Security Directory

U

Under The Milky Way

underthemilkyway.com

38

Under The Milky Way is a well-established global digital film distribution company with a strong market presence and partnerships with major VoD platforms. Their website reflects a professional business focused on digital distribution and marketing services, supported by a proprietary software solution for revenue optimization. Technically, the site is built on Squarespace with modern web technologies and includes basic SEO and mobile optimization. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy compliance is partially addressed with a cookie banner and privacy policy, but lacks comprehensive GDPR indicators and terms of service. Overall, the business appears legitimate and credible, but security posture requires urgent improvement.

N

Novotech

novotech-cro.com

40

Novotech is a globally recognized full-service clinical research organization (CRO) specializing in supporting biotech and small to mid-sized pharmaceutical companies with clinical trial services and scientific advisory. The company has a strong market position in the Asia-Pacific region and globally, supported by multiple industry awards and a comprehensive portfolio of services including medical consulting, patient recruitment, clinical operations, biometrics, virtual trials, and laboratory services. The website reflects a mature digital presence with multilingual support, professional design, and clear navigation tailored to its target audience of biopharmaceutical sponsors. Technically, the website is built on Drupal 10 and hosted on Pantheon, utilizing modern web technologies and third-party integrations such as OneTrust for cookie consent and Google Tag Manager for analytics. The site is mobile-optimized and accessible, with good SEO practices and structured data for enhanced search visibility. From a security perspective, while the site implements several important HTTP security headers and content security policies, it critically lacks a valid SSL certificate and does not support any TLS protocols, severely impacting the security posture and user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Business credibility is high, supported by consistent branding, professional content, and trust indicators. Overall, the site presents a professional and trustworthy front for Novotech but urgently requires remediation of its SSL/TLS configuration to ensure secure communications and compliance with modern security standards.

Sensus, a brand under Xylem Inc., specializes in smart solutions for water, energy, and communication infrastructure, targeting utilities and municipalities. The website presents a mature, well-branded digital presence with comprehensive product and service information, supporting a B2B business model focused on smart utility networks and managed services. Technically, the site uses modern web technologies including EPiServer CMS and Cloudflare for hosting, but suffers from critical SSL/TLS misconfigurations, lacking a valid HTTPS certificate which severely impacts security posture. Security headers are well implemented, but the absence of HTTPS and modern TLS protocols is a major vulnerability. Privacy compliance is partially met with a clear privacy policy and terms of service, but no cookie consent mechanism is observed despite cookie usage. Overall, the site is professional and trustworthy from a business perspective but requires urgent security improvements to protect user data and maintain trust.

W

Winterhalter Gastronom GmbH

winterhalter.biz

40

Winterhalter Gastronom GmbH is a well-established family-owned company specializing in professional warewashing technology, including commercial dishwashers, water treatment, chemicals, and accessories tailored for the hospitality industry. With a 75-year history, the company holds a strong market position as a quality and reliability leader serving diverse sectors such as restaurants, hotels, mass catering, and retail. The website is professionally designed, content-rich, and targets a global audience with multiple language versions and regional adaptations. Technically, the site is built on TYPO3 CMS and hosted behind Cloudflare, leveraging modern web technologies and cookie consent management via Usercentrics. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility and digital maturity are strong, but urgent remediation of SSL/TLS issues is recommended to enhance security and trust.

K

KLAFS GmbH

thermarium.com

40

KLAFS GmbH operates a comprehensive website focused on sauna manufacturing and wellness products, positioning itself as a market leader in Germany. The site offers detailed product information, showroom locations, and customer service options, targeting both private and professional customers. The business model integrates manufacturing, retail, and service with a strong emphasis on customer consultation and product innovation. Technically, the website is built on TYPO3 CMS and hosted on infrastructure linked to schalk-it.de, with modern marketing and consent management tools integrated. However, the security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocol support, which poses significant risks for user data protection and trust. Privacy compliance is well addressed with clear policies and a consent management platform. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

A

ATMOsphere

naturalrefrigerants.com

48

NaturalRefrigerants.com is a well-established industry portal published by ATMOsphere, focusing on natural refrigerant-based cooling and heating technologies. It serves as a global marketplace and news source, connecting buyers and providers worldwide. The website demonstrates a strong market position as a leading source of information since 2006, with a professional design and comprehensive content. Technically, the site is built on WordPress with Elementor and WooCommerce, leveraging modern web technologies but suffers from slow performance and lacks a valid SSL certificate, which impacts its security posture. The absence of HTTPS and security headers are critical vulnerabilities that need immediate attention. Privacy compliance is partial, with a privacy policy and terms of service present but no cookie consent mechanism detected. Overall, the site is credible and trustworthy but requires significant security improvements to protect user data and enhance trust.

The British Council is a globally recognized UK-based non-profit organization specializing in cultural relations and educational opportunities. With a presence in over 100 countries and a history spanning 90 years, it offers a broad range of services including English language learning, exams such as IELTS, study and work abroad programs, and arts and cultural initiatives. The website reflects a mature, professional digital presence with excellent content quality and clear navigation tailored to a diverse international audience.

A

AIM Group International

aimgroupinternational.com

35

AIM Group International is a medium-sized service provider specializing in event management, digital communication, and consultancy services primarily targeting companies and associations. The company offers a broad portfolio including conference management, virtual and hybrid events, healthcare meetings, digital marketing, and consultancy services. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on WordPress with modern libraries and plugins, hosted on Amazon AWS infrastructure. However, the website lacks a valid SSL certificate and does not support HTTPS, which significantly impacts its security posture. While cookie consent and privacy policies are implemented and GDPR compliant, the absence of HTTPS and security headers exposes the site to risks. Overall, the business appears legitimate and well-established with active social media presence and trust indicators such as an annual report and newsletter. Strategic improvements in security configuration are recommended to enhance trust and compliance.

H

Hilfswerk Österreich

hilfswerk.at

36

Hilfswerk Österreich is a large, well-established non-profit organization providing extensive health, social, and family services across Austria. The website reflects a professional and comprehensive digital presence, targeting a broad audience including elderly people, children, families, and caregivers. The organization maintains a strong market position as one of Austria's leading providers in its sector, supported by government funding and a wide range of services. Technically, the website is built on TYPO3 CMS with modern frontend libraries and includes accessibility and SEO best practices. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly undermines the site's security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Overall, the site demonstrates high professionalism and trustworthiness but urgently requires SSL implementation to mitigate security risks.

H&Z Unternehmensberatung AG is a well-established management consulting firm based in Munich, Germany, with a strong focus on strategy, procurement, transformation, sustainability, innovation, and technology. Founded in 1997, the company operates globally with over 600 consultants across 14 offices and is part of the larger H&Z Group and The Transformation Alliance. The website is professionally designed, content-rich, and targets leading organizations seeking strategic consulting services. Technically, the site uses modern frameworks such as Next.js and is hosted on Vercel, with cookie consent managed by Usercentrics and analytics via Google Tag Manager. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses risks to user trust and data security. Privacy compliance is partial, with cookie consent present but no visible privacy or terms of service policies. Overall, the site demonstrates high business credibility but requires urgent security improvements to align with best practices.

Acer Inc is a global technology company specializing in the manufacturing and retail of computing devices including laptops, desktops, Chromebooks, monitors, and projectors. The website targets both consumer and business audiences primarily in Finland but also globally, offering a comprehensive product catalog and support services. The company maintains a strong market position with consistent branding and a professional online presence. Technically, the site uses ASP.NET MVC framework, jQuery, and integrates multiple third-party analytics and marketing tools such as Google Tag Manager and Visual Website Optimizer. Hosting is via Amazon AWS with Akamai CDN for content delivery. Security posture shows presence of key security headers and secure cookies; however, the SSL certificate is invalid or missing and no TLS protocols are enabled, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the site is professional and trustworthy but requires urgent SSL remediation to improve security and trust.

TMF Group is a leading global provider of administrative, compliance, and governance services, supporting companies across more than 80 countries. Their extensive service portfolio includes accounting, tax, payroll, capital markets, fund services, and ESG administration, targeting corporates, financial institutions, asset managers, private equity, and family offices. The company operates through a large global network of over 11,000 professionals in 125+ offices, serving major multinational clients including Fortune Global 500 and FTSE 100 companies. The website reflects a mature business model with a strong market position and comprehensive service offerings. Technically, the website employs modern technologies such as Microsoft Application Insights, Google Tag Manager, OneTrust for cookie consent, and Cloudflare for CDN services. The site is well-structured, mobile-optimized, and SEO-friendly, with good accessibility features. However, performance metrics were not available, limiting full assessment of speed. From a security perspective, the site implements multiple security headers including a strict Content Security Policy and HSTS. Cookies are set with secure and HttpOnly flags, and privacy compliance is well addressed with GDPR-aligned policies and consent mechanisms. The critical weakness is the absence of a valid SSL certificate and disabled TLS protocols, which severely undermines the security posture and user trust. This issue requires immediate remediation to enable HTTPS and secure communications. Overall, the website is professionally designed and content-rich, demonstrating high business credibility and privacy compliance. The main risk lies in the invalid SSL configuration, which impacts security scores and could expose users to risks. Strategic improvements in SSL/TLS deployment and continued transparency in security policies will enhance trust and compliance.

H

Haberkorn GmbH

haberkorn.com

38

Haberkorn GmbH operates a multi-country B2B online shop specializing in industrial products and services, primarily serving Central and Eastern European markets. The company maintains a strong regional presence with subsidiaries and partner sites in Germany and neighboring countries. The website is professionally designed with good content relevance and user experience, supporting multiple languages and regional adaptations. However, the technical infrastructure shows critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and trustworthiness of the site. The site uses modern JavaScript libraries and tracking tools, including Google Tag Manager, Facebook Pixel, and Hotjar, with a comprehensive cookie consent mechanism indicating basic privacy compliance. Overall, while the business model and content quality are solid, the lack of HTTPS and security policies present significant risks that should be addressed promptly.

T

TTTech Auto

tttech-auto.com

40

TTTech Auto is a leading Austrian technology company specializing in system solutions and network hardware for software-defined vehicles, focusing on safety-critical automotive applications. The company holds a strong market position as a platform product and service provider with a comprehensive portfolio including software products, hardware products, and consulting services. Their target audience primarily includes automotive manufacturers and developers seeking advanced safety and security solutions for next-generation vehicles. Technically, the website is built on Drupal 10 and protected by Sucuri Cloudproxy, with modern web design and good SEO and accessibility features. However, the absence of a valid SSL certificate and lack of HTTPS significantly weaken the security posture, exposing the site to risks and reducing trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding, structured data, and transparent contact information.

Semmelrock, a brand under Wienerberger AG, specializes in manufacturing and distributing high-quality concrete paving and landscaping products across Central and Eastern Europe, with a strong presence in Romania. The website reflects a mature business with consistent branding and a focus on sustainability and innovation. Technically, the site is built on Adobe Experience Manager and integrates marketing tools like Google Tag Manager and Cookiebot for consent management. However, the absence of a valid SSL certificate and HTTPS significantly weakens the security posture, exposing users to potential risks. Privacy compliance is basic, with privacy and cookie policies present but lacking explicit GDPR compliance details. Contact information is limited to a contact form without visible emails or phone numbers, which may affect user trust. Overall, the site is professional and content-rich but requires urgent security improvements to align with modern standards.

J

Job-TransFair gemeinnützige GmbH

jobtransfair.at

27

Job-TransFair gemeinnützige GmbH is a Vienna-based non-profit organization dedicated to supporting disadvantaged individuals in the labor market by facilitating permanent employment opportunities. The organization collaborates with a large network of partner companies and receives financial support from the AMS Wien and the City of Vienna. Their website provides comprehensive information about their services, success stories, and job offers, targeting both job seekers and employers. The content is well-structured, professionally presented, and primarily in German. Technically, the site is built on the Contao CMS platform with modern frontend technologies like Bootstrap and jQuery, but suffers from a critical lack of HTTPS support due to an invalid or missing SSL certificate, which significantly impacts its security posture. Privacy compliance is strong, with Cookiebot implemented for consent management and clear privacy and cookie policies. The site also integrates Google Tag Manager for analytics and marketing purposes. Overall, the business is credible and transparent, with clear contact information and trust indicators such as certifications and partnerships.

A

ADMIRAL Entertainment Holding Germany GmbH

admiral-games.de

40

ADMIRAL Entertainment Holding Germany GmbH operates as a prominent gaming and entertainment company in Germany, specializing in the operation of modern game halls and providing a wide range of gaming machines and services. As part of the reputable NOVOMATIC AG group, ADMIRAL leverages both tradition and innovation to deliver unique leisure experiences to its customers. The website reflects a professional and consistent brand image targeting German-speaking audiences, with clear navigation and relevant business content. Technically, the site is built on TYPO3 CMS and uses modern frameworks like Bootstrap, but suffers from critical security shortcomings due to the lack of a valid SSL certificate and HTTPS support. Security headers are implemented, and cookie consent mechanisms are in place, indicating a basic level of privacy compliance. However, the absence of HTTPS significantly undermines the site's security posture. Overall, the business appears legitimate and well-established, with clear contact information and social media presence, but the technical security gaps present a risk that should be addressed promptly.

M

MP Corporate Finance GmbH

mpcf.net

33

MP Corporate Finance GmbH is a market-leading industrial M&A advisory firm based in Vienna, Austria. They specialize in maximizing shareholder value through dedicated sector teams and have a strong track record of over 700 projects worldwide. Their services cover buy-side, sell-side, capital raise, carve-out, and private equity lifecycle management, targeting corporates, family businesses, and financial sponsors in industrial sectors. The website is professionally designed, multilingual, and optimized for SEO and accessibility, reflecting a mature digital presence. However, the lack of a valid SSL certificate and HTTPS configuration significantly undermines their security posture, exposing users to risks. Security headers are well configured, but the absence of modern TLS protocols and strong cipher suites is a critical vulnerability. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Overall, the business credibility is high, but urgent improvements in SSL/TLS security are recommended to protect client data and maintain trust.

G

Gradonna ****s Mountain Resort

gradonna.at

25

Gradonna Mountain Resort is a premium 4-star superior hospitality business located in Austria, offering luxury hotel and chalet accommodations with wellness, spa, and ski-in ski-out amenities. The website is professionally designed with comprehensive content targeting tourists seeking mountain resort experiences. Technically, the site uses TYPO3 CMS with modern JavaScript libraries and integrates Cookiebot and Google Tag Manager for privacy and analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security vulnerability that significantly impacts the site's security posture. The domain registration is consistent with the business claims and is owned by the Schultz Gruppe, a parent company. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and trust.

dLocal is a mature, Nasdaq-listed fintech company specializing in payment processing solutions tailored for emerging markets across Africa, Asia, and Latin America. The company offers a comprehensive suite of services including payins, payouts, fraud management, and invoice collection, serving over 700 merchants with access to 900 payment methods. The website reflects a strong market position with professional branding, extensive content, and trusted partnerships with major global companies. Technically, the site uses modern JavaScript libraries and consent management tools, but suffers from a critical lack of a valid SSL certificate, severely impacting its security posture. Privacy and cookie policies are well implemented with GDPR compliance indicators. Overall, the site is professional and trustworthy but must urgently address its SSL/TLS configuration to ensure secure user interactions.

S

SCIA

scia.net

40

SCIA is a well-established company specializing in structural engineering software solutions, holding a leading market position in Europe. The company offers a range of products including SCIA Engineer and BIM solutions, supported by local expert teams and a comprehensive webshop. The website reflects a mature digital presence with professional design, clear navigation, and rich content targeting structural engineers and construction professionals. Technically, the site uses Drupal 9 CMS, Bootstrap framework, and is hosted behind Cloudflare, leveraging modern marketing and analytics tools such as Google Tag Manager and Marketo. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. Privacy compliance is partially met with a clear privacy policy but lacks a cookie consent mechanism despite active tracking. Business credibility is strong with visible certifications, testimonials, and clear contact information. Overall, SCIA demonstrates a solid business and technical foundation but must urgently address security and privacy shortcomings to enhance trust and compliance.

Nástupište 1-12 is a Slovak non-profit cultural organization dedicated to contemporary culture with a focus on music, art, presentations, and educational activities. The website serves as a platform to announce events, workshops, exhibitions, and artistic residencies primarily targeting the local cultural community and children. The organization maintains a consistent brand presence and provides comprehensive event information with good use of structured data for SEO and social media integration. Technically, the website is built on the Smartweb CMS platform, utilizing various JavaScript libraries such as jQuery and Owl Carousel, and is hosted by Smartweb providers. However, the website suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. Overall, the site is functional and content-rich but requires urgent security improvements.

T

Teradata

teradata.com

40

Teradata is a leading enterprise technology company specializing in cloud-based data analytics and Trusted AI platforms. Their offerings focus on enabling organizations to unify data, activate analytics, and accelerate business value through AI and cloud-native technologies. The website targets a broad audience including business leaders, data professionals, and developers, emphasizing innovation and cost efficiency. Technically, the site uses modern web technologies, integrates with major cloud providers, and employs advanced analytics and marketing tools, reflecting a mature digital infrastructure. Security posture shows good header implementation but is weakened by an invalid SSL certificate and lack of advanced TLS protocols. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site is professional, trustworthy, and well-branded, though improvements in SSL management and direct contact information would enhance credibility and security.

A

Akris CH

akris.ch

40

Akris CH operates a professional luxury fashion e-commerce website targeting women in Switzerland and Liechtenstein. The site offers high-end designer clothing and handbags, positioning itself as a premium brand with a consistent and elegant online presence. The business leverages Shopify as its platform, integrating advanced search (Algolia), marketing tools (Cookiebot, Mailchimp), and customer engagement features (Wishlist King, Globo Form Builder). The website content is rich, well-structured, and professionally designed, providing a seamless user experience with clear navigation and mobile optimization. Technically, the site is built on a modern e-commerce stack with Shopify hosting behind Cloudflare CDN. It uses multiple third-party scripts for analytics, marketing, and customer interaction. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS encryption and no enabled TLS protocols. This severely impacts the security posture and user trust, despite the presence of strong security headers and content security policies. Privacy compliance is well addressed with explicit privacy and cookie policies, GDPR consent mechanisms, and transparent data collection practices. Contact information is available primarily via contact forms and multiple regional email addresses, supporting customer service and boutique inquiries. Overall, while the business and technical maturity are strong, the lack of proper SSL/TLS configuration is a major risk that must be remediated urgently to protect customer data and maintain brand reputation.

The Doppelmayr Group website for the Automated People Mover system presents a business focused on transportation solutions, specifically cable liner automated people movers designed to manage high visitor flows efficiently. The company appears to be a large, established entity in the transportation sector based in Austria, with a consistent brand presence and clear business focus. The website content is basic but includes well-structured SEO metadata and social sharing tags, indicating some digital marketing maturity. Technically, the site uses modern frameworks such as Nuxt.js and WordPress CMS, hosted behind Cloudflare CDN. However, the absence of a valid SSL certificate and lack of HTTPS severely undermine the security posture. Performance metrics are unavailable, but the presence of many prefetch and preload scripts suggests an attempt at optimization, though the lack of HTTPS is a critical flaw. Mobile optimization and accessibility are basic, with room for improvement. Security analysis reveals significant vulnerabilities: no SSL/TLS encryption, no HSTS, no DMARC, DNSSEC, or CAA records, and no security.txt or vulnerability disclosure policies. Tracking and advertising scripts are present without accompanying privacy or cookie policies, indicating poor privacy compliance. No contact or incident response information is provided, limiting transparency and trust. Overall, the website's risk profile is elevated due to missing HTTPS and privacy compliance gaps. Strategic improvements in security infrastructure, privacy policies, and contact transparency are recommended to enhance trust and compliance.

F

Flaga s r.o.

flaga.cz

21

Flaga s r.o. is a mature Czech energy company specializing in the distribution of liquefied petroleum gas (LPG) in cylinders, tanks, and for automotive use. The company has a strong market presence supported by a 27-year domain age and recognized safety certifications. Their website targets both corporate and individual customers in the Czech Republic and Poland, offering a range of LPG products and customer services including electronic invoicing. Technically, the website is built on Joomla CMS with PHP 8.3.3 backend and jQuery frontend, integrating Google Tag Manager and OneTrust for analytics and cookie consent. However, the site lacks HTTPS, which is a critical security deficiency. Security headers are partially implemented but the absence of SSL/TLS and modern protocols significantly weakens the security posture. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the business credibility is solid, but the technical and security implementations require urgent improvements to meet modern standards.

H

H.B. Fuller

hbfuller.com

40

H.B. Fuller is a well-established global manufacturer specializing in adhesives, sealants, and specialty chemical products with a 130-year history. The company serves diverse industrial sectors including electronics, medical, transportation, packaging, and construction. Their business model focuses on B2B manufacturing with strong technical support and sustainability initiatives. The website reflects a mature digital presence with comprehensive content, multi-language support, and clear navigation tailored to industrial customers and partners. Technically, the website leverages modern frameworks such as Bootstrap 5 and integrates advanced search capabilities via Coveo. It uses Cloudflare for hosting and CDN services, and employs multiple analytics and tracking tools including Google Analytics, Microsoft Clarity, Hotjar, and Application Insights. The site is mobile-optimized and SEO-friendly, though performance metrics were not available. From a security perspective, the site implements a robust Content Security Policy and uses multiple security headers. However, a critical weakness is the absence of a valid SSL certificate and lack of TLS protocol support, which severely impacts the security posture and user trust. Privacy compliance is strong, with comprehensive policies and consent management via Iubenda. Contact information and social media presence further enhance business credibility. Overall, the site is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure communications and improve its security score. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and implementing HSTS and OCSP stapling to enhance security and user confidence.

S

Salinen Austria Aktiengesellschaft

salinen.com

40

Salinen Austria Aktiengesellschaft is a leading Austrian salt manufacturer specializing in high purity salt products including pharmaceutical salt, cooking salt, industrial salt, and agricultural fertilizers. The company serves both private consumers and business clients, offering a broad product portfolio and an online webshop. Their market position is strong within Austria and the surrounding region, supported by multiple country-specific sister sites. Technically, the website is built on TYPO3 CMS with modern frontend features such as lazy loading images and Google Analytics integration. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture. Security headers are partially implemented but without encryption, the site is vulnerable to interception. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is clearly presented, enhancing business credibility. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and maintain trust.

A

Amadeus International School Vienna

amadeus-vienna.com

28

Amadeus International School Vienna is a well-established private international school offering IB education and boarding services with a unique integrated Music and Arts Academy. The school targets international students and families seeking high-quality education in Vienna. The website is professionally designed with rich content and multimedia, reflecting a mature digital presence. Technically, the site is built on WordPress with modern plugins and frameworks, but suffers from a critical lack of HTTPS due to an invalid SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are implemented with consent mechanisms, supporting GDPR compliance. Contact information is clearly presented, enhancing business credibility. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

Jacobs Douwe Egberts is an established enterprise-level company operating in the retail sector, specializing in coffee and related consumer goods. The website presents a professional corporate image with clear branding and content focused on product portfolio, sustainability, careers, and corporate responsibility. The target audience includes consumers, job seekers, and stakeholders interested in corporate responsibility. The business model centers on product sales and brand reputation in the global coffee market. Technically, the website uses a modern CMS platform (Episerver) and integrates analytics and tag management tools such as Microsoft Application Insights and Google Tag Manager. However, the site suffers from slow load times and lacks a valid SSL certificate, which impacts user trust and security. Mobile optimization and SEO are adequately addressed, but accessibility is basic. From a security perspective, the absence of HTTPS and security headers is a critical vulnerability. The DNS configuration lacks DNSSEC and CAA records, and no advanced security policies or incident response contacts are published. Cookie consent is implemented via OneTrust, indicating some privacy compliance efforts. Overall, the website is functional and professional but requires urgent improvements in security infrastructure, particularly enabling HTTPS and adding security headers. Performance optimization is also recommended to enhance user experience and trust.

W

WTW

willistowerswatson.com

40

WTW is a global enterprise specializing in risk management, employee benefits, and capital solutions. The company offers comprehensive consulting services aimed at helping organizations optimize their human capital, manage risks, and leverage capital effectively. The website reflects a mature digital presence with multi-language support and a clear focus on professional service delivery. Technically, the site uses modern frameworks such as Bootstrap and Sitecore CMS, integrated with advanced search and video technologies. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which undermines HTTPS security benefits. Privacy compliance is strong with clear cookie and privacy policies, and the site employs extensive analytics and marketing tools. Overall, the site is professional and trustworthy but requires urgent remediation of SSL and TLS issues to improve security and user trust.

D

dmcgroup

dmcgroup.eu

24

dmcgroup is a design and digital agency specializing in strategic consulting, branding, UX/UI design, and web and software development. Positioned as a top-ten brand agency in Austria with notable industry rankings, it serves a diverse clientele including national and international companies. The website reflects a professional and consistent brand image with comprehensive service offerings and strong trust indicators such as reputable client logos and industry recognition. Technically, the site is built on WordPress with modern frontend libraries and caching mechanisms, but lacks a valid SSL certificate, which is a critical security gap. Security headers are partially implemented, and privacy policies are present and GDPR compliant, though cookie consent mechanisms are not evident. Overall, the security posture is basic and requires urgent improvements to protect user data and enhance trust. The website is accessible and well-structured, with good mobile optimization and SEO practices, but performance metrics are missing and inferred to be slow. Strategic recommendations include immediate SSL deployment, enabling modern TLS protocols, enhancing security headers, and implementing cookie consent mechanisms to improve compliance and user trust.

F

Fercam S.p.A.

fercam.com

40

FERCAM S.p.A. is a well-established logistics and transport company with over 75 years of experience, offering a broad range of services including road, air, and ocean freight, integrated logistics, customs consulting, and specialized transport services. The company operates primarily in Europe with presence in Asia and Africa, targeting businesses requiring comprehensive supply chain solutions. The website demonstrates a good level of digital maturity with multi-language support, structured navigation, and integration of modern analytics and marketing tools. However, the absence of HTTPS and a valid SSL certificate significantly weakens the security posture, exposing users to potential risks. Privacy and cookie policies are present and supported by consent mechanisms, indicating compliance with GDPR standards. Overall, the site is professional and trustworthy but requires urgent security improvements.

I

illwerke vkw AG

illwerkevkw.at

40

illwerke vkw AG is a well-established energy company based in Austria, specializing in renewable energy production including hydropower, wind, and photovoltaic sources, as well as energy trading and supply. The company has a strong regional presence in Vorarlberg and operates several subsidiaries in related sectors such as energy networks and tourism. The website reflects a professional and consistent brand image with comprehensive business information and active social media engagement. Technically, the site uses modern JavaScript libraries and frameworks, including Bootstrap and jQuery, and integrates Google Tag Manager and Usercentrics for analytics and consent management. However, the lack of a valid SSL certificate and HTTPS support is a significant security shortfall, impacting the overall security posture and user trust. Privacy policies and cookie consent mechanisms are well implemented, indicating good compliance with GDPR requirements. Overall, the website is informative and user-friendly but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

IFS is a global enterprise software solution provider specializing in ERP, EAM, FSM, and ESM solutions with a strong emphasis on Industrial AI (IFS.ai). The company targets industrial and enterprise customers requiring advanced asset and service management solutions. Their market position is strong, supported by industry accolades and a large enterprise presence. Technically, the website uses a modern tech stack including Bootstrap, jQuery, and various JavaScript libraries, hosted on Akamai CDN, with Sitecore CMS inferred. Security headers are well implemented, but the SSL certificate is currently invalid or missing, which is a critical issue. Privacy and cookie policies are present with consent mechanisms, indicating good compliance posture. Overall, the website is professional, content-rich, and trustworthy, though SSL issues need urgent resolution.

A

AXIS Flight Training Systems GmbH

axis-simulation.com

38

AXIS Flight Training Systems GmbH is a medium-sized Austrian company specializing in the design and manufacture of advanced flight simulation solutions, including full flight simulators and training devices that comply with international aviation standards such as EASA, FAA, and ICAO. Founded in 2004, AXIS positions itself as an innovator in the flight simulation industry, emphasizing quality, efficiency, and responsiveness to customer needs. The company maintains ISO 9001-2015 certification and has committed to CO2 neutrality since 2021, reflecting corporate responsibility values. Technically, the website is built on WordPress with Elementor and integrates various plugins for event management, galleries, and cookie consent. The site uses Google Analytics and Google Ads for analytics and marketing, with a compliant cookie consent mechanism in place. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. The DNS configuration shows some malformed CAA records, and no modern TLS protocols are enabled, exposing the site to potential security risks. Security posture is weak due to the absence of HTTPS and related security headers, although no active vulnerabilities or malware were detected. Privacy compliance is strong, with clear privacy and cookie policies and user consent mechanisms. Business credibility is high, supported by detailed company information, social media presence, and trust indicators such as certifications and CO2 neutrality. Overall, the website is professional and content-rich but requires urgent security improvements, particularly SSL/TLS implementation, to protect user data and enhance trustworthiness.

K

KISSA Tea

kissatea.com

40

KISSA Tea operates a premium e-commerce platform specializing in organic matcha tea and related accessories, targeting health-conscious and lifestyle consumers primarily in Europe. The website is built on Shopify and leverages multiple marketing and analytics tools to enhance customer engagement and sales. While the site demonstrates excellent content quality, branding consistency, and user experience, a critical security gap exists due to the absence of a valid SSL certificate, undermining HTTPS security. The presence of comprehensive privacy and cookie policies with consent mechanisms reflects good compliance posture. Overall, the business appears legitimate and well-positioned in its niche, but immediate remediation of SSL/TLS issues is essential to protect customer data and maintain trust.

G

Gruppo Codognotto

codognotto.eu

39

Gruppo Codognotto is a well-established logistics and freight transport company based in Italy, offering integrated logistics services including sea, air, and road transport, customs handling, and warehousing. The company operates a large fleet across multiple countries and holds recognized ISO certifications, positioning itself as a reliable third-party logistics provider in the European and international markets. The website reflects a professional business presence with clear service offerings and relevant content for its target audience. Technically, the site runs on Drupal 7 with common web technologies like jQuery and Bootstrap, but suffers from outdated CMS usage and lacks a valid SSL certificate, which significantly impacts its security posture. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols exposes users to risks. Privacy and cookie policies exist but are basic, with limited GDPR compliance indicators. Contact information is available via email and forms, but no phone numbers or physical addresses are explicitly provided. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

S

SK Rapid

skrapid.at

22

SK Rapid's official website serves as a digital hub for the Austrian football club, providing fans with access to news, podcasts, merchandise, ticket sales, and video content. The site demonstrates a solid market position as a leading sports organization in Austria with a well-established brand and multiple sponsorship partnerships. Technically, the website is hosted on nginx servers with a modern JavaScript-based frontend and integrates third-party services such as Google Tag Manager and OneTrust for cookie consent management. However, the absence of HTTPS and a valid SSL certificate significantly undermines the site's security posture, exposing users to potential risks. The site lacks explicit privacy and terms of service policies, which impacts compliance with GDPR and other privacy regulations. Overall, while the business presence and content quality are good, critical security and privacy gaps require urgent attention to protect users and enhance trust.

K

KOHLBACH

kohlbach.at

34

KOHLBACH is a company specializing in biomass energy solutions, targeting businesses and organizations interested in sustainable energy production. The website presents a basic digital presence with minimal content and limited business information. The technical infrastructure uses modern JavaScript frameworks such as React and integrates third-party services like CookiePro for cookie consent and Google Tag Manager for analytics. However, the website lacks HTTPS, which is a critical security deficiency, and does not provide privacy policies or contact information, limiting trust and compliance. Security posture is weak due to missing SSL, lack of security headers beyond Content-Security-Policy, and absence of domain security features like DMARC and DNSSEC. Overall, the site is functional but requires significant improvements in security and compliance to meet industry standards.

F

FLSmidth A/S

flsmidth.com

39

FLSmidth A/S is a global leader in mineral processing equipment and services, serving the mining industry with a comprehensive portfolio of products, parts, and digital solutions. The company emphasizes sustainability through its MissionZero program, aiming for zero-emissions mining by 2030. The website is built on a modern Next.js framework and hosted on Vercel, reflecting a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS enforcement, which significantly impacts the site's security posture. Despite this, the site provides extensive business and investor information, clear contact details, and demonstrates good privacy compliance with comprehensive legal pages. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

W

Wipro

wipro.com

40

Wipro is a mature, global enterprise specializing in digital transformation and IT services, offering a broad portfolio including cloud, AI, cybersecurity, and consulting. The website reflects a professional and content-rich digital presence targeting enterprise clients worldwide. Technically, the site uses modern marketing and analytics technologies and is hosted on AWS with Adobe Experience Manager CMS. However, critical security issues exist due to an invalid SSL certificate and lack of modern TLS protocol support, which significantly impacts the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent remediation of SSL and TLS configurations to ensure secure user interactions.

S

SonnenMoor

sonnenmoor.at

40

SonnenMoor is an established Austrian family-owned business specializing in natural health products and remedies, operating since 1972. The company leverages a Shopify-based e-commerce platform to serve both retail consumers and business partners, with a strong focus on natural, herbal, and moor-based products. The website is professionally designed, content-rich, and provides comprehensive contact and support information, including personal consultation services. Technically, the site uses modern e-commerce technologies and integrates multiple marketing and analytics tools with GDPR-compliant consent mechanisms. However, a critical security issue is the lack of a valid SSL certificate and disabled TLS protocols, which significantly impacts the security posture and user trust. The domain registration data aligns well with the business claims, indicating legitimacy and consistency. Strategic improvements in SSL/TLS configuration are essential to enhance security and trust.

T

Tulsa Public Schools

tulsaschools.org

40

Tulsa Public Schools operates a comprehensive public education system serving a large student population in Tulsa, Oklahoma. The website provides extensive resources for students, families, educators, and community members, including enrollment information, academic programs, family support, and career opportunities. The district positions itself as a community-focused organization committed to equity, excellence, and student success. Technically, the site leverages modern analytics and marketing tools, a reputable CMS (Finalsite), and Cloudflare for hosting and security. However, a critical security gap exists due to the absence of a valid SSL certificate, which undermines the secure delivery of content and user trust. Privacy and cookie policies are not explicitly found, indicating potential compliance gaps. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

Weatherford's PetroVisor website presents a mature and comprehensive SaaS platform focused on unifying data and analytics for the energy sector, specifically oil and gas production optimization. The platform integrates AI/ML capabilities and offers multiple modules addressing production, artificial lift, completion optimization, ESG, and enhanced oil recovery. The website is professionally designed, content-rich, and targets enterprise-level energy industry professionals. Technically, the site uses a modern tech stack including Kentico CMS, jQuery, and various analytics and marketing tools. However, a critical security gap exists as the site lacks a valid SSL certificate and does not serve content over HTTPS, exposing users to potential risks. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security incident response or vulnerability disclosure information is found. Overall, the domain registration data supports the legitimacy and maturity of the business. Strategic security improvements are necessary to enhance trust and protect user data.

M

MPG GmbH

michael-pachleitner-group.com

27

MPG GmbH is an established Austrian eyewear company specializing in manufacturing and retail of optical frames and lenses, serving both B2B and B2C markets. The company operates multiple subsidiaries and maintains a professional online presence with multilingual support and structured data. Technically, the website is built on WordPress using Elementor and Yoast SEO, integrating marketing tools such as Google Tag Manager and Facebook Pixel. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap, exposing users to potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks a cookie consent mechanism. Overall, the business demonstrates credibility and maturity, but security posture requires urgent improvement to align with best practices.

O

OC Oerlikon Management AG

oerlikon.com

40

OC Oerlikon Management AG is a global industrial technology leader specializing in surface technologies, advanced materials, and additive manufacturing solutions. The company serves key growth markets including automotive, aerospace, energy, tooling, and luxury sectors through a portfolio of subsidiaries and partner brands. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. However, the technical infrastructure shows critical security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which poses significant risks to user trust and data security. Privacy compliance is well addressed with a robust cookie consent mechanism and clear privacy policies. Overall, the business demonstrates high legitimacy and market positioning but requires urgent improvements in security posture to align with best practices.

D

DHK

dhk.be

39

DHK is a Belgian company specializing in aluminum and composite building materials, offering a range of products including aluminum profiles, pergolas, carports, and custom folded sheet metal work. The company targets both professional and private customers in the construction and renovation sectors, providing online configurators and a digital showroom to enhance customer experience. The website reflects a medium-sized business with a consistent brand presence and active social media engagement. Technically, the site is built on a Ruby on Rails framework, hosted on OVH infrastructure, and uses modern marketing tools such as Google Tag Manager and ActiveCampaign. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. Security headers are partially implemented but some important protections like X-XSS-Protection are disabled. Privacy and cookie policies exist but lack explicit consent mechanisms, which may impact GDPR compliance. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

T

Therefore Corporation

therefore.net

31

Therefore Corporation operates a comprehensive information management platform targeting businesses across multiple industries. The company positions itself as a market leader in ECM and workflow automation, offering a wide range of software solutions designed to improve document management, workflow digitization, and data accessibility. Their website reflects a mature digital presence with professional design, rich content, and clear navigation. Technically, the site is built on WordPress with modern optimization plugins and uses Google Tag Manager for analytics. However, the absence of a valid SSL certificate is a significant security gap, undermining the otherwise strong security headers and policies. Privacy compliance is well addressed with GDPR-aligned policies and consent mechanisms. Overall, the business credibility is high, supported by certifications, partner relationships, and extensive case studies.

T

twinformatics GmbH

twinformatics.at

39

twinformatics GmbH is a medium-sized Austrian IT service provider specializing in software development and operation for major insurance companies such as Wiener Städtische Versicherung AG and Vienna Insurance Group. The company positions itself as a strong IT partner with end-to-end responsibility for innovative software solutions trusted by thousands of users. The website is professionally designed, primarily in German, targeting IT professionals and potential employees. Technically, the site runs on WordPress with modern PHP and uses several plugins for enhanced functionality. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, despite the presence of HSTS headers. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. The security posture is basic and requires immediate improvements in SSL/TLS configuration and vulnerability disclosure practices. Overall, the website reflects a credible and professional business but needs technical security enhancements to align with best practices.