solutions primarily for small to medium enterprises in Austria and the CEE region. The website presents a professional and consistent brand image with clear product offerings and a user-friendly interface. Technically, the site uses a proprietary CMS (GEM) and is hosted on AWS CloudFront, leveraging modern marketing and analytics tools such as Google Tag Manager and LinkedIn Insight Tag. However, a critical security weakness is the absence of a valid SSL certificate, resulting in no HTTPS availability, which severely impacts the site's security posture. Privacy and cookie policies are comprehensive and GDPR compliant, and contact is primarily facilitated through a contact form. Overall, the site is credible and well-positioned in its market but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

Z

Zell Materials GmbH

zellamid.com

33

Zell Materials GmbH is a medium-sized manufacturing company specializing in engineering plastics, offering a range of products including general purpose materials, special performance materials, and high performance materials. The company operates primarily in the manufacturing sector and serves industrial and engineering clients. Their website provides product finders, material comparison tools, and a B2B webshop, indicating a mature digital presence tailored to professional customers. Technically, the website uses Apache server technology, ezPublish CMS, and includes JavaScript libraries such as jQuery and YUI. However, the absence of SSL/TLS encryption and DNS records significantly undermines the security posture and operational reliability of the domain. The site includes comprehensive privacy and cookie policies with consent mechanisms, reflecting good privacy compliance practices. Security headers are minimal, and no explicit security or incident response policies are published. Overall, the website is professionally designed with consistent branding but requires urgent security improvements to protect users and enhance trust.

P

Permapack AG

permapack.ch

26

Permapack AG is a Swiss family-owned manufacturing and trading company specializing in high-quality products such as labels, adhesive tapes, films, sealants, and garden articles. The company serves various sectors including food, cosmetics, industry, construction, and retail, offering both standard products and customized solutions. Their business model combines B2B sales with an online shop and extensive production services. The website reflects a medium-sized enterprise with a consistent brand presence and strong trust indicators such as awards and social media engagement. Technically, the site uses a custom e-commerce platform with modern JavaScript libraries and tracking tools, hosted by IP-Plus AG. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to risks and limiting secure communications. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Overall, the site is professional and trustworthy but requires urgent security improvements.

B

BVZ Associés

bvz-associes.be

22

BVZ Associés is a fiduciary and accounting firm established in 2006, providing comprehensive accounting, fiscal, and business assistance services primarily in Belgium and Luxembourg. The company has a medium-sized presence with over twenty collaborators and offers a range of services including accounting, taxation, assistance to companies, subsidies, and business transmission support. Their website is professionally designed, targeting businesses and individuals requiring expert accounting services. Technically, the site is built on WordPress with common plugins and PHP 7.3, hosted on OVH infrastructure. While the site is mobile-optimized and SEO-friendly, it lacks a valid SSL certificate, which is a critical security shortfall. Security headers and modern TLS protocols are also missing, exposing the site to potential risks. Privacy and cookie policies are implemented with consent mechanisms, supporting GDPR compliance. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security posture to protect user data and enhance trust.

K

Kverneland Group

kvernelandgroup.com

28

Kverneland Group is a prominent international enterprise specializing in the development, manufacturing, and distribution of agricultural implements, electronic solutions, and digital farming services. The website reflects a well-established brand with a clear focus on agricultural professionals and partners, offering extensive content about products, news, and events. The company maintains multiple regional subdomains and partner portals, indicating a broad market presence. Technically, the site is built on a legacy CMS (eZ Publish) and integrates modern analytics and marketing tools such as Google Analytics, Hotjar, and Facebook Pixel, alongside a robust cookie consent mechanism. However, the absence of a valid SSL certificate and lack of DNS records represent significant security and configuration gaps. Security headers are partially implemented, but the lack of HTTPS severely impacts the site's security posture. Privacy compliance is well addressed with clear policies and consent management. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security infrastructure to align with enterprise standards.

S

Strobl Bau – Holzbau GmbH

strobl.at

21

Strobl Bau – Holzbau GmbH is a well-established construction and wood construction company based in Austria, with a history dating back to 1964. The company specializes in residential, industrial, and commercial building projects using both massive and wood construction methods. It holds a leading position in the regional market of Steiermark, offering comprehensive services including planning, coordination, and quality control. The website reflects a professional and consistent brand image, targeting property developers and clients seeking high-quality construction solutions. Technically, the website is built on WordPress with a modern tech stack including Apache, jQuery, Bootstrap, and several specialized plugins for enhanced user experience and functionality. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. Despite this, the site implements several security headers and has a good privacy and cookie policy framework with consent mechanisms, indicating a commitment to compliance. The security evaluation reveals critical vulnerabilities due to the absence of HTTPS, lack of strong cipher suites, and incomplete HSTS implementation. These issues pose risks to data confidentiality and user trust. The website provides multiple contact channels, including phone, email, and contact forms, along with active social media profiles, enhancing its business credibility. Overall, while the business and content quality are strong, the security shortcomings require urgent attention to protect users and maintain trust. Strategic improvements in SSL/TLS deployment and security configurations are recommended to elevate the site's security and compliance standards.

T

Tecan Trading AG

tecan.com

40

Tecan Trading AG is a well-established Swiss company specializing in healthcare innovation, laboratory automation, diagnostics, and OEM partnering services. Their website reflects a strong market position with comprehensive product offerings in life sciences and diagnostics, supported by detailed investor relations and corporate policies. The digital infrastructure is built on HubSpot CMS, leveraging modern marketing and analytics tools such as Google Tag Manager and Microsoft Clarity, hosted behind Cloudflare for performance and security. However, a critical security gap exists due to an invalid or missing SSL certificate and lack of modern TLS protocol support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

Y

Yeates

yeates.co.uk

26

Yeates is a well-established family-run removals and storage company operating in Clevedon and Weston-super-Mare, UK, with over 100 years of history. The company offers a range of services including household removals, packing, containerised storage, self storage, and shredding services. It holds reputable certifications such as Which? Trusted Trader and memberships with the Self Storage Association and The Furniture Ombudsman, reinforcing its market credibility and trustworthiness. The website is designed to target residential and business customers seeking reliable moving and storage solutions in the local area. Technically, the website is built on WordPress with modern plugins and tools for SEO and marketing, but lacks a valid SSL certificate, which is a critical security gap. The site is mobile responsive and includes structured data for enhanced SEO.

M

MobileIron

mobileiron.com

40

MobileIron is an enterprise technology company specializing in mobile-centric zero trust security and unified endpoint management (UEM) solutions. Founded in 2007 and acquired by Ivanti in 2020, MobileIron offers a suite of products including mobile device management, zero sign-on, mobile threat defense, and secure connectivity. The website reflects a professional and consistent brand presence with internationalization support and integration into Ivanti's ecosystem. Technically, the site uses ASP.NET, Cloudflare CDN, and modern analytics tools such as Microsoft Application Insights and Google Tag Manager, with cookie consent managed by OneTrust. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, which significantly impacts the site's security posture. Privacy compliance is partially addressed through cookie consent but lacks an explicit privacy policy and terms of service. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security to align with enterprise standards.

W

WALTER LEASING GmbH

walter-leasing.com

40

WALTER LEASING GmbH is an established Austrian company specializing in leasing and hire purchase of trucks and trailers. With a mature domain age of 25 years and a consistent brand presence, the company targets businesses and individuals seeking transportation leasing solutions. The website offers multilingual support and uses modern web technologies such as Vue.js and Google Tag Manager, indicating a moderate level of digital maturity. However, the absence of a valid SSL/TLS certificate is a critical security gap that undermines user trust and data protection. The site employs a strong Content Security Policy and cookie consent management via OneTrust, reflecting good privacy compliance practices. Overall, while the business and technical foundations are solid, urgent improvements in security infrastructure are needed to enhance trust and compliance.