Security Directory

TNT.com represents the Finnish localized website of TNT Express, a global logistics and express delivery company now integrated with FedEx. The website offers comprehensive information about TNT's shipping services, tracking tools, and customer support, targeting both businesses and individual customers requiring international and domestic shipping solutions. The site is professionally designed with consistent branding and uses advanced marketing and analytics technologies such as Adobe Experience Manager, Optimizely, and Adobe DTM. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, which significantly undermines the site's security posture. Privacy and terms of service pages are present and appear comprehensive, supporting GDPR compliance. Overall, the site demonstrates a mature digital presence but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and maintain user trust.

D

DenizBank A.Ş.

denizbank.com

40

DenizBank A.Ş. is a large Turkish financial institution offering a broad range of banking services including retail, corporate, and specialized banking sectors. The website reflects a mature digital presence with comprehensive service offerings, detailed legal disclosures, and strong branding consistency. The bank targets both individual and business customers with tailored products and digital banking solutions. The site includes rich content, interactive calculators, and marketing campaigns, indicating a well-developed digital marketing strategy. Technically, the website uses modern JavaScript frameworks and integrates third-party marketing and analytics tools such as Google Tag Manager and Adjust. However, performance metrics indicate slow loading times, and the SSL/TLS configuration is critically flawed with an invalid certificate and no TLS protocols enabled, posing significant security risks. Security posture is moderate with good use of security headers but undermined by the lack of valid SSL and TLS support. Privacy compliance is strong with detailed privacy policies and data protection disclosures, including a dedicated KVKK (Turkish data protection law) section. Contact information is clearly presented, enhancing business credibility. Overall, while the business and content aspects are strong, the critical SSL issues represent a major risk that must be addressed immediately to protect user data and maintain trust.

B

Blühendes Österreich – BILLA gemeinnützige Privatstiftung

bluehendesoesterreich.at

40

Blühendes Österreich is a well-established non-profit foundation founded in 2015 by BILLA AG and BirdLife Österreich, dedicated to promoting biodiversity and protecting endangered habitats in Austria. The website serves as a comprehensive platform for nature experiences, educational content, and community engagement, targeting Austrian municipalities, nature enthusiasts, and farmers. Technically, the site is built on Drupal 10, uses modern analytics and messaging tools, and is protected by Sucuri Cloudproxy WAF. However, a critical security gap exists due to the absence of a valid SSL certificate, exposing users to insecure connections. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Business credibility is high, supported by strong partnerships and trust indicators. Strategic improvements in SSL deployment and security hardening are recommended to enhance user trust and security posture.

REWE International AG operates a comprehensive career website for its retail group in Austria, including brands such as BILLA, PENNY, BIPA, and ADEG. The company is a major employer offering diverse job opportunities across retail stores, logistics, and corporate offices. The website is professionally designed with clear navigation and rich content targeting job seekers interested in retail careers. Technically, the site uses modern frameworks like Nuxt.js and Vue.js, hosted likely on AWS infrastructure, and managed via the Storyblok CMS. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy and credible but urgently needs to address its SSL/TLS configuration to protect users and improve security.

I

International Workplace Group plc

iwgplc.com

40

International Workplace Group plc (IWG) is a global leader in providing hybrid working solutions through an extensive network of office spaces, coworking locations, virtual offices, and meeting rooms. The company targets businesses and professionals seeking flexible workspace options worldwide, positioning itself as the premier provider in the real estate sector for hybrid work environments. Their business model revolves around workspace-as-a-service, offering scalable and customizable solutions to meet diverse client needs. Technically, the website leverages modern frameworks such as Next.js and Sitecore CMS, hosted on Azure, with integrations including OneTrust for privacy management and Google Tag Manager for analytics. The site demonstrates excellent mobile optimization, accessibility, and SEO practices, although performance metrics are moderate due to lack of explicit data. From a security perspective, the site exhibits several best practices including comprehensive security headers and secure cookie attributes. However, a critical issue is the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts the security posture. Other vulnerabilities include disabled TLS protocols and missing HSTS enforcement. Privacy compliance is strong with clear policies and consent mechanisms in place. Overall, while the business and technical aspects of the website are robust and professional, the critical security gaps related to SSL/TLS must be addressed promptly to ensure user trust and data protection. Strategic recommendations include immediate SSL certificate installation, enabling modern TLS protocols, and enhancing security headers to elevate the security posture.

S

Studiewereld Laudius

laudius.nl

40

Laudius is a well-established Dutch education provider specializing in affordable, recognized home study courses. With over 40 years of experience, it targets individuals seeking flexible learning options for career advancement and personal development. The website is built on TYPO3 CMS and hosted via Cloudflare, integrating Google Tag Manager for analytics and marketing. Despite good content quality and professional design, the absence of a valid SSL certificate significantly weakens the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact channels including phone and social media. Certifications and customer reviews enhance trustworthiness. Strategic improvements in SSL implementation and security best practices are recommended to elevate overall security and user trust.

E

Eppendorf SE

eppendorf.com

40

Eppendorf SE is a well-established, leading life sciences company specializing in the development and sale of laboratory instruments, consumables, and services globally. Their product portfolio spans liquid handling, bioprocessing, centrifugation, and more, targeting academic, commercial, pharmaceutical, and industrial laboratories. The website reflects a mature, professional digital presence with comprehensive content, clear navigation, and multi-regional support. Technically, the site employs modern JavaScript frameworks and integrates advanced marketing and analytics tools, although performance data is limited. Security posture is currently weak due to invalid or missing SSL/TLS certificates and lack of enabled TLS protocols, which is a critical risk. Privacy compliance is strong, with clear cookie and privacy policies and consent mechanisms in place. Overall, the site is trustworthy and credible but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

L

lucesem® - Ihr Komplettanbieter für EDV!

lucesem.at

28

lucesem® is a well-established IT service provider based in Klagenfurt, Austria, offering a broad range of IT solutions including managed IT services, cloud services, VoIP telephony, repair services, and data recovery for both business and private customers. The company has a strong regional presence and serves local and international clients. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to its target audience. Technically, the site is built on WordPress with popular plugins and themes, leveraging modern web technologies and SEO best practices. However, the absence of a valid SSL certificate is a critical security shortfall, exposing users to potential risks and undermining trust. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. Overall, the business demonstrates credibility and professionalism but must urgently address its SSL/TLS configuration to improve security posture and user trust.

W

Wienerberger

wienerberger.it

39

Wienerberger Italy operates a comprehensive website focused on manufacturing and distributing clay building materials, targeting construction professionals and architects. The site offers detailed product catalogs, technical resources, and support services, positioning Wienerberger as a key player in the Italian building materials market. The digital infrastructure is built on Adobe Experience Manager, leveraging modern web technologies and integrated marketing tools such as Google Tag Manager and Cookiebot for consent management. However, the absence of a valid SSL certificate and HTTPS support represents a critical security vulnerability that undermines user trust and data protection. While the site includes privacy and cookie policies compliant with GDPR, it lacks explicit security and incident response disclosures. The domain registration is consistent with the business claims, reinforcing legitimacy. Strategic improvements in SSL deployment and security posture are essential to elevate the site's trustworthiness and compliance.

Bunge Global SA operates a comprehensive global agribusiness and food ingredient supply chain, connecting farmers to consumers with a focus on sustainability and renewable energy. The website reflects a large enterprise with a professional digital presence, including regional sites and investor relations. Technically, the site uses modern JavaScript libraries, Google Tag Manager for analytics, and OneTrust for cookie consent, but suffers from a critical lack of valid SSL/TLS certificates, impacting security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and trust.

EssenceMediacom is a global media agency specializing in creating breakthroughs for brands across diverse industries. With over 10,000 employees operating in 96 markets, the company offers integrated media solutions, analytics, creative futures, and specialist B2B marketing services. The website reflects a strong market position supported by a comprehensive service portfolio and global reach. Technically, the site is built on modern frameworks such as Next.js and React, hosted via Cloudflare, and uses DatoCMS for content management. While the site demonstrates good mobile optimization, accessibility, and SEO practices, performance metrics indicate slower load times that could be improved. Security posture is moderate; although security headers and content security policies are well implemented, the lack of a valid SSL certificate and disabled TLS protocols represent significant vulnerabilities. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the site is professional and trustworthy but requires urgent SSL and TLS improvements to enhance security and user trust.

T

Trusted Shops SE

trustedshops.at

40

Trusted Shops SE operates a leading European platform providing trust and buyer protection services for online shopping. The website targets consumers primarily in German-speaking European countries, offering services such as a trustmark certification, buyer protection insurance, and verified customer reviews. The business model focuses on B2B and B2C services, supporting over 30,000 certified shops and millions of users. The company is well-established with consistent branding and strong trust indicators. Technically, the website is built on WordPress with modern marketing and consent management tools, but suffers from slow performance and lacks a valid SSL certificate, which critically impacts security. Privacy policies and GDPR compliance are well implemented. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

C

Cosma

cosma.com

39

Cosma, a division of Magna International Inc., is a global provider of body, chassis, and engineering solutions primarily serving the automotive industry. The company leverages robust product engineering, tooling capabilities, and process expertise to deliver lightweight and innovative products to its customers worldwide. Positioned as a key group within a large multinational, Cosma targets automotive manufacturers and industry partners with a B2B business model focused on manufacturing and engineering services. Technically, the website is built on the Sitefinity CMS platform and utilizes modern JavaScript libraries such as jQuery, Google Tag Manager, and CookiePro for analytics and consent management. The site demonstrates good SEO, accessibility, and mobile optimization practices, with comprehensive privacy and cookie policies in place. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. From a security perspective, while the site implements strong content security policies and several security headers, the lack of HTTPS and TLS protocols is a critical vulnerability. This exposes users to potential data interception and undermines trust. No incident response or security policy information is publicly available, and no vulnerability disclosure or security.txt files were found. Overall, the website presents a professional and trustworthy business front with strong content and compliance practices but requires urgent remediation of its SSL/TLS configuration to meet modern security standards and protect user data effectively.

Teaching 2 Inspire is a small UK-based educational resource website focused on providing teaching tips, parenting advice, assemblies, and free materials to educators and parents. The website content is basic and somewhat dated, with a clear focus on inspirational teaching and learning practices. The technical infrastructure relies on nginx and ASP.NET, with Google Tag Manager used for analytics. However, the website lacks modern security measures, notably missing HTTPS and a valid SSL certificate, which poses significant risks to user data and trust. Privacy compliance is minimal, with no visible privacy or cookie policies, and no consent mechanisms for tracking. Overall, the website's security posture is weak, and the technical implementation is basic, limiting its professionalism and trustworthiness.

Caverion Corporation is a leading northern European technical services and installation company specializing in building performance, infrastructure, and industrial site solutions. The company offers a broad range of services including automation, project management, energy solutions, and critical infrastructure support. It operates as part of the Assemblin Caverion Group, reflecting a strong market position in the energy and technical services sector. The website targets businesses and organizations seeking smart and sustainable built environment solutions. Technically, the site uses modern web technologies such as ASP.NET, Bootstrap, and Azure hosting with Cloudflare CDN. It employs multiple analytics and marketing tools, indicating a mature digital presence. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which is a critical vulnerability. Privacy and cookie policies are present and GDPR compliant, but no explicit security policy or incident response information is found. Overall, the website is professional and trustworthy but requires urgent SSL/TLS remediation to ensure secure communications.

B

Brenntag

brenntag.com

40

Brenntag is a global enterprise specializing in chemical distribution, logistics, and value-added services tailored to customer needs. The website serves as a multilingual portal with a splash page for country and language selection, indicating a broad international presence. The technical infrastructure leverages modern JavaScript frameworks such as Nuxt.js and integrates with Google Tag Manager and OneTrust for analytics and cookie consent management. However, the site lacks a valid SSL certificate, which significantly impacts its security posture. No explicit privacy policy, terms of service, or contact information are readily available on the splash page, which may affect user trust and compliance. Overall, Brenntag's website reflects a professional business with good design and user experience but requires improvements in security and privacy compliance to enhance trust and regulatory adherence.

S

Sigma Phi Epsilon Fraternity

sigep.org

40

Sigma Phi Epsilon is a well-established national fraternity organization focused on building balanced men through leadership, brotherhood, and educational programs. The website serves a large audience including undergraduate members, alumni, and volunteers, providing resources such as scholarships, leadership development, and community engagement. The organization maintains a consistent brand and professional online presence with clear navigation and relevant content. Technically, the site is built on WordPress with modern plugins and hosted on WP Engine via Google Cloud infrastructure. However, the site currently lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Tracking technologies such as Google Analytics and Facebook Pixel are used extensively, but no cookie consent mechanism is implemented, indicating partial privacy compliance. Contact information and physical address are clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and comply with best practices.

Z

Zahnarztpraxis Dr. Christian Pastor

zahnarzt-pastor.de

21

Zahnarztpraxis Dr. Christian Pastor is a small, local dental and oral surgery practice based in Beilstein, Germany. The website presents a professional image with a comprehensive range of dental services including prophylaxis, implantology, oral surgery, and aesthetic dentistry. The practice emphasizes patient-centered care and modern technology. Technically, the website is built using modern frameworks such as Nuxt.js and Vue.js, hosted by agenturserver.de, and includes cookie consent mechanisms and Google Tag Manager for analytics. However, the site lacks HTTPS encryption, which is a critical security flaw. Security headers are minimal, and no advanced security policies or incident response information is provided. The WHOIS data is consistent with the business claims, supporting legitimacy. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

A

APG

apg.nl

40

APG is a large Dutch pension fund service provider specializing in pension administration, asset management, and advisory services. The website is content-rich, professionally designed, and targets pension participants and institutional investors. The technical infrastructure includes Cloudflare hosting, Umbraco CMS, and multiple marketing and analytics tools such as Google Tag Manager and Cookiebot. However, a critical security issue is the absence of a valid SSL certificate and enabled TLS protocols, which severely impacts the security posture. Security headers are well implemented, but the lack of HTTPS reduces trust and security. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via web forms, with no explicit emails or phone numbers found. Social media presence is active on LinkedIn, Facebook, and Instagram. Overall, the website is professional and trustworthy but requires urgent SSL/TLS configuration improvements to enhance security and user trust.

Sulzer Ltd is a globally recognized leader in fluid engineering, specializing in the manufacturing and servicing of pumps, agitators, mixers, separation, and purification technologies. The company serves essential industries such as energy, manufacturing, and process industries, positioning itself as a key player in enabling sustainable and efficient industrial operations worldwide. Their website reflects a mature enterprise with comprehensive product and service offerings, strong branding, and a clear focus on sustainability and innovation. Technically, the website employs a modern technology stack including Apache server, Vue.js framework, and integrates multiple third-party analytics and marketing tools such as Google Analytics, Pardot, and Hotjar. The site is hosted with Azure DNS and demonstrates good SEO and mobile optimization practices. However, performance metrics are not explicitly available. From a security perspective, while the site implements several important security headers and content security policies, it critically lacks a valid SSL/TLS certificate and does not support HTTPS, which severely undermines its security posture. This exposes users to potential risks and reduces trustworthiness. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms, aligning with GDPR requirements. Overall, the website is professional and credible but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and improve its security score. Strategic recommendations include immediate SSL certificate installation, enabling modern TLS protocols, and enhancing security header configurations to protect users and maintain trust.

Diamond Aircraft Industries is a leading manufacturer in the General Aviation sector, specializing in the production of safe and efficient single and twin piston aircraft. The company offers a comprehensive range of products and services including aircraft manufacturing, flight school solutions, special mission aircraft, engine manufacturing through Austro Engine, and pilot and maintenance training. Their global presence is supported by a professional website built on TYPO3 CMS and hosted behind Cloudflare DNS services. The website demonstrates strong digital maturity with good design, navigation, and privacy compliance through the use of a consent management platform. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate, serving content over HTTP only, which significantly impacts the security posture. No explicit security or incident response policies are publicly available. Overall, the domain registration is consistent and trustworthy, aligning with the company's business claims.

T

The Jodel Venture GmbH

jodel-app.com

40

Jodel is a technology company operating a hyperlocal community social app designed to connect users instantly with people around them, primarily targeting young professionals and students (Gen Z and Y). The platform offers local tips, news, stories, and a tailored advertising service for brands, HR campaigns, and market research. The website is built on WordPress using Elementor and Elementor Pro, hosted behind Cloudflare CDN. Despite a professional design and good content quality, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Cookie consent is managed via Cookiebot, indicating good privacy compliance practices. However, no explicit contact information or security policies are found on the homepage, limiting direct user engagement and incident response readiness.

Broadcom Inc. is a global leader in technology, specializing in semiconductor products, enterprise software, and security solutions. The website reflects a professional and consistent brand presence targeting enterprise customers and technology professionals. The technical infrastructure leverages modern web technologies such as React and Cloudflare CDN, with extensive use of third-party marketing and analytics tools to support business operations and user engagement. However, the website currently suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of TLS protocol support, which significantly impacts its security posture. While security headers are well configured, the lack of HTTPS undermines user trust and data protection. Privacy compliance is basic, with a cookie consent mechanism present but no visible privacy policy or terms of service. Overall, the site demonstrates good business credibility but requires urgent security improvements to align with best practices.

D

DIETZEL GmbH

dietzel-univolt.com

28

Dietzel Univolt is a medium-sized, independent family-owned manufacturing and distribution company specializing in electrical installation materials and related civil engineering products. With production facilities in Austria, Slovakia, and China, the company serves professional customers internationally, including regional subsidiaries in the UK and Hungary. The website reflects a professional and consistent brand presence with comprehensive product and service information, supporting a strong market position in manufacturing. Technically, the site uses a modern CMS and common web technologies but suffers from critical security shortcomings due to the lack of a valid SSL certificate and HTTPS support, which exposes users to risks. Privacy compliance is well addressed with clear cookie consent and privacy policies, aligning with GDPR requirements. Overall, the site is functional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

R

REICHLUNDPARTNER Werbeagentur

reichlundpartner.com

38

REICHLUNDPARTNER Werbeagentur is a well-established, large full-service advertising agency based in Austria with offices in Linz, Vienna, and Graz. The company offers a broad range of marketing and communication services including advertising, digital marketing, media planning, public relations, social media, event management, and innovative business model development through its Future Thinking division. The agency holds a strong market position supported by numerous industry awards and a large, skilled team. The website reflects a professional and comprehensive digital presence with multilingual support and clear branding. Technically, the site is built on WordPress with modern tools like Google Tag Manager and HubSpot integration, but suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support. This significantly impacts the security posture and user trust. Privacy policies and cookie consent mechanisms are present and appear GDPR compliant. Contact information is clearly provided with multiple channels and physical addresses. Overall, the business credibility and content quality are high, but urgent security improvements are recommended.

Y

Yahoo Inc

maven.net

40

Yahoo Inc. operates a comprehensive corporate website showcasing its position as a global media and technology company with a strong focus on advertising solutions and digital media services. The site highlights key offerings such as Yahoo Ads, Yahoo DSP, and Yahoo Search, targeting advertisers and partners worldwide. The company leverages a modern technical infrastructure including Webflow CMS, AWS hosting, and Cloudflare CDN, supported by Google Tag Manager for analytics and marketing. While the website design and content quality are excellent, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which poses significant risks for data confidentiality and user trust. Privacy policies and terms of service are well documented, reflecting good compliance practices. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS security to align with best practices and protect users.

DiaSorin S.p.A. operates a comprehensive corporate website focused on molecular diagnostics, immunodiagnostics, and licensed technology platforms. The company positions itself as a global leader in laboratory diagnostics, targeting healthcare providers, laboratories, and scientific communities. The website provides extensive product information, corporate governance details, investor relations, and career opportunities, reflecting a mature and professional business presence. Technically, the site is built on Drupal 10 with modern front-end technologies and integrates marketing and analytics tools such as Google Tag Manager and Cookiebot for privacy compliance. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, exposing users to potential risks. Security headers are partially implemented, but the lack of HTTPS significantly lowers the security posture. Privacy policies and cookie consent mechanisms are well implemented, indicating good compliance with GDPR. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

J

Jarltech Europe GmbH

jarltech.com

40

Jarltech Europe GmbH is a well-established specialist distributor in the technology sector, focusing on point-of-sale and automatic identification equipment across Europe. With a mature domain and a broad manufacturer partnership network, it serves a large customer base with premium distribution services. The website is professionally designed, content-rich, and provides comprehensive legal and privacy information, reflecting a strong commitment to GDPR compliance and user privacy. Technically, the site uses Drupal 10 with modern web technologies and integrates reputable analytics and marketing tools, although performance is moderate. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which is a critical risk that should be addressed promptly. Overall, the business demonstrates high credibility and transparency, but the security configuration requires urgent improvement to protect user data and maintain trust.

I

ICMPD

icmpd.org

40

ICMPD is an established international organization focused on migration policy development, capacity building, and research, serving 21 member states with a global project footprint. The website reflects a mature, professional entity with comprehensive content and strong branding consistency. Technically, the site uses modern CMS technology (eZ Platform) and integrates analytics tools like Google Analytics and Matomo, but suffers from poor SSL implementation and lacks critical security headers, impacting its security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the site is functional and content-rich but requires urgent security improvements to protect user data and enhance trust.

M

Munich Business School

munich-business-school.de

25

Munich Business School is a well-established private higher education institution in Germany specializing in international business education. It offers a range of degree programs including Bachelor, Master, MBA, and DBA with a strong emphasis on practical experience, small class sizes, and societal impact. The school holds multiple prestigious accreditations such as AACSB and FIBAA, positioning it as a leading private business school in Germany. Technically, the website is built on TYPO3 CMS and integrates modern marketing and analytics tools like Google Tag Manager and Matomo, along with a consent management platform for GDPR compliance. However, a critical security weakness is the absence of a valid SSL certificate, resulting in no HTTPS availability, which significantly impacts the site's security posture. Privacy policies and cookie consent mechanisms are well implemented, reflecting good compliance practices. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

B

BRANDL TALOS Rechtsanwälte GmbH

btp.at

26

BRANDL TALOS Rechtsanwälte GmbH is a leading Austrian law firm specializing in a broad range of legal services including labor law, compliance, corporate transactions, and regulatory matters. The firm targets business clients seeking expert legal advice to support their commercial success. The website reflects a professional and comprehensive presentation of their services and expertise, positioning them as a trusted partner in the Austrian legal market. Technically, the website is built on WordPress with modern SEO and cookie consent tools, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security shortfall. Security posture is weak due to missing HTTPS and security headers, though no active vulnerabilities or malware were detected. Privacy compliance is strong with a clear GDPR-compliant privacy and cookie policy. Overall, the site is credible and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL implementation, security header deployment, and performance optimization to improve user experience and security.

Z

Zukunftsinstitut GmbH

zukunftsinstitut.de

38

Zukunftsinstitut GmbH is a reputable future research and consulting company based in Germany with a subsidiary in Austria. The company specializes in transforming exclusive trend analyses into actionable strategies and concepts for organizations. Their market position is strong, supported by a professional website, a broad range of services including research, consulting, publishing, keynotes, and conferences, and a solid client base evidenced by displayed client logos. Technically, the website is built on HubSpot CMS, leveraging modern JavaScript libraries and integrates Google Analytics and Tag Manager for marketing and analytics. However, the security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, which poses a critical risk. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

I

ION Group

openlink.com

40

ION Group operates the Openlink commodity management software, a comprehensive front-to-back solution designed for global commodity markets. The platform supports multiple commodity asset classes with advanced risk management, workflow automation, and customization capabilities, targeting large commodity-intensive corporations. The website demonstrates a mature digital presence with professional design, structured content, and extensive integration of analytics and marketing tools. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses risks to data confidentiality and user trust. Privacy compliance is strong, with a clear cookie consent mechanism and GDPR adherence. Overall, the business is well-positioned in the energy and finance sectors with a robust product offering, but should prioritize fixing SSL issues to enhance security and trust.

M

Moodsonic Services Ltd

moodsonic.com

40

Moodsonic Services Ltd operates a professional website focused on intelligent soundscaping solutions for workplaces and healthcare environments. The company leverages generative sound technology and biophilic design principles to enhance occupant well-being and productivity. Their market position is supported by notable clients such as HSBC, GSK, SAP, and Microsoft, and they provide technology, training, and consultancy services primarily targeting commercial and healthcare sectors. The website is well-designed, content-rich, and professionally branded, reflecting a small but focused technology business based in the UK. Technically, the site is built on the Webflow CMS platform, uses Cloudflare for DNS and CDN services, and integrates marketing and analytics tools such as Google Tag Manager, HubSpot, and Apollo.io. The site is mobile-optimized and SEO-friendly but lacks performance metrics data. Security-wise, the site has critical issues including the absence of a valid SSL certificate and no HTTPS enforcement despite having some security headers configured. This significantly lowers the security posture score and poses risks to user data confidentiality. Privacy compliance is partial; a comprehensive privacy policy is present and GDPR compliant, but no cookie policy or consent mechanism is detected. Contact information is limited to forms without direct emails or phone numbers, which may affect user trust and accessibility. Overall, the website is professional and credible but requires urgent security improvements to protect visitors and enhance trust. Strategic recommendations include obtaining and properly configuring SSL/TLS certificates, implementing cookie consent mechanisms, and enhancing contact transparency. These steps will improve security, privacy compliance, and user trust, supporting Moodsonic's growth and reputation in the soundscape technology market.

I

ION Group

reval.com

40

ION Group operates the Reval treasury software platform, a SaaS solution designed to automate and optimize treasury operations for global corporations, financial institutions, and government entities. The platform offers advanced features including real-time cash visibility, machine learning for forecasting and fraud detection, and seamless integration with banking and ERP systems. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. Technically, the site is built on WordPress and leverages modern analytics and marketing tools, hosted behind Cloudflare for performance and security. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and disabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with GDPR-aligned cookie consent mechanisms. Overall, the site demonstrates high business credibility but requires urgent remediation of SSL issues to ensure secure user interactions.

F

Fundermax GmbH

fundermax.at

40

Fundermax GmbH is a large Austrian manufacturer specializing in high-quality wood-based materials and compact laminates used in interior and exterior design applications. The company offers a diverse portfolio including raw chipboard, coated chipboard, laminate panels, compact panels, and biofiber panels, targeting architects, designers, and manufacturers. Their website demonstrates a professional and consistent brand presence with multiple industry certifications and awards, indicating a strong market position. Technically, the site is built on Pimcore CMS with Bootstrap framework and integrates modern tools like Google Tag Manager and Cookiebot for analytics and cookie consent management. However, the website currently lacks a valid SSL certificate, which significantly impacts its security posture. While security headers are present, the absence of a valid HTTPS setup and explicit security or incident response policies are notable gaps. Privacy compliance is well addressed with clear privacy and cookie policies, including GDPR compliance indicators. Overall, the site is professional and trustworthy but requires urgent attention to its SSL configuration and security policy transparency to enhance its security posture and user trust.

V

Vaillant

vaillant-group.com

40

Vaillant Group is a globally recognized leader in the energy sector, specializing in climate-friendly heating, cooling, and hot water solutions including heat pumps and gas condensing boilers. The company operates in over 60 countries with a workforce of approximately 16,000 employees, emphasizing sustainability and digital services. The website reflects a mature and professional business with consistent branding and comprehensive content tailored to customers, partners, and potential employees. Technically, the site leverages modern JavaScript libraries, lazy loading, and CDN hosting via Amazon S3 and CloudFront, with a CMS likely based on e-Spirit. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are present and GDPR compliant, and the site integrates Google Tag Manager for analytics and Consentmanager.net for consent management. Overall, the site is well-structured and user-friendly but requires urgent security improvements.

V

Vaillant Group Austria GmbH

vaillant.at

40

Vaillant Group Austria GmbH operates a comprehensive website focused on heating solutions including heat pumps, gas heating, photovoltaic systems, and smart home technologies targeted at private customers in Austria. The company is a well-established player with over 150 years of history and a dense service network, positioning itself as a market leader in the energy sector. The website provides detailed product information, customer testimonials, and service offerings, reflecting a mature business model with strong customer engagement. Technically, the site uses modern JavaScript libraries and marketing tools such as Optimizely and Google Tag Manager, with good mobile optimization and SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Security headers are well implemented, but the lack of TLS protocols and OCSP stapling reduces the overall security posture. Privacy compliance is strong with GDPR-aligned policies and consent mechanisms in place. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to meet modern security standards.

B

Braintrust

braintrustlv.com

36

Braintrust is a minority-owned integrated marketing and creative agency with a 17-year track record, offering services including branding strategy, creative development, digital marketing, web development, social media, and public relations. The company targets businesses seeking comprehensive marketing solutions and operates offices in multiple US cities. The website reflects a professional and consistent brand image with rich multimedia content and clear navigation. Technically, the site is built on WordPress, hosted on WP Engine with Cloudflare CDN, and uses modern JavaScript libraries and SEO plugins. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site demonstrates good business credibility but requires urgent security improvements.

W

Wismo Automotive A/S

peugeot.dk

40

Peugeot.dk is the official Danish website for Peugeot vehicles, operated by Wismo Automotive A/S, a medium-sized company under the Stellantis group. The site offers comprehensive information on passenger and commercial vehicles, including electric and hybrid models, leasing options, after-sales services, and digital tools such as a vehicle configurator and test drive booking. The website targets Danish consumers and businesses interested in Peugeot's automotive offerings. Technically, the site is built on Adobe Experience Manager with modern web technologies and integrates Google Analytics and Adobe marketing tools for data collection and user tracking. However, the site currently lacks a valid SSL certificate, which significantly impacts its security posture. While security headers like HSTS and X-Content-Type-Options are present, their configurations are suboptimal. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional, well-branded, and trustworthy but requires urgent attention to SSL certificate renewal and enhanced security configurations to improve user trust and data protection.

S

St. Gilgen International School

stgis.at

40

St. Gilgen International School is a private international educational institution located in Austria, offering the International Baccalaureate curriculum with a focus on personalized education and a nurturing environment. The school targets families seeking high-quality international education in a scenic Alpine setting. Technically, the website is built on WordPress with Elementor and various plugins, hosted on WP Engine and protected by Cloudflare. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap. Privacy and cookie policies are well implemented, and the site includes multiple contact methods and trust indicators such as accreditations and certifications. Overall, the website is professionally designed and content-rich but requires urgent security improvements to protect user data and enhance trust.

W

WOLFGANG DENZEL AUTO AG

denzel.at

39

Wolfgang Denzel Auto AG operates a comprehensive automotive retail website offering new and used vehicles, financing, insurance, and service packages primarily targeting car buyers in Austria. The company maintains a strong market position with multiple automotive brands and electric mobility solutions. Technically, the website is built on Drupal 10, leveraging modern web technologies and third-party marketing and analytics tools, but lacks a valid SSL certificate, which significantly impacts security posture. Security headers are well configured, but the absence of HTTPS and modern TLS protocols is a critical vulnerability. Privacy and cookie policies are present and GDPR compliant, enhancing user trust. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and maintain credibility.

Cegeka is a well-established European IT services company with over 30 years of experience, offering a broad portfolio of IT solutions including cloud transformation, cybersecurity, software development, and managed services. The website is professionally designed, content-rich, and targets enterprise clients across multiple industries such as finance, manufacturing, telecommunications, and energy. Technically, the site is built on HubSpot CMS using modern web technologies like Lit and Splide.js, but suffers from critical security issues due to an invalid or missing SSL certificate and lack of TLS protocol support. Security headers are present but insufficient to compensate for the lack of HTTPS. Privacy policies and cookie statements are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site demonstrates strong business credibility and marketing maturity but requires urgent security improvements to protect user data and trust.

P

PULSE ELECTRONICS

egston.com

27

Pulse Electronics, part of the YAGEO Group, is a medium-sized manufacturer and supplier of electronic components including power supplies, inductive components, and cable systems. The company targets B2B customers primarily in the energy and electronics sectors with a global presence and multiple locations. The website is professionally designed using WordPress and the Divi theme, with good content quality and clear navigation in German and English. Technical infrastructure includes modern CMS plugins and Google Tag Manager for analytics, but performance data is lacking. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, exposing the site to risks. Privacy compliance is strong with comprehensive GDPR-aligned privacy and cookie policies and consent mechanisms. Contact information is available via phone and contact form, but no direct emails are publicly listed. Overall, the site is trustworthy but requires urgent security improvements.

E

EKE-Yhtiöt

eke.fi

35

EKE-Yhtiöt is a Finnish company specializing in real estate development and leasing, as well as advanced train information systems technology. The company holds a strong market position as a world-leading supplier in the transportation technology sector and a reputable real estate developer in Finland. Their website reflects a medium-sized enterprise with a clear business model focused on residential and commercial property development alongside technology innovation. The site supports multiple languages, indicating an international target audience. Technically, the website is built on WordPress with modern SEO tools and consent management but suffers from slow performance and lacks HTTPS security, which is a critical concern. Security posture is weak due to the absence of a valid SSL certificate, no security headers, and no advanced TLS protocols, exposing users to potential risks. Privacy compliance is well addressed with a comprehensive cookie policy and consent mechanism. Overall, the website is professional but requires urgent security improvements to protect user data and enhance trust.

Y

Yara International ASA

yara.com

26

Yara International ASA is a global leader in crop nutrition, ammonia, and industrial nitrogen solutions, with a strong focus on sustainability and decarbonization of food and energy-intensive industries. The website presents comprehensive business information, targeting farmers, industrial clients, investors, and job seekers, reflecting a mature and enterprise-level business model. Technically, the site uses modern JavaScript libraries, Google Tag Manager, Azure Application Insights, and Cloudflare CDN, indicating a robust digital infrastructure. However, a critical security weakness is the invalid SSL certificate and lack of TLS protocol support, which severely impacts the security posture. The site implements good security headers and GDPR-compliant cookie consent mechanisms, showing awareness of privacy and security best practices. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

BE Semiconductor Industries N.V. (Besi) is a leading technology company specializing in the development and manufacturing of advanced semiconductor assembly equipment and processes. Their product portfolio includes solutions for die attach, packaging, plating, and cleaning, serving diverse markets such as electronics, automotive, industrial, and renewable energy sectors. The website reflects a mature business with a strong investor relations presence and comprehensive corporate governance disclosures, indicating a well-established market position. Technically, the website is built on the TYPO3 CMS platform, utilizing jQuery and Google Tag Manager for analytics and tracking. While the site has a professional design and clear navigation, it lacks a valid SSL certificate, which significantly impacts its security posture. The absence of HTTPS and modern TLS protocols exposes the site to potential risks and undermines user trust. Additionally, no cookie consent mechanism or detailed privacy compliance features are present, which may pose compliance challenges. From a security perspective, the site implements several security headers and restricts device permissions, but the invalid SSL configuration and lack of session resumption or OCSP stapling reduce overall security effectiveness. No incident response or vulnerability disclosure policies are publicly available, limiting transparency in security management. Overall, the website demonstrates solid business credibility and content quality but requires urgent improvements in security infrastructure and privacy compliance to enhance trustworthiness and protect user data effectively.

S

Siblik Elektrik GmbH & Co. KG

siblik.com

39

Siblik Elektrik GmbH & Co. KG is a medium-sized Austrian company specializing in electrical and building technology solutions, including smart home products and professional training. The company maintains a professional and content-rich website powered by TYPO3 CMS, targeting electrical contractors and end customers in Austria. Their market position is supported by multiple physical locations and a consistent brand presence. Technically, the website uses modern web technologies and integrates analytics and marketing tools, but lacks HTTPS security, which is a critical vulnerability. The security posture is weak due to the absence of SSL/TLS and related security headers, exposing users to potential risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

T

techbold technology group AG

semizen.com

33

techbold technology group AG is a well-established IT service provider based in Austria, specializing in secure IT systems and digital strategies for small and medium-sized enterprises (SMEs). With over 25 years of domain maturity and a large team of 170 IT specialists, techbold offers a comprehensive range of services including IT security, consulting, managed services, and hardware solutions. The company holds multiple certifications and partnerships with leading technology vendors, reinforcing its market position as a trusted partner for the Austrian SME sector. Technically, the website is built on WordPress with the Avada theme and integrates modern tools such as Google Tag Manager, Borlabs Cookie for consent management, and PixelYourSite for tracking. The site is well-optimized for performance and mobile responsiveness, providing a professional user experience. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. From a security perspective, while several security headers are properly configured, the lack of HTTPS and modern TLS protocols exposes the site to potential risks. The company demonstrates good privacy compliance with clear privacy and cookie policies and consent mechanisms. Business credibility is strong, supported by detailed contact information, certifications, and positive customer satisfaction indicators. Overall, techbold presents a professional and trustworthy online presence with excellent content and business information. The primary recommendation is to urgently implement a valid SSL certificate and enable HTTPS to enhance security and user trust.

D

DeepOcean

deepoceangroup.com

40

DeepOcean is a leading ocean services provider specializing in accelerating sustainable use of ocean resources. The company operates across multiple sectors including renewables, oil and gas, and ocean minerals, offering full lifecycle services such as survey, project management, engineering, maintenance, and recycling. With a strong emphasis on digitalization and remote operations, DeepOcean positions itself as a technology-driven leader in the energy transition space. The website reflects a professional and consistent brand image targeting industry stakeholders, investors, and potential employees. Technically, the website is built on the Webflow platform, leveraging modern web technologies including jQuery, Google Tag Manager, and Cookiebot for consent management. Hosting and CDN services are provided via Cloudflare and Webflow. While the site demonstrates good design quality, mobile optimization, and SEO practices, performance metrics are unavailable. Accessibility is basic but present. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. Although some security headers are present, the absence of TLS protocols and cipher suites severely undermines the security posture. Cookie consent mechanisms are implemented, and privacy policies are comprehensive and GDPR compliant. However, incident response and vulnerability disclosure information are missing. Overall, the website is credible and professionally maintained but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL deployment, enhanced security header configurations, and the addition of incident response contacts to strengthen the security culture and compliance posture.