Security Directory

M

MediaClan - Gesellschaft für Online Medien G.m.b.H.

mediaclan.at

23

MediaClan is a small Austrian company specializing in online media, social media projects, and genealogical research services. The website presents professional content in German, targeting clients interested in online communities and family history research. The company leverages WordPress CMS with caching and push notification technologies, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to potential risks. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite tracking technologies in use. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

P

Paradigma Digital

paradigmadigital.com

40

Paradigma Digital is a Spanish technology consulting firm specializing in digital transformation through strategy, technology, and talent experience. Established in 2007, it positions itself as a boutique with a strong focus on cloud native, strategic design, data intelligence, and digital DNA services. The company maintains partnerships with major technology providers such as Google Cloud, Red Hat, AWS, and Microsoft, enhancing its market credibility. Technically, the website uses Apache hosting on Google Cloud infrastructure, modern JavaScript, and SVG graphics, but lacks a valid SSL certificate, which is a critical security gap. Privacy and cookie policies are well implemented with consent mechanisms, reflecting GDPR compliance. The site features extensive social media integration and marketing tools like Google Tag Manager and HubSpot forms, indicating moderate user tracking. Overall, the website is professionally designed with excellent content quality and user experience but requires urgent security improvements to enable HTTPS and modern TLS protocols.

K

Kpler

jbcenergy.com

40

Kpler is a medium-sized, Belgium-based data and analytics company specializing in commodity and energy markets. It provides proprietary data, market analysis, forecasts, and maritime tracking services to a professional B2B audience including traders, analysts, and logistics managers. The company has strengthened its market position through acquisitions such as JBC Energy and ClipperData, consolidating its leadership in commodity data analytics. Technically, the website is built on Webflow CMS, hosted via Cloudflare, and employs modern JavaScript libraries and marketing tools. However, the site suffers from a critical security issue due to an invalid SSL certificate and lack of TLS protocol support, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website is professional and content-rich but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

J

Joseph Haydn Privathochschule GmbH

haydnkons.at

28

Joseph Haydn Privathochschule GmbH is a private tertiary education institution specializing in music education located in Eisenstadt, Austria. The institution offers a range of study programs including Bachelor, Master, part-time studies, and specialized courses in Jazz and Popular music, targeting young musicians and international students. The website is built on TYPO3 CMS and hosted on Apache servers, with a moderate digital maturity level. It features professional design, clear navigation, and good mobile optimization. However, the absence of HTTPS and cookie consent mechanisms indicates critical security and privacy compliance gaps. The site uses Google Tag Manager for analytics and has active social media channels. Overall, the business presents itself professionally but needs to address security and privacy shortcomings to improve trust and compliance.

U

USU GmbH

usu.de

40

USU GmbH is a well-established enterprise technology company headquartered in Germany, specializing in IT service management, software asset management, knowledge management, cloud management, and digital consulting solutions. The company targets large enterprises and organizations seeking to optimize their IT landscapes and customer service experiences through AI-powered tools and services. USU maintains a strong market position supported by a comprehensive product portfolio, global customer base, and industry recognitions. Technically, the website is built on Drupal 10 with a modern tech stack including jQuery and various marketing and analytics integrations. The site is well-optimized for mobile and SEO, providing excellent user experience and navigation. However, a critical security gap exists due to the absence of a valid SSL certificate and lack of TLS support, which significantly impacts the security posture. Privacy policies and cookie consent mechanisms are present and appear GDPR compliant, supporting the company's commitment to data protection. Overall, USU demonstrates high business credibility and professionalism but must urgently address its SSL/TLS configuration to ensure secure communications and maintain trust.

A

ATMOSA Petrochemie GmbH

atmosa.at

40

ATMOSA Petrochemie GmbH is a medium-sized Austrian company specializing in the production and supply of Phthalic Anhydride, a key petrochemical product. Established in 1995, it has positioned itself as a major European producer with a focus on reliability and long-term supply to chemical producers globally. The website reflects a professional business presence with clear company information, product details, and contact options targeting industrial clients and partners. Technically, the site uses modern JavaScript libraries, Google Tag Manager, and analytics tools, hosted on infrastructure linked to hostprofis.com. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall, exposing users to risks and undermining trust. Privacy and cookie policies are well implemented with GDPR compliance and user consent mechanisms. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

Royal Avebe is a well-established cooperative specializing in the production and supply of potato-based ingredients such as potato starch and protein. With a history dating back to 1919, the company serves diverse markets including food, industrial applications, and animal nutrition. The website reflects a mature business with comprehensive content, clear navigation, and strong branding consistency. Technically, the site is built on WordPress with modern SEO and tracking tools but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Privacy compliance is well addressed with detailed policies and a cookie consent mechanism. Contact information and social media presence are clearly provided, enhancing business credibility.

B

Bioquadrat Energie- und Wassertechnik Holding GmbH

biogest.at

37

BIOGEST is a well-established Austrian company specializing in the design, construction, and operation of biomethane and biogas plants. With over 30 years of experience and more than 200 plants worldwide, they position themselves as a full-service provider offering project development, engineering, co-investment, construction, and maintenance services. Their target audience includes farmers, investors, and customers interested in sustainable energy solutions. The website is professionally designed, content-rich, and provides comprehensive contact information and social media presence. Technically, the site is built on TYPO3 CMS and served via Cloudflare, but lacks a valid SSL certificate, which is a critical security shortfall. Cookie consent mechanisms and tracking via Google Tag Manager are implemented, but GDPR compliance is basic. No explicit security or incident response policies are published, which could be improved to enhance trust and compliance.

H

HAINZL Industriesysteme GmbH

hainzl.at

40

HAINZL Industriesysteme GmbH is a well-established Austrian industrial technology company specializing in system technology, testing technology, hydrogen technologies, process automation, embedded systems, and electrical engineering. With a history dating back to 1965, it holds a leading position in the European market, supported by multiple subsidiaries across Europe. The company targets industrial clients in machinery, vehicle manufacturing, metal industry, and construction sectors, offering comprehensive technological solutions and services. The website reflects a mature digital presence with professional design, multilingual support, and strong SEO practices. However, the technical infrastructure shows critical security weaknesses, notably the absence of a valid SSL certificate and disabled TLS protocols, which severely impact the security posture. While security headers are properly configured, the lack of HTTPS undermines trust and data protection. Privacy policies are present and GDPR compliant, but no explicit cookie consent mechanism is implemented. Overall, the site is professional and credible but requires urgent security improvements to align with best practices and protect user data.

The marcusevans Group website presents a minimalistic and largely content-sparse front page with no visible business descriptions, contact information, or policy documents. The domain is mature and registered with a reputable registrar, indicating an established presence. Technically, the site uses modern web technologies such as Angular, Google Tag Manager, Microsoft Clarity, and HubSpot for marketing and analytics, but lacks performance data and visible content. Security posture is weak due to the absence of a valid SSL certificate, no HTTPS enforcement, and missing security headers, exposing the site to potential risks. Privacy compliance is poor with no privacy or cookie policies detected. Overall, the site appears to be a corporate or marketing shell with limited user-facing information and significant security and compliance gaps.

Landis+Gyr is a global leader in smart metering and grid edge intelligence technologies, providing advanced energy management solutions to utilities and energy providers. The company offers a broad portfolio including smart meters, analytics, consumer engagement, and managed services, positioning itself as a key enabler of the modern digital energy grid. Their website reflects a mature enterprise with comprehensive content, strong branding, and active communication channels including news, blogs, and social media. Technically, the site is built on WordPress with a robust set of plugins and integrations for analytics, marketing, and multilingual support. However, the current lack of a valid SSL certificate and disabled TLS protocols represent significant security weaknesses that undermine user trust and data protection. Security headers are partially implemented, and cookie consent mechanisms comply with GDPR standards. Overall, the website demonstrates high professionalism and business credibility but requires urgent remediation of its SSL/TLS configuration to meet modern security expectations.

S

solvistas GmbH

solvistas.com

24

solvistas GmbH is a well-established data science and software solutions company with over 20 years of experience, primarily serving clients in Austria, Germany, and surrounding regions. Their offerings span classical and modern data science disciplines including analytics, business intelligence, digital transformation, AI, IoT, and Industry 4.0. The company positions itself as a trusted partner for data-driven business solutions with agile project delivery. Technically, the website is built on TYPO3 CMS with standard web technologies and integrates Google Tag Manager for analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, solvistas demonstrates solid business credibility and digital maturity but requires urgent improvements in security infrastructure to align with best practices and regulatory requirements.

C

Coursebox Pty Ltd.

nobel-education.com

38

Coursebox Pty Ltd. operates an AI-powered training platform designed to streamline and enhance the creation and delivery of online courses. The platform offers a suite of AI-driven tools including course creation, video generation, assessment, grading, and chatbot tutoring, targeting a broad audience of training providers, educational institutions, and creators. Positioned as a leading AI training platform, Coursebox emphasizes automation, engagement, and integration capabilities to support scalable e-learning businesses. Technically, the website is built on Webflow CMS, utilizes Cloudflare CDN, and integrates multiple third-party services such as Chargebee for payments and Chatbase for chatbot functionality. Despite a professional design and rich content, the site lacks a valid SSL certificate, which critically undermines its security posture. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols poses significant risks. Privacy compliance is moderate, with a privacy policy present but no cookie consent mechanism detected. Business credibility is supported by consistent branding, customer testimonials, and partner logos, though direct contact details are limited to forms and social media links. Overall, the site demonstrates strong business and technical maturity but requires urgent security improvements to protect user data and build trust.

E

ErgoServices Ltd.

ergogroup.ie

40

ErgoServices Ltd. is a leading Irish IT solutions provider with over 30 years of experience, specializing in managed services, cloud infrastructure, digital transformation, security, and license management. The company holds prestigious certifications such as Microsoft Country Partner of the Year 2024 and Azure Expert MSP, positioning it strongly in the Irish technology market. Their target audience includes organizations in financial services, public sector, and life sciences sectors. The website reflects a professional and consistent brand with rich content and clear navigation, supporting their market position. Technically, the website is built on WordPress hosted on WP Engine with Cloudflare CDN, utilizing modern JavaScript libraries and SEO tools like Yoast. The site is mobile-optimized and includes multilingual support via WPML. However, performance metrics are unavailable, and accessibility is basic. Security headers are well implemented, but the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which is a significant security concern. The security posture shows strengths in header implementation and cookie security but is critically weakened by the lack of valid SSL/TLS encryption. No explicit security or incident response policies are found, and no vulnerability disclosure mechanism is present. Privacy compliance is strong with comprehensive privacy and cookie policies and consent mechanisms. Business credibility is high with clear company information, awards, and trust indicators. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure communications and improve its security score. Strategic recommendations include fixing SSL configuration, enabling modern TLS protocols, implementing vulnerability disclosure, and enhancing accessibility and performance monitoring.

I

Interbrand

interbrand.com

35

Interbrand is a leading global brand consultancy with a 50-year history, specializing in brand strategy, experience design, and brand valuation. The company targets global enterprises seeking to enhance their brand value and market presence through comprehensive consultancy services. The website reflects a mature digital presence built on WordPress, integrating modern analytics and marketing tools such as Google Analytics, HubSpot, and MonsterInsights. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing the site to potential risks and undermining user trust. Privacy compliance is well addressed with GDPR-compliant cookie consent mechanisms and a comprehensive privacy policy. Overall, the site demonstrates strong business credibility and professional content but requires urgent security improvements.

Romer Labs is a mature, globally recognized company specializing in innovative diagnostic solutions for food and feed safety, with a focus on mycotoxins, allergens, GMOs, and microbial contaminants. The company operates primarily in the healthcare sector, serving B2B clients such as laboratories and food industry professionals. It is a subsidiary of dsm-firmenich, reflecting strong corporate backing and market presence. The website is professionally designed, content-rich, and well-structured, supporting multiple languages and providing comprehensive resources including news, webinars, and product catalogs. Technically, the site is built on Magento CMS, hosted on AWS CloudFront, and integrates modern marketing and analytics tools such as Google Tag Manager, HubSpot forms, and Yoast SEO. While the site is mobile-optimized and SEO-friendly, performance metrics are not explicitly available. Security headers are implemented, but the lack of a valid SSL certificate and absence of TLS protocols represent critical vulnerabilities that significantly reduce the site's security posture. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. Contact information is transparent and easily accessible, including email, phone, and physical address. No WAF or blocking mechanisms are detected, and WHOIS data confirms domain legitimacy and maturity. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain trust.

M

MUSO TNT

muso.com

40

MUSO TNT is a UK-based company specializing in data-driven content intelligence and content protection solutions for the media and entertainment industry. The company offers services including audience demand measurement, piracy intelligence, and automated protection for independent content creators. It holds a strong market position, trusted by major global media companies and industry associations. The website is professionally designed, content-rich, and targets enterprise clients and indie creators alike. Technically, the site is built on HubSpot CMS, uses Cloudflare for hosting and CDN, and integrates various marketing and analytics tools such as Google Analytics 4 and LinkedIn Insight Tag. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which poses risks to data confidentiality and user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website demonstrates good business credibility and digital maturity but requires urgent improvements in SSL/TLS configuration to enhance security.

B

BYTEPOETS

bytepoets.com

26

BYTEPOETS is a well-established software development company based in Graz, Austria, specializing in app development, web development, UI/UX design, and consulting services. With a domain age of 24 years and a recent integration into the MXP group, BYTEPOETS positions itself as a reliable partner for digital transformation projects, targeting businesses seeking tailored software solutions. The website content is professional, comprehensive, and clearly structured, reflecting a mature business with a strong client portfolio and detailed team information. Technically, the website employs modern technologies including Angular, Flutter, .NET Core, and various analytics tools such as Matomo and Google Tag Manager. However, the site lacks HTTPS, which is a critical security shortfall. The absence of a valid SSL certificate and related security headers significantly impacts the security posture, despite the presence of cookie consent mechanisms and privacy policies that indicate good privacy compliance. Security-wise, the site shows no evidence of incident response or vulnerability disclosure policies, and the SSL configuration is incomplete, lacking HSTS and OCSP stapling. The domain registration is consistent and mature, supporting the legitimacy of the business. Overall, BYTEPOETS demonstrates strong business credibility and digital maturity but must urgently address HTTPS implementation to improve security and trust. Strategically, BYTEPOETS should prioritize securing their website with a valid SSL certificate and enhancing security headers. Maintaining comprehensive privacy compliance and transparent contact information supports user trust and regulatory adherence. The integration with MXP suggests growth and potential for expanded market reach.

B

Boom Software

boomsoftware.com

39

Boom Software is an established software company specializing in innovative solutions for maintenance, service, and production management across selected industrial sectors such as transportation, manufacturing, and energy. With over 25 years of experience, the company offers tailored software products including Maintenance Manager, Production Manager, and Rail Solutions, targeting niche markets like rail and public transport. The website reflects a professional digital presence with comprehensive content and clear business focus. Technically, the site is built on WordPress with Elementor and integrates modern marketing and analytics tools. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. Privacy compliance is well addressed with GDPR-aligned policies and consent mechanisms. Overall, the company demonstrates strong business credibility but must urgently address its SSL/TLS configuration to improve security posture and user trust.

McArthurGlen operates as a leading European designer outlet shopping group with 23 locations across 8 countries, targeting fashion-conscious shoppers seeking significant discounts on luxury brands. The website reflects a professional retail business model focused on providing outlet shopping experiences, sustainability initiatives, and tax refund services for non-EU residents. Technically, the website uses modern JavaScript, Google Tag Manager, and Microsoft Application Insights for analytics, and is hosted behind Cloudflare. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. The site implements cookie consent mechanisms and privacy policies consistent with GDPR compliance but lacks visible contact information and security policies. Overall, the website is functional and well-branded but requires urgent improvements in security infrastructure.

S

Smettly GmbH

bikecitizens.net

23

Bike Citizens, operated by Smettly GmbH, is a specialized company focused on enhancing the cycling experience through its app, smartphone mount product, and data services for urban mobility. The company targets cyclists, municipalities, and city planners, positioning itself as a niche leader in the transportation sector with a strong community and partnership approach. Technically, the website is built on the Odoo CMS platform with modern frontend assets and uses Google Tag Manager for analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that significantly undermines user trust and data protection. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security or incident response policies are found. Overall, the website is professional and content-rich but requires urgent security improvements to align with best practices and user expectations.

ORF Beitrags Service GmbH operates the official website for managing ORF broadcasting fees in Austria, providing services such as SEPA direct debit, data changes, exemptions, and customer support. The website targets Austrian residents and businesses subject to ORF fees, positioning itself as a key public service provider in the media sector. The content is well-structured, professionally designed, and localized in German with multiple language options. The business model revolves around public service fee collection and administration. Technically, the website is built on the TYPO3 CMS platform, leveraging modern JavaScript libraries like Alpine.js and integrating analytics tools such as Matomo and Google Analytics. The site uses a comprehensive Content Security Policy and other security headers to protect against common web attacks. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Security posture is moderate with good header implementations but severely impacted by the lack of HTTPS, no TLS protocols enabled, and missing HSTS. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms in place. Business credibility is supported by clear contact information, legal pages, and consistent branding. Overall, the website is functional and professional but requires urgent security improvements to enable HTTPS and strengthen encryption protocols. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS versions, and enhancing session security. These steps will improve trust, compliance, and user safety significantly.

S

Sport England

sportengland.org

37

Sport England is a UK government-related non-profit organization dedicated to promoting sport and physical activity across England. The website serves as a comprehensive resource hub offering funding opportunities, research data, guidance, and campaigns to support various stakeholders including volunteers, grassroots organizers, schools, and national governing bodies. The organization is primarily funded by the National Lottery, which is prominently acknowledged on the site. The website is professionally designed with clear navigation and strong branding consistency, targeting a broad audience involved in sport and physical activity.

B

BEWOTEC GmbH

bewotec.de

24

BEWOTEC GmbH is a German-based technology company specializing in software solutions for travel agencies and tour operators. Their product suite includes myJACK, a comprehensive travel agency software, DaVinci for tour operators, and dynamic packaging tools like flexStore and OTDS Player. The company has a strong market presence in the German-speaking travel industry, with a history dating back to 1988. Technically, the website is built on WordPress with modern plugins and tools, offering good content quality and user experience. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to potential risks. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR. Overall, the site is professional and trustworthy but requires urgent security improvements to enable HTTPS and enhance protection.

R

RP Global

rp-global.com

40

RP Global is a well-established large-scale developer, operator, and investor in the renewable energy sector with over 40 years of experience. The company focuses on solar PV, wind, hydro, hydrogen, and energy storage projects primarily in Europe and Latin America, with a significant project pipeline exceeding 14 GW(p). Their business model centers on project development, investment, and strategic partnerships, positioning them as a key player in the renewable energy market. Technically, the website is built on ASP.NET and hosted on Microsoft IIS with Umbraco CMS, incorporating modern web technologies such as Google Tag Manager and Google Fonts. However, performance is slow and accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no incident response or security policy disclosures. Privacy compliance is minimal with policies present but no consent mechanisms. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

K

Knowles Electronics, LLC

knowles.com

40

Knowles Electronics, LLC is a well-established market leader specializing in high-performance electronic components including advanced micro-acoustic microphones, balanced armature speakers, capacitors, and RF filtering products. The company primarily serves demanding sectors such as Industrial, MedTech, Aerospace/Defense, Electrification, and Consumer Electronics. Their business model focuses on manufacturing and supplying specialized components to these industries, maintaining a strong market position supported by a professional and content-rich website. The company recently divested its Consumer MEMS Microphones Division to Syntiant Corporation, indicating strategic business realignment. Technically, the website is built on a mature ASP.NET framework with Sitefinity CMS, hosted on AWS infrastructure. It integrates modern marketing and analytics tools such as Google Analytics, Google Tag Manager, and Hotjar, demonstrating digital maturity and a focus on user experience and data-driven insights. The site is mobile-optimized with good SEO practices and clear navigation, although accessibility features are basic. From a security perspective, the website exhibits critical weaknesses due to the absence of a valid SSL certificate and lack of HTTPS support, severely impacting the security posture. While some security headers are present and cookie consent mechanisms are implemented, the lack of TLS protocols and strong cipher suites exposes the site to significant risks. No explicit security or incident response policies are published, and no vulnerability disclosure or security.txt files are found. Overall, the website is professional and credible from a business standpoint but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include immediate SSL/TLS deployment, enhanced security header configuration, and publication of security policies to align with industry best practices.

N

NEOS

neos.eu

34

NEOS is a well-established Austrian political party with a strong digital presence and comprehensive content about its programs, members, and activities. The website is professionally designed, mobile-optimized, and provides clear navigation and rich information for its target audience. Technically, the site uses modern frontend technologies such as Alpine.js and Tailwind CSS, and integrates marketing and analytics tools like Google Tag Manager and Microsoft Clarity. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which poses a significant risk to user data and trust. Privacy compliance is generally good, with a clear privacy policy and GDPR consent mechanisms in the newsletter form, but lacks a visible cookie consent banner. Overall, the site is credible and trustworthy but requires urgent security improvements to protect visitors and maintain compliance.

R

Regent AG

regent.ch

33

Regent AG is a Swiss-based lighting manufacturer with a heritage spanning over 100 years, specializing in high-quality, human-centric lighting solutions and bespoke designs. Their website reflects a mature business with a strong brand presence, targeting professional customers such as electrical installers and corporate clients. The company offers a broad portfolio including connected lighting and upcycling services, supported by digital tools like product finders and configurators. Technically, the website is built on TYPO3 CMS and employs modern web technologies and marketing tools, but suffers from a critical security weakness due to the absence of a valid SSL certificate and disabled TLS protocols, which undermines secure HTTPS access. Privacy compliance is well addressed with clear policies and consent mechanisms. Contact information and social media presence are comprehensive, enhancing business credibility.

B

Blue Tomato

blue-tomato.com

71

Blue Tomato is a well-established European e-commerce and retail company specializing in boardsport and lifestyle products including snowboarding, skateboarding, surfing, freeski, and streetwear. With over 30 years of experience and more than 70 physical shops across Europe, the company offers a comprehensive product range from over 500 brands, supported by community engagement and specialized services such as snowboard schools and rental shops. The website is professionally designed, highly localized, and optimized for performance and user experience across devices. Technically, the website employs modern web technologies including React and Preact frameworks, utilizes Cloudflare for hosting and security, and integrates advanced analytics and consent management tools. The site demonstrates good SEO and accessibility practices, ensuring broad reach and compliance with relevant regulations. From a security perspective, the site uses a valid SSL certificate but lacks modern TLS protocol support and some security headers like HSTS and OCSP stapling. No critical vulnerabilities were detected, but improvements are recommended to enhance security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, Blue Tomato presents a low-risk profile with strong business credibility, good technical infrastructure, and adequate security measures. Strategic recommendations include enhancing SSL/TLS configurations, enabling additional security headers, and implementing domain protection locks to further secure the domain registration.

P

Poesis Consulting GmbH

poesis.at

40

Poesis Consulting GmbH is a small, dynamic consulting firm specializing in strategy, project management, process management, and training services. The company targets businesses requiring tailored consulting solutions, particularly in complex projects where internal resources or expertise are limited. Their market position is regional with offices in Vorarlberg and Liechtenstein, emphasizing a personalized and deep consulting approach. The website reflects a professional and consistent brand image with clear service offerings and client testimonials, supporting their credibility. Technically, the website is built on the Webflow platform, leveraging modern web technologies such as Google Fonts, Google Tag Manager, and Cookiebot for consent management. Hosting is via Cloudflare CDN with DNS managed by United Hoster. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a significant technical and security deficiency. Performance is rated slow due to missing optimization metrics, but mobile responsiveness and SEO basics are adequately addressed. From a security perspective, the absence of HTTPS and TLS protocols severely undermines the site's security posture. While some security headers and best practices like HttpOnly cookies and reCAPTCHA are implemented, critical vulnerabilities exist including no DNSSEC, no certificate transparency compliance, and no session resumption. Privacy compliance is reasonably addressed with a privacy policy, cookie consent, and GDPR indicators, but no explicit security or incident response policies are published. Overall, the website presents a moderate risk profile primarily due to missing HTTPS and related security controls. Strategic recommendations include immediate SSL/TLS deployment, enhancement of DNS security, and publication of security policies. These improvements will bolster trust, compliance, and protect both the business and its clients from potential threats.

W

Windhund GmbH

windhund.com

38

Windhund GmbH is a small Austrian company specializing in providing monthly live-streamed and on-demand health keynote presentations aimed at corporate workplace health management. The company has a professional web presence built on TYPO3 CMS, featuring reputable speakers and a solid client base. Technically, the website uses modern marketing and tracking tools such as Google Tag Manager and Facebook Pixel, and implements a cookie consent mechanism compliant with GDPR. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. The WHOIS data is consistent with the business claims, indicating legitimacy. Overall, the website is functional and professional but requires urgent security improvements.

OTP Bank is a leading Hungarian financial institution with a strong regional presence in Central and Eastern Europe. Founded in 1949, it offers a comprehensive range of banking services including retail and corporate banking, loans, savings, insurance, and digital banking solutions. The website reflects a mature and professional digital presence with excellent content quality, clear navigation, and strong branding consistency. The bank leverages modern web technologies such as Vue.js and integrates multiple analytics and marketing tools to enhance user experience and business intelligence. From a technical perspective, the website employs robust security headers and content security policies, but suffers from critical SSL/TLS configuration issues including an invalid SSL certificate and lack of modern TLS protocol support. These issues significantly impact the security posture score and should be addressed promptly to ensure secure communications and user trust. Privacy compliance is well handled with clear GDPR-aligned privacy and cookie policies, supported by a consent mechanism. Overall, OTP Bank's website demonstrates high business credibility and professionalism, with comprehensive contact information and trust indicators such as awards and certifications. The domain registration data aligns well with the business history and legitimacy. Strategic improvements in SSL/TLS configuration and ongoing security audits are recommended to enhance the security posture and maintain customer confidence.

W

WTW

acclaris.com

40

WTW is a global leader in risk management, employee benefits, and capital advisory services, offering data-driven and insightful solutions to enterprises. The Finnish localized website reflects a mature digital presence with comprehensive content, professional design, and clear navigation targeting corporate clients and enterprises. The technical infrastructure leverages modern web technologies including Sitecore CMS, Bootstrap framework, Coveo search, and Brightcove video players, hosted likely on Microsoft Azure. Despite a strong security header configuration, the site suffers from a critical SSL certificate issue, lacking valid HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The site extensively uses third-party analytics and marketing tools, indicating a high level of user tracking and data collection. Overall, the website is professional and trustworthy but requires urgent remediation of SSL issues to ensure secure communications and maintain user trust.

S

SPS Technik Ges.m.b.H

sps.at

40

SPS Technik Ges.m.b.H is a well-established Austrian company specializing in turnkey automation solutions for various industries including manufacturing, transportation, and energy. The company operates internationally with subsidiaries in China and Poland, offering comprehensive services from electro planning, robot programming, mechanical construction, to service and maintenance. Their market position is strong, supported by over 70 years of experience and installations in more than 50 countries. Technically, the website is built on a modern WordPress CMS with Elementor and Yoast SEO, featuring good mobile optimization and accessibility. Security-wise, the site uses a valid SSL certificate but lacks modern TLS protocols and some security headers, which lowers its security posture. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Overall, the website reflects a professional and credible business presence with room for security improvements.

H

HellermannTyton

hellermanntyton.at

40

HellermannTyton is a well-established manufacturer and provider of cable management and connectivity products, serving industrial sectors such as manufacturing, energy, and transportation. The website presents comprehensive product information, industry solutions, and sustainability initiatives, targeting professional and industrial customers primarily in Austria and surrounding regions. The company maintains a strong brand presence with consistent design and multiple social media channels. Technically, the website uses a modern tech stack including Apache, jQuery, Google Tag Manager, and Usercentrics for consent management, hosted behind Cloudflare DNS services. However, the SSL/TLS configuration is outdated, supporting only TLS 1.1 without TLS 1.2 or 1.3, which is a security concern. Security headers are well implemented, including a strict Content Security Policy and HSTS header, though HSTS is not fully enabled in SSL configuration. Privacy compliance is strong with clear privacy and cookie policies and active consent mechanisms. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is professional, trustworthy, and compliant, but would benefit from modernizing its TLS support and enhancing SSL configurations.

B

baningo GmbH

baningo.com

40

baningo GmbH is a technology company specializing in digital networking solutions, primarily through their digital business card platform and NFC business cards. Founded in 2015 and based in Austria, the company serves a broad professional audience seeking modern, sustainable ways to share contact information. Their market position is supported by over 10,000 customers and partnerships with notable companies. Technically, the website leverages Cloudflare for hosting and security, uses Matomo and Google Tag Manager for analytics, and integrates Facebook Pixel for marketing. However, the absence of a valid SSL certificate and HTTPS severely undermines the security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanisms. Overall, the website is professionally designed and trustworthy but requires urgent security improvements.

M

Messe Wels GmbH

messe-wels.at

38

Messe Wels GmbH operates a prominent exhibition center in Wels, Austria, providing event hosting, exhibition space rental, and related services. The website targets exhibitors and visitors interested in trade fairs and events, positioning itself as a leading venue in Austria. The digital infrastructure relies on legacy technologies such as Microsoft IIS 8.5 and older versions of jQuery and Bootstrap, with Google Tag Manager implemented for analytics and marketing. However, the website lacks a valid SSL certificate and does not support modern TLS protocols, significantly impacting its security posture. While contact information and privacy policies are present, the absence of advanced security headers and incident response information indicates room for improvement. Overall, the site is functional and professional but requires urgent security upgrades to protect user data and enhance trust.

'

's Heeren Loo

sheerenloo.nl

40

's Heeren Loo is a large, established healthcare organization in the Netherlands specializing in providing tailored care and support for people with intellectual and other disabilities. Their services span diagnostics, treatment, home support, education, work and day activities, and residential care. The organization targets clients with disabilities, their families, and care professionals, emphasizing a mission to help clients live as well as possible with appropriate care levels. Technically, the website employs modern JavaScript frameworks like Vue.js and Vuex, integrates Matomo analytics for user tracking, and uses Google Tag Manager for marketing. Accessibility and SEO are well addressed, with good mobile optimization and structured data markup. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. Overall, the website is professional, content-rich, and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

D

DACHSER

dachser.com

40

DACHSER is a well-established global logistics provider with a strong market position and comprehensive service offerings across multiple transport and warehouse networks. The website reflects a mature digital presence with multilingual support, rich content, and clear corporate governance and compliance information. Technically, the site uses modern tracking and consent management technologies but suffers from critical SSL certificate issues that undermine its security posture. Security headers and policies are well implemented, but the lack of valid HTTPS and modern TLS protocols is a significant risk. Overall, the site is professional and trustworthy but requires urgent remediation of SSL and TLS configurations to ensure secure user interactions and maintain compliance. Strategic recommendations include fixing SSL certificates, enabling modern TLS, and enhancing security mechanisms such as OCSP stapling and session resumption.

P

PRAXIS

praxispr.ca

40

PRAXIS is a Canadian marketing communications agency specializing in integrated services including PR, digital marketing, live events, social media management, and collaborations. The company positions itself as a leading Canadian-owned agency with a strong client portfolio including major brands such as Pepsi, Cineplex, and Purina. The website is professionally designed with rich content and clear navigation targeting Canadian businesses seeking marketing communications expertise. Technically, the site is built on WordPress with modern plugins and SEO tools, but suffers from a lack of HTTPS security due to an invalid or missing SSL certificate. Security headers are minimal but present, and no cookie consent or GDPR compliance mechanisms are evident. The agency maintains active social media presence and uses Google Analytics and LinkedIn Insight for tracking. Overall, the website reflects a credible and professional business but requires urgent security improvements to protect user data and enhance trust.

U

UPM Raflatac

upmraflatac.com

65

UPM Raflatac is a global leader in manufacturing high-performance labeling materials, serving brands, designers, and printers worldwide. The company operates a mature and well-established business with a strong emphasis on sustainability and innovation in packaging solutions. Their digital presence reflects a professional and comprehensive approach, offering extensive customer tools and multilingual support. Technically, the website leverages modern frameworks such as Vue.js, integrates advanced analytics and marketing tools, and is hosted securely via Cloudflare with robust security headers and HTTPS enforcement. The security posture is strong, though improvements like enabling HSTS could enhance protection. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain registration and WHOIS data confirm the legitimacy and consistency of the business identity.

O

Osmo

playosmo.com

58

Osmo is an educational technology company specializing in interactive learning systems that combine physical game pieces with digital apps primarily for iPad and iPhone users. The website positions Osmo as an award-winning brand with a focus on fostering social intelligence and creative thinking through hands-on play. The business model centers on e-commerce sales of educational products and digital content, targeting parents and educators seeking engaging learning tools for children. The site is professionally designed with consistent branding and positive media testimonials, indicating a strong market presence in the education sector. Technically, the website is built on modern frameworks such as Next.js and React, hosted behind Cloudflare, and uses Google Tag Manager for analytics. While the site is mobile-optimized and SEO-friendly, performance metrics are unavailable. Security-wise, the site uses HTTPS with a valid SSL certificate but lacks modern TLS protocol support and OCSP stapling, which are important for robust security. Security headers are partially implemented, but critical headers like HSTS are not fully enabled. No privacy or cookie policies were found, indicating gaps in compliance with data protection regulations. Overall, the security posture is moderate with room for improvement in encryption protocols and privacy compliance. The absence of contact information and policy pages reduces transparency and user trust. The domain registration is consistent with the business claims, and no suspicious patterns were detected, supporting the legitimacy of the site. Strategic recommendations include enabling modern TLS protocols, fully implementing HSTS, publishing comprehensive privacy and cookie policies, adding contact information, and establishing a vulnerability disclosure program to enhance security and compliance posture.

S

SOLVION information management GmbH

solvion.net

25

SOLVION information management GmbH is a well-established IT consulting and solutions provider specializing in digital workplace transformation within the Microsoft 365 ecosystem. With over 22 years of experience, the company serves medium-sized commercial enterprises primarily in the DACH region, focusing on sectors such as production, retail, services, and transportation. Their key services include strategic and technology consulting, adoption and change management, implementation of Microsoft-based solutions, and ongoing technical support. The website reflects a professional and consistent brand image with comprehensive content, active blogs, and customer testimonials, positioning SOLVION as a leading player in their market segment. Technically, the website is built on WordPress with the Divi theme and utilizes modern JavaScript libraries and marketing tools such as Google Tag Manager and Borlabs Cookie for consent management. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. Other security best practices like HSTS, OCSP stapling, and modern TLS protocols are also missing, exposing the site to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies, including a consent mechanism that aligns with GDPR requirements. The site employs extensive tracking and marketing tools, but these are transparently disclosed. Contact information is clearly presented, including a detailed contact form, phone number, and physical address, enhancing business credibility. Overall, while the business and content aspects of the website are strong and trustworthy, the lack of HTTPS and proper SSL configuration is a critical vulnerability that must be addressed immediately to protect user data and maintain trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern security protocols, and enhancing security headers to improve the site's security posture and compliance.

R

Raiffeisen Bank International

raiffeisen.al

40

Raiffeisen Bank Albania is a major financial institution offering a wide range of retail and corporate banking services, including loans, credit cards, savings, and digital banking platforms. The website is professionally designed, content-rich, and targets Albanian retail customers, SMEs, and corporate clients. Technically, the site uses modern frameworks such as Vue.js and Adobe Experience Manager, with integrations for analytics and marketing tools. However, a critical security issue is the invalid or missing SSL certificate, which undermines the security posture despite good security headers and policies. Privacy compliance is strong with clear cookie consent and GDPR-aligned privacy policies. Overall, the website is trustworthy and credible but requires urgent SSL remediation to ensure secure user interactions.

Arjo is a well-established global healthcare company specializing in medical devices and solutions aimed at improving mobility and care for patients with reduced mobility and age-related health challenges. The company operates in over 100 countries with a large workforce and offers a broad portfolio including patient handling equipment, medical beds, hygiene solutions, disinfection products, and prevention systems for pressure injuries and venous thromboembolism. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design tailored to healthcare providers and institutions. Technically, the website leverages modern web technologies including Episerver CMS, Azure hosting, and multiple analytics and marketing tools such as Google Analytics, Siteimprove, Hotjar, and Microsoft Application Insights. The site is hosted on Microsoft Azure with Cloudflare CDN, ensuring global availability and performance. However, performance metrics were not available, and accessibility is rated as basic, suggesting room for improvement. From a security perspective, the site implements several important HTTP security headers and a detailed Content Security Policy. Nevertheless, the SSL certificate is currently invalid or missing, which is a critical vulnerability that undermines user trust and data security. HSTS is configured but not fully enabled, and session resumption mechanisms are absent. No known vulnerabilities or malware were detected, and no WAF or blocking mechanisms interfere with site access. Overall, the website demonstrates strong business credibility and privacy compliance with clear policies and consent mechanisms. The main risk lies in the SSL certificate issue, which should be addressed promptly to maintain security posture and user confidence. Strategic recommendations include renewing the SSL certificate, enabling full HSTS, and enhancing accessibility and performance monitoring.

W

W.D. Matthews Machinery Co.

wdmatthews.com

40

W.D. Matthews Machinery Co. is a well-established heavy equipment dealer operating primarily in New England, with a history dating back to 1939. The company specializes in new and used forklifts, heavy machinery, warehousing supplies, rentals, parts, and service. It maintains strong partnerships with reputable brands such as Toyota, Manitou, Clark, and Bobcat, positioning itself as a leading regional provider in the transportation and industrial equipment sector. The website reflects a professional business model focused on equipment sales, rentals, and maintenance services targeting commercial and industrial clients in the region. Technically, the website is built on WordPress with WooCommerce and utilizes modern web technologies including Gravity Forms for data collection and Google Tag Manager for analytics. Hosting is provided by WP Engine with Cloudflare CDN for content delivery. While the site is mobile-optimized and well-structured with good SEO practices, performance data is incomplete, and some accessibility features are basic. The site lacks a valid SSL certificate, which is a critical security gap. From a security perspective, the absence of HTTPS and modern TLS protocols significantly reduces the site's security posture. No advanced security headers or mechanisms such as HSTS or OCSP stapling are implemented. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or terms of service page detected. Contact information is clearly provided, enhancing business credibility. Overall, the site presents a moderate risk profile due to the lack of HTTPS and limited privacy compliance. Strategic improvements in security configuration and privacy practices are recommended to enhance trust and protect user data. The business itself appears legitimate and well-positioned in its market, but the website's security shortcomings could impact user confidence and compliance with regulations.

M

M. M. Newman

mmnewman.com

40

M.M. Newman Corporation is a specialized manufacturer and distributor of Heli-Tube® spiral cable wrap and related specialty tubing and hot tool products. Established in 1956, the company holds a strong market position as a leading supplier in the manufacturing sector, targeting industrial and commercial customers requiring cable management solutions. Their website reflects a professional e-commerce platform built on WordPress and WooCommerce, offering clear navigation and relevant product information. The company demonstrates trustworthiness through certifications such as ISO 9001:2015 and provides comprehensive contact information and social media presence. However, the technical infrastructure shows gaps in security, notably the absence of a valid SSL certificate and incomplete HTTPS implementation, which poses risks to user data and trust. The site uses multiple analytics and marketing tools but lacks a cookie consent mechanism, indicating partial privacy compliance.

N

NDI

ndi.video

63

NDI.video is a leading technology provider specializing in IP-based video connectivity solutions that enable seamless multimedia experiences across various industries including broadcast, corporate collaboration, education, and content creation. The company offers a comprehensive ecosystem including SDKs, tools, certification programs, and a connected community platform to support developers and users. Their market position is strong, supported by a large product ecosystem and partnerships with notable organizations. Technically, the website is built on a modern WordPress VIP platform with Elementor and optimized for performance, mobile responsiveness, and SEO. Security posture is adequate with HTTPS and basic security headers, though improvements in DNS security and HTTPS hardening are recommended. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website reflects a professional and trustworthy business with a strong focus on developer enablement and user engagement.

V

Viz Flowics

flowics.com

37

Viz Flowics is a cloud-native platform specializing in live data-driven broadcast graphics, targeting broadcasters, live streamers, and corporations. The platform offers an intuitive web-based HTML5 graphics editor, native data connectors, social media integration, and NRCS integration, positioning itself as a modern solution in the media technology sector. The website reflects a professional and consistent brand presence supported by customer testimonials and case studies, indicating a solid market position under its parent company Vizrt. Technically, the site is built on WordPress with modern plugins and integrates multiple marketing and analytics tools, though performance metrics are not explicitly available. Security posture is weakened by the absence of a valid SSL certificate and lack of TLS support, which is a critical vulnerability for a platform serving professional clients. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

W

www.english-teacher-college.at

english-teacher-college.at

38

The website www.english-teacher-college.at operates as a specialized media platform providing comprehensive reviews, guides, and affiliate marketing services focused on online casinos in Austria. It targets Austrian online casino players by offering detailed casino ratings, bonus information, game variety, payment methods, and customer support evaluations. The site maintains a consistent brand presence with professional content and trust indicators such as DMCA protection and author credentials. Technically, the site is hosted behind Cloudflare and uses modern web technologies including JavaScript and Google Tag Manager, but lacks a valid SSL certificate, resulting in no HTTPS support and weak security posture. This absence of HTTPS and modern TLS protocols is a critical security gap that undermines user data protection and trust. Privacy and cookie policies exist but are basic in compliance, and no direct company contact emails or phone numbers are provided, though social media channels are linked. Overall, the site is functional and content-rich but requires urgent security improvements to enhance user trust and compliance.