Security Directory

P

Pierre Fabre Laboratories

pierre-fabre.com

40

Pierre Fabre Laboratories is a well-established French pharmaceutical and dermocosmetics group with a global presence and a strong portfolio of brands. The company focuses on developing innovative healthcare and beauty solutions inspired by patients and consumers. Their website reflects a mature digital presence with comprehensive content, multilingual support, and clear business information. However, the technical infrastructure shows weaknesses, particularly in security, as the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical issue for user trust and data protection. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism implemented via OneTrust. Overall, the website is professional and trustworthy but requires urgent security improvements to meet modern standards.

Ö

ÖAMTC - Österreichischer Automobil-, Motorrad- und Touring Club

oeamtc.at

40

ÖAMTC is a large, well-established Austrian automobile and touring club serving over 2 million members. The organization provides a wide range of services including roadside assistance, insurance, travel planning, and member benefits. The website reflects a strong brand presence with comprehensive content and multimedia offerings targeting motorists and travelers in Austria. Technically, the site uses modern technologies such as nginx, RequireJS, JW Player, and integrates with multiple third-party services for analytics and advertising. However, a critical security issue is the lack of a valid SSL certificate and absence of HTTPS support, which significantly impacts the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with a consent management platform in place. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL configuration to ensure secure user interactions.

E

EV Group (EVG)

evgroup.com

39

EV Group (EVG) is a well-established company specializing in semiconductor manufacturing equipment and process solutions, including wafer bonding, lithography, and metrology. The company targets semiconductor manufacturers and related industries, positioning itself as a leading supplier with a global presence. The website reflects a professional and comprehensive digital presence with multilingual support and detailed product and technology information. Technically, the site is built on TYPO3 CMS and uses modern tools like Cookiebot and Google Tag Manager, but lacks a valid SSL certificate, which is a significant security concern. Security headers are partially implemented, but the absence of HTTPS and TLS protocols severely impacts the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website is professional and credible but requires urgent security improvements to protect user data and maintain trust.

V

voestalpine AG

voestalpine.com

40

voestalpine AG is a globally leading steel and technology group with a strong market position in manufacturing and industrial sectors such as automotive, aerospace, energy, and railway systems. The company operates worldwide with a large enterprise footprint and emphasizes sustainability and innovation through initiatives like the greentec steel program. The website reflects a mature digital presence with multilingual support, comprehensive corporate and investor information, and active social media engagement. Technically, the site uses modern tools including Usercentrics for consent management and JW Player for media, hosted on AWS CloudFront CDN. However, a critical security weakness is the invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is clearly provided, though no direct company emails are visible. Overall, the site is professional and trustworthy but requires urgent SSL and TLS remediation to ensure secure user interactions.

H

Hotel Restaurant Höldrichsmühle

hoeldrichsmuehle.at

23

Hotel Restaurant Höldrichsmühle is a historic hospitality business located in Hinterbrühl, Austria, offering hotel accommodation, restaurant services, seminar facilities, wedding venues, and equestrian activities. The business targets tourists, local visitors, and corporate clients seeking event spaces near Vienna. The website is built on WordPress with modern plugins and SEO optimizations, providing a good user experience and clear navigation. However, the absence of a valid SSL certificate is a critical security flaw that undermines user trust and data protection. The site implements cookie consent mechanisms and displays contact information prominently, but lacks advanced security policies and incident response contacts. Overall, the business appears legitimate and well-established, but the website's security posture requires urgent improvement to meet modern standards.

G

Getzner Werkstoffe GmbH

getzner.com

27

Getzner Werkstoffe GmbH is a well-established company specializing in vibration isolation solutions for the railway, construction, and industrial sectors. With over 50 years of expertise, the company manufactures innovative polyurethane elastomers and elastic modules that reduce noise and vibrations, enhancing product longevity and application suitability. The website reflects a strong market position with comprehensive product and service information targeting construction professionals, urban developers, and industrial clients. Technically, the website employs modern tools such as Google Tag Manager and Matomo Analytics, indicating a mature digital infrastructure. However, the absence of a valid SSL/TLS certificate and minimal security headers represent significant security vulnerabilities. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Security posture is currently weak due to lack of HTTPS and related best practices, exposing users to potential risks. WHOIS data confirms the domain's legitimacy and long-term registration, supporting business credibility. Overall, the website is professional and content-rich but requires urgent security improvements to protect users and enhance trust.

T

Trayport Limited

visotech.at

35

Trayport Limited operates a comprehensive energy trading platform connecting traders, brokers, and exchanges globally, with a strong focus on power, gas, and carbon markets. Their flagship product, Joule, offers extensive market access and analytics, positioning them as a key player in the energy trading software sector. The website reflects a mature digital presence with rich content and clear navigation tailored to energy market participants. Technically, the site leverages modern web technologies including WordPress, Alpine.js, and Mapbox for interactive features, but lacks HTTPS support, which is a critical security shortfall. Security posture is weak due to the absence of SSL/TLS and security headers, exposing users to potential risks. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the business appears legitimate and professionally presented, but urgent improvements in security infrastructure are recommended.

N

NTS

nts.eu

29

NTS is a well-established IT services and solutions provider based in Austria, specializing in network infrastructure, security, data center, collaboration, cloud services, and artificial intelligence platforms. The company targets businesses and organizations seeking comprehensive digital transformation and managed services. Their market position is strong regionally with a broad portfolio of key services and a consistent brand presence. Technically, the website is built on WordPress with modern plugins and tracking tools, but suffers from critical security shortcomings due to the lack of a valid SSL certificate and disabled TLS protocols. Security headers are well implemented, but the absence of HTTPS significantly undermines the security posture. Privacy compliance is robust with clear cookie and privacy policies and consent mechanisms. Overall, the website is professional and content-rich, but the lack of HTTPS is a critical risk that must be addressed immediately.

ams-OSRAM AG is a global leader in innovative light and sensor solutions, offering a broad portfolio including high-performance LEDs, lasers, mixed-signal analog ICs, and sensors tailored for automotive, industrial, medical, and consumer applications. The company positions itself as a technology innovator with a strong focus on quality and customer engagement, supported by comprehensive investor relations and sustainability initiatives. The website reflects a mature digital presence with modern frameworks and a professional design, targeting B2B customers and industry partners worldwide. However, the absence of a valid SSL certificate is a critical security gap that undermines trust and secure communications. Privacy compliance is well addressed with clear policies and consent management mechanisms. Overall, the company demonstrates strong business credibility and digital maturity but must urgently address its SSL/TLS configuration to enhance security posture.

Ö

Öresundskraft AB

oresundskraft.se

35

Öresundskraft AB is a well-established Swedish energy company with over 160 years of history, providing a broad range of energy and communication services including electricity, district heating, gas, fiber internet, solar cells, battery solutions, and electric vehicle charging. The company targets both private consumers and businesses, positioning itself as a regional leader in sustainable and renewable energy solutions. The website reflects a professional and comprehensive digital presence with clear navigation, rich content, and strong branding consistency. Technically, the site is built on ASP.NET MVC hosted on Microsoft Azure, utilizing modern marketing and analytics tools such as Usercentrics CMP, Weglot for translations, Google Tag Manager, and Microsoft Application Insights. Accessibility and mobile optimization are well addressed. However, a critical security weakness is the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly undermines user security and trust. Privacy compliance is strong with clear GDPR and cookie policies and consent mechanisms. Business credibility is high with transparent contact information and active social media engagement. Strategic recommendations include immediate implementation of HTTPS, enhancement of security headers, and publication of security policies and incident response information to improve overall security posture and trust.

S

Staticus

staticus.com

30

Staticus is a well-established full-service façade engineering company specializing in the design, production, installation, and maintenance of unitised façade solutions primarily serving the Northern Europe market. With over 18 years of domain maturity and a large market presence, the company positions itself as one of the largest façade contractors in the region, targeting architects, construction firms, and real estate developers. Their business model emphasizes sustainability and collaborative project delivery. Technically, the website is built on WordPress with common plugins such as Yoast SEO and WP Rocket, and integrates marketing and analytics tools like Google Tag Manager, Facebook Pixel, and MailerLite. However, the site suffers from slow load times and lacks modern security configurations, notably missing HTTPS support and security headers, which significantly impacts its security posture. From a security perspective, the absence of SSL/TLS encryption is a critical vulnerability, exposing users to potential data interception risks. While privacy policies and cookie consent mechanisms are properly implemented, the lack of incident response contacts and vulnerability disclosure policies indicates room for improvement in security governance. Overall, Staticus presents a professional and credible business front with strong content and branding, but urgent security enhancements are necessary to protect user data and improve trustworthiness. Strategic recommendations include immediate SSL deployment, security header implementation, and performance optimization to align with best practices and compliance requirements.

S

SKS365

sks365.com

28

SKS365 is a medium-sized, Italy-based omnichannel sports betting and gaming operator, positioned as a leading player in the Italian market. The company offers a broad range of betting and gaming services including sports betting, virtual sports, and online casino games. The website reflects a professional corporate presence with consistent branding and a focus on compliance and responsible gaming. Technically, the site is built on WordPress and hosted on Microsoft Azure, utilizing common web technologies such as jQuery and Google Tag Manager. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. Privacy compliance is partially addressed with a comprehensive privacy policy, but cookie consent mechanisms are missing. No direct contact information such as emails or phone numbers are visible, which may affect user engagement and trust. Overall, the site is functional but requires significant security improvements to meet modern standards.

Pilz GmbH & Co. KG operates an international website focused on providing comprehensive automation technology solutions, emphasizing safety and industrial security. The company targets industrial automation professionals and machine builders, offering components, systems, and services to ensure safe automation worldwide. The website is professionally designed with clear navigation and multilingual support, reflecting a strong market position in manufacturing and technology sectors. Technically, the site uses modern JavaScript frameworks, Google Tag Manager, and Cookiebot for consent management, but suffers from critical SSL/TLS misconfigurations that undermine its security posture. Security headers are well implemented, but the lack of a valid SSL certificate and disabled TLS protocols significantly reduce the site's security score. Privacy compliance is robust, with clear privacy and cookie policies and consent mechanisms in place. Business credibility is high, supported by detailed contact information, social media presence, and consistent branding. Overall, the site is functional and professional but requires urgent remediation of its SSL/TLS issues to improve security and trust.

Confidex is a mature and reputable company specializing in RFID, NFC, and BLE solutions for industries, logistics, and mobility sectors. Recently acquired by Beontag, a global leader in graphic and label materials and RFID technology, Confidex strengthens its global presence and service localization. The website reflects a professional and comprehensive digital presence with strong branding and relevant content targeting industrial and supply chain customers. Technically, the site uses modern frameworks like Next.js and React, hosted on AWS CloudFront, with good SEO and accessibility practices. However, the lack of a valid SSL certificate and HTTPS support is a critical security gap that significantly impacts the overall security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The domain registration data confirms the legitimacy and maturity of the business. Strategic improvements in SSL/TLS configuration and incident response readiness are recommended to enhance trust and security.

V

VDEL

vdel.com

31

VDEL is an established software company founded in 1993, specializing in customized software solutions including document and process management, blockchain, big data, and AI. The company operates internationally with subsidiaries in Belgrade and Katowice and serves businesses seeking integrated IT solutions. Their business model includes distribution and multilingual support, leveraging partnerships such as Software United. Technically, the website uses Bitrix CMS with common web technologies and Google Tag Manager for analytics. However, the absence of a valid SSL certificate and lack of privacy and cookie policies indicate significant security and compliance gaps. The security posture is weak due to missing HTTPS and security policies, exposing users to risks. Overall, the website is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

R

Regionalmedien Austria AG

regionalmedien.at

32

Regionalmedien Austria AG is a leading Austrian regional media company with a broad portfolio of digital and print products, including well-known brands such as MeinBezirk.at and BezirksBlätter. The company focuses on local and regional news coverage, serving communities across all Austrian states. Their business model centers on media publishing and advertising services, positioning themselves as innovation drivers in the regional media market. The website reflects a mature digital presence with professional design, structured data, and comprehensive content tailored to their target audience of regional readers and businesses. Technically, the site is built on WordPress with modern plugins like Yoast SEO and Cookiebot, but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Security posture is basic with no advanced headers or incident response information. Privacy compliance is good, with clear privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and professional but requires urgent security improvements to meet modern standards.

Reckitt Benckiser Group PLC operates a global portfolio of trusted hygiene, health, and nutrition brands, serving millions of consumers worldwide. The company emphasizes scientific expertise and consumer understanding to deliver products that improve lives, with a strong market position supported by well-known brands such as Dettol, Lysol, and Durex. The website reflects a mature digital presence built on modern technologies like React and Gatsby, with good SEO and accessibility practices. However, a critical security gap exists as the site lacks HTTPS, exposing users to potential risks. Privacy and cookie policies are well implemented, indicating compliance with GDPR and other regulations. Overall, Reckitt's online presence is professional and credible but requires urgent security improvements to protect user data and maintain trust.

Glashütte Original is a prestigious German luxury watch manufacturer with a rich history dating back to 1845. The company operates under the Swatch Group umbrella and offers a range of technically sophisticated and iconic watch collections targeting discerning luxury consumers globally. The website reflects a mature digital presence with multilingual support, comprehensive product and brand information, and integrated e-commerce and customer service functionalities. Technically, the site is built on WordPress with WooCommerce and leverages modern JavaScript libraries and tracking technologies. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which undermines user trust and data security. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Overall, the business demonstrates strong credibility and branding but must urgently address its SSL/TLS configuration to improve security posture and user confidence.

A

Anton Paar

anton-paar.com

40

Anton Paar is a globally recognized manufacturer of high-quality analytical and measuring instruments serving research and industrial sectors. The company holds a strong market position as a leader in density, concentration, CO2 measurement, and rheometry. Their website reflects a mature digital presence built on TYPO3 CMS, featuring comprehensive product information, regional office contacts, and support services. However, the absence of a valid SSL certificate and HTTPS implementation significantly weakens their security posture, exposing users to potential risks. The site employs modern analytics and marketing tools with appropriate privacy and cookie consent mechanisms, demonstrating good compliance with GDPR and user privacy standards. Strategic improvements in SSL/TLS deployment and security headers would enhance trust and security.

E

Evon Technologies

evontech.com

40

Evon Technologies Pvt. Ltd. is a well-established software development company based in India, with over 17 years of experience serving a global clientele. The company offers a broad range of services including custom web and app development, AI and machine learning solutions, cloud consulting, ERP/CRM implementations, and staff augmentation. Their market position is strengthened by certifications such as CMMI Level 5 and ISO 27001:2022, and a diverse client portfolio featuring technology heavyweights and startups. Technically, the website is built on Joomla CMS, hosted likely on AWS infrastructure, and integrates modern marketing and analytics tools. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security gap. Privacy and cookie policies are present with consent mechanisms, supporting basic GDPR compliance. Contact information is comprehensive and accessible via multiple channels.

T

Thommen Medical AG

thommenmedical.com

30

Thommen Medical AG is a Swiss-based manufacturer specializing in dental implantology products with over 35 years of clinical experience. The company offers a comprehensive range of dental implants, prosthetics, instruments, and digital workflow products, targeting dental professionals and patients globally. Their market position is strong within the healthcare manufacturing sector, emphasizing Swiss precision and innovation. The website is professionally designed, content-rich, and well-structured, supporting their business model of manufacturing and distribution alongside educational services and scientific collaboration. Technically, the site is built on TYPO3 CMS with modern frontend technologies and integrates multiple analytics and marketing tools. However, a critical security weakness exists due to the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the site's security posture. Privacy policies and cookie consent mechanisms are present and GDPR compliant, enhancing user trust. Contact information is comprehensive and clearly presented, supporting business credibility. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

ERGO Versicherung Aktiengesellschaft operates the website das.at, providing legal protection insurance products under the D.A.S. Rechtsschutz brand in Austria. The company is a market leader with a strong reputation, offering services to private individuals, self-employed, and businesses. The website is professionally designed, content-rich, and targets Austrian customers with comprehensive insurance solutions and customer support channels. Technically, the site is built on TYPO3 CMS with modern web technologies and integrates multiple marketing and analytics tools. However, the absence of a valid SSL certificate and HTTPS support significantly weakens the security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. WHOIS data confirms the domain's legitimacy and alignment with the ERGO group. Overall, the website is credible and professional but requires urgent security improvements to protect user data and trust.

Schrack Technik GmbH is a well-established Austrian company founded in 1920, specializing in the distribution and provision of electrical products and solutions across energy technology, building technology, industrial applications, networking, and lighting. The company operates a comprehensive online shop and physical stores, targeting electricians and industrial clients primarily in Austria and Central/Eastern Europe. Their market position is strong, supported by a broad product portfolio and personal customer service. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates a consent management platform for privacy compliance. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy and cookie policies are well implemented, and the site shows good business credibility with ISO certification and trust marks. Overall, the website is professional and content-rich but requires urgent security improvements.

D

delfortgroup AG

delfortgroup.com

40

delfortgroup AG is a mature, enterprise-level global manufacturer specializing in specialty and functional papers, serving industries such as packaging, tobacco, battery separators, and more. The company emphasizes sustainability and innovation, supported by a comprehensive digital presence including detailed product catalogs, sustainability reports, and career opportunities. Technically, the website is built on a modern WordPress CMS with Elementor and Yoast SEO, leveraging various JavaScript libraries and Google Tag Manager for analytics. However, the absence of a valid SSL certificate and lack of HTTPS enforcement represent critical security weaknesses. Security headers are present but insufficient without proper TLS configuration. The domain is well-established with consistent WHOIS data, supporting business legitimacy. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

B

BearingPoint

bearingpoint.com

40

BearingPoint is a global management and technology consultancy with European roots, operating in over 70 countries with 13,000 employees. The company offers a broad range of consulting services, products, and capital advisory, targeting enterprises across multiple industries including technology, finance, manufacturing, and government sectors. The website reflects a mature digital presence with professional design, comprehensive content, and clear navigation tailored to enterprise clients. Technically, the site uses Apache server technology, modern JavaScript frameworks, and cookie consent management tools, but lacks a valid SSL certificate and has disabled TLS protocols, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy and professional but requires urgent security improvements to enable HTTPS and modern TLS protocols.

A

Avanade Inc.

avanade.com

40

Avanade Inc. is a leading global provider of cloud, AI, and advisory services focused on the Microsoft ecosystem. With over 25 years of experience and a strong market position as the world’s leading Microsoft expert, Avanade serves enterprise clients across multiple industries including technology, energy, banking, healthcare, government, and retail. The company operates globally with headquarters in the United States, Europe, and Asia, and is a subsidiary of Accenture. Their business model centers on delivering advisory, managed services, and integrated Microsoft technology solutions to help organizations unlock digital transformation and sustainability goals. Technically, Avanade’s website leverages modern frameworks such as Next.js and Sitecore CMS, hosted on Vercel and integrated with marketing and analytics tools like Adobe Launch, Google Tag Manager, and OneTrust for consent management. The site is well-designed, mobile-optimized, and rich in content, providing a professional user experience with clear navigation and comprehensive business information. From a security perspective, the website currently suffers from critical issues including the absence of a valid SSL certificate and lack of TLS protocol support, severely impacting its security posture. While security headers such as Content-Security-Policy and HSTS are present, they are not fully hardened. The presence of a vulnerability disclosure page and detailed privacy and cookie policies indicate a mature approach to compliance and security awareness, but the lack of HTTPS is a major risk. Overall, the website is highly credible and professional but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and maintain trust. Strategic improvements in security practices and continued adherence to privacy compliance will strengthen Avanade’s digital presence and risk posture.

S

SER Solutions Deutschland GmbH

ser.de

40

SER Solutions Deutschland GmbH is a well-established enterprise content management (ECM) software provider based in Germany, with over 35 years of experience. The company is recognized as a leader in the ECM market, evidenced by its inclusion in Gartner's Magic Quadrant and IDC MarketScape reports. Their core offerings include intelligent content automation, document management, process automation, and collaboration tools, targeting large enterprises and organizations undergoing digital transformation. The website reflects a mature digital presence with comprehensive content, multiple language support, and strong branding consistency. Technically, the website is built on the Contao CMS platform, hosted on Ubuntu servers with Amazon CloudFront CDN for content delivery. It employs modern marketing and analytics tools such as Google Tag Manager, Visual Website Optimizer, and Usercentrics for consent management. The site is mobile-optimized and accessible, with good SEO practices. However, a critical security gap exists due to the absence of a valid SSL certificate and lack of HTTPS enforcement, which severely impacts the security posture. Security headers are properly configured, but the lack of TLS protocols and valid certificates exposes the site to risks and undermines user trust. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, while the business and content quality are excellent, urgent remediation of SSL/TLS issues is necessary to improve security and trustworthiness.

G

Gewista

gewista.at

34

Gewista is a leading Austrian media company specializing in Out-of-Home advertising, operating under the majority ownership of global market leader JCDecaux. The company offers a broad portfolio of advertising media including traditional billboards, street furniture, and transport media, with a strong focus on digital innovation and public value initiatives. The website reflects a mature digital presence built on Drupal 10, leveraging modern JavaScript libraries and CDN hosting. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. Additionally, a subdomain takeover vulnerability was identified, posing a risk to brand reputation and security. Privacy and cookie policies are comprehensive and GDPR compliant, supporting good privacy practices. Overall, the site demonstrates good business credibility and content quality but requires urgent security improvements to meet modern standards.

M

MPREIS

mpreis.at

39

MPREIS is a well-established Austrian supermarket chain offering a broad range of grocery and related products both in physical stores and online. The website reflects a mature digital presence with detailed product catalogs, recipe inspirations, and a focus on regional and organic products. The company maintains active social media channels and provides comprehensive privacy and cookie policies with consent management, indicating good privacy awareness. Technically, the site uses modern JavaScript frameworks such as Vue.js and integrates advanced marketing and search tools like Bloomreach and Algolia. However, the absence of a valid SSL certificate and lack of HTTPS support represent significant security shortcomings, exposing users to potential risks. Security headers are partially implemented, but critical TLS protocols and cipher suites are missing, reducing the overall security posture. The domain registration and hosting are consistent with the business claims, registered under A1 Telekom Austria AG, a reputable provider. No WAF or security challenge blocks access, allowing full content analysis. Privacy compliance is strong, but the lack of incident response and security policy pages suggests room for improvement in security governance. Overall, MPREIS demonstrates strong business credibility and digital maturity but must urgently address its SSL/TLS configuration to protect users and enhance trust. Strategic security enhancements and continuous compliance monitoring are recommended to maintain its market position and customer confidence.

G

Gesundheitscampus Wesel

evkwesel.de

24

Gesundheitscampus Wesel operates a regional healthcare campus in Germany offering integrated medical, nursing, therapy, and palliative care services. The website is built on TYPO3 CMS and provides comprehensive information about its multiple healthcare divisions, targeting patients and healthcare consumers in the Wesel region. The digital infrastructure includes standard web technologies and Google Analytics for visitor tracking. However, the site lacks a valid SSL certificate, serving content over HTTP only, which is a significant security concern. The cookie consent mechanism is implemented and GDPR compliant, but no explicit security or incident response policies are published. Overall, the website is professionally designed with good navigation and content relevance but requires urgent improvements in security posture to protect user data and enhance trust.

F

FHV - Vorarlberg University of Applied Sciences

fhv.at

40

FHV - Vorarlberg University of Applied Sciences is a medium-sized educational institution based in Austria, offering a wide range of Bachelor and Master programs across technical, economic, design, and social-health disciplines. The institution emphasizes applied research and international cooperation, positioning itself as a leading university of applied sciences in the Bodenseeraum region. The website is professionally designed, content-rich, and well-structured, targeting prospective students, researchers, and academic partners. Technically, the site uses modern CMS Pimcore and Vue.js frontend framework, with Google Tag Manager for analytics and Cookiebot for consent management. However, a critical security gap exists as the site lacks a valid SSL certificate and HTTPS support, despite having security headers and HSTS configured. This exposes users to potential risks and undermines trust. Contact information is clearly provided, and privacy policies comply with GDPR standards. Overall, the site demonstrates strong business credibility and digital maturity but requires urgent remediation of its SSL/TLS configuration to improve security posture and user trust.

Ö

Österreichische Lotterien GmbH

lotterien.at

38

Österreichische Lotterien GmbH operates as the official national lottery provider in Austria, offering a wide range of lottery games, including Lotto 6 aus 45, EuroMillionen, and various scratch cards. The website serves as a comprehensive platform for game participation, result checking, and customer engagement, targeting Austrian lottery players and stakeholders. The company holds a strong market position as a government-associated entity with multiple subsidiaries in the gaming sector. Technically, the website is built on TYPO3 CMS and integrates modern analytics and consent management tools, demonstrating a mature digital infrastructure. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to potential risks. Despite this, the site implements several security headers and maintains a responsible disclosure page, reflecting a commitment to security awareness. Overall, the website is professional and content-rich but requires urgent improvements in SSL/TLS configuration to meet modern security standards.

F

Frequentis

frequentis.com

40

Frequentis is a well-established company specializing in safety-critical communication and information solutions with over 75 years of market presence. The company serves key sectors including civil aviation, defence, public safety, maritime, and public transportation, positioning itself as a leader with a strong focus on innovation and user-centric design. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation tailored to government agencies and large organizations. Technically, the site is built on Drupal 10 with modern libraries and integrates multiple marketing and analytics tools. However, the absence of a valid SSL/TLS certificate and HTTPS support is a significant security gap, impacting the overall security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Overall, the site demonstrates high business credibility but requires urgent security improvements to align with best practices.

V

VIER PFOTEN International – gemeinnützige Privatstiftung

four-paws.org

36

FOUR PAWS International is a globally recognized non-profit animal welfare organization dedicated to protecting animals under human influence. The organization operates multiple country offices and campaigns worldwide, focusing on rescue missions, veterinary care, sterilization of stray animals, and advocacy against animal cruelty. Their website reflects a professional and comprehensive digital presence, targeting animal welfare supporters, donors, and volunteers. Technically, the site is built on the Neos CMS platform using the Flow PHP framework, incorporating modern JavaScript libraries such as Splide.js and Google Tag Manager for analytics and marketing. However, a critical security weakness is the absence of a valid SSL certificate and lack of TLS protocol support, which significantly undermines the site's security posture. Privacy and cookie policies are well implemented and GDPR compliant, enhancing user trust. Overall, the site demonstrates strong business credibility and content quality but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

G

GEZE GmbH

geze.at

38

GEZE GmbH is a globally recognized family-owned company specializing in manufacturing and providing innovative door, window, and safety technology solutions. The company has a strong market position with over 3,000 employees and 37 subsidiaries worldwide, focusing on digital connectivity and building automation. The website reflects a professional and comprehensive presentation of their products and services, targeting architects, planners, and building operators. Technically, the site uses TYPO3 CMS hosted on AWS CloudFront with modern content delivery but suffers from critical SSL/TLS misconfigurations, impacting security posture. Privacy compliance is well addressed with a clear privacy policy and consent management via Usercentrics. The site offers multiple contact channels and social media presence, enhancing business credibility. However, the invalid SSL certificate and lack of HTTPS protocols represent significant security risks that should be urgently addressed.

B

Bacon & Bold

baconbold.com

38

Bacon & Bold is a medium-sized performance branding and social media marketing agency based in Austria, founded in 2016. The company positions itself as a leading social media agency focused on delivering measurable business success through targeted digital marketing strategies, workshops, and AI-driven applications. Their client portfolio includes notable companies such as Siemens, Wiener Linien, and voestalpine AG, underscoring their market presence and credibility. Technically, the website is built on Webflow CMS, uses modern web fonts, Google Tag Manager, and is hosted via Cloudflare and Azure services. While the site is well-designed, mobile-optimized, and rich in content, it suffers from critical security issues including an invalid SSL certificate and a subdomain takeover vulnerability. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and maintain trust.

F

FACC AG

facc.com

35

FACC AG is a mature and leading aerospace company specializing in the design, production, and maintenance of advanced lightweight components and systems for the global aviation industry. The company maintains strong partnerships with major aerospace manufacturers such as Airbus, Boeing, and Embraer, and offers a broad portfolio including aerostructures, engines, nacelles, cabin interiors, and MRO services. The website reflects a professional and well-branded digital presence targeting industry partners, investors, suppliers, and job seekers. Technically, the site is built on WordPress with modern JavaScript frameworks like Vue.js and uses Amazon CloudFront CDN for hosting. However, performance metrics are missing, and the site appears to load slowly. Security posture is a significant concern due to the absence of a valid SSL certificate and lack of TLS protocol support, which critically undermines secure communications. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is credible and professional but requires urgent security improvements to protect user data and maintain trust.

S

SMB Machinery

smbsales.com

24

SMB Machinery is a well-established company specializing in the sale and service of used packaging and processing equipment, primarily serving consumer goods manufacturing operations. With over two decades of experience and a large facility in Metro-Atlanta, the company offers a comprehensive range of services including equipment sales, technical support, automation, rigging, and logistics. The website reflects a professional business with clear branding, industry affiliations, and a focus on transparency and customer assurance. Technically, the site is built on WordPress with modern plugins and tracking tools, but lacks a valid SSL certificate, which significantly impacts its security posture. The absence of HTTPS and security headers exposes the site to risks and reduces trustworthiness. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR indicators. Contact information is clearly provided, including phone, physical address, and a contact form protected by reCAPTCHA v3. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

G

Grand Hotel Wien

grandhotelwien.com

37

Grand Hotel Wien is a well-established luxury hospitality business located in Vienna, Austria, with a history dating back to 1870. The website presents a professional image with comprehensive information about its services including luxury accommodations, gourmet dining, spa, and event hosting. The business is positioned as a high-end hotel targeting affluent travelers and tourists seeking premium experiences. Technically, the website uses a mix of modern JavaScript libraries and frameworks such as AngularJS, jQuery, and Foundation CSS, hosted behind Cloudflare CDN. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS configuration, which significantly impacts its security posture. Privacy and cookie policies are present and appear GDPR compliant, and contact information is clearly provided. The domain registration data supports the legitimacy and maturity of the business. Overall, while the business and content quality are strong, the lack of proper SSL/TLS implementation is a major risk that should be addressed immediately.

S

Sudos

televis.com

22

The website televis.com serves as a domain marketplace landing page offering the domain name Televis.com for sale. It operates as a brokerage platform facilitating secure transactions between domain sellers and buyers, with options including buy now, lease to own, and make an offer. The site leverages Sudos.com as its marketplace platform and partners with payment processors such as Atom.com and Escrow.com to provide flexible and secure payment options. The target audience is domain investors and buyers seeking premium domain names. Technically, the site uses modern frontend technologies including Alpine.js, Livewire, Tailwind CSS, and jQuery, but lacks HTTPS support due to the absence of a valid SSL certificate, which is a critical security gap. The site includes tracking via Google Tag Manager and Crisp chat but does not provide privacy or cookie policies, nor contact information, which impacts privacy compliance and business credibility.

Global LT is a medium-sized education company specializing in instructor-led language and cultural training services targeted at corporations and governments worldwide. The company offers a comprehensive suite of services including language training, translation, interpretation, and destination services, supported by a technology-driven platform. The website is professionally designed, well-branded, and provides clear navigation and rich content relevant to its business domain. Technically, the site is built on HubSpot CMS and integrates Google Analytics and Tag Manager for marketing and analytics purposes. However, the absence of a valid SSL certificate and HTTPS support is a significant security concern. Security headers are partially implemented, but critical TLS protocols and certificate transparency are missing, exposing the site to potential risks. Privacy compliance is moderate, with a privacy policy present but lacking a cookie consent mechanism despite tracking scripts. Contact information is clearly provided, enhancing business credibility. Overall, the site demonstrates strong business presence and digital maturity but requires urgent security improvements to protect user data and enhance trust.

B

Bufab International AB

bufab.com

40

Bufab International AB operates as a global supply chain partner specializing in C-parts for manufacturing industries. Their website presents a comprehensive portfolio of services including supplier management, logistics, quality assurance, and sustainability consulting. The company targets manufacturing purchasers seeking to optimize their C-parts supply chain. Technically, the website is built on HubSpot CMS with integrations for marketing and analytics, delivering a professional and content-rich user experience. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS protocol support, which is critical for secure communications. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy and professionally maintained but requires urgent security improvements to protect user data and enhance trust.

W

Wolf Systems Ltd

wolfsystem.co.uk

39

Wolf Systems Ltd is a mature UK-based company specializing in software and products that simplify timber engineering. Their offerings include advanced software solutions, metal webs, nailplates, expert support, training, and machinery advice, targeting timber engineering professionals and manufacturers. The company maintains a strong market position supported by certifications such as BBA approval and CE marking, and operates a network of country-specific partner domains across Europe. Technically, the website is built on ASP.NET with modern frontend libraries like Bootstrap and jQuery, hosted on Microsoft IIS. However, the site lacks HTTPS, which is a critical security gap. Security headers are partially implemented, and cookie consent mechanisms are present, indicating some privacy awareness. The WHOIS data confirms a consistent and trustworthy domain registration with no privacy protection, aligning with the company's public identity.

C

Coface

coface.com

40

Coface is a global leader in trade credit insurance, debt collection, and business information services, supporting over 100,000 clients across approximately 200 countries. Founded in 1946 and headquartered in France, the company offers comprehensive solutions to help businesses manage credit risks and optimize credit management. The website reflects a mature digital presence with professional design, clear navigation, and extensive content tailored to its target audience of businesses seeking credit risk solutions. Technically, the site uses modern web technologies including a CDN (CloudFront), a CMS (Ibexa), and integrates advanced consent management and analytics tools. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, Coface's website demonstrates high business credibility and professionalism but requires urgent SSL/TLS remediation to improve security and trust.

S

Spencer Stuart

spencerstuart.com

40

Spencer Stuart is a globally recognized executive search and leadership consulting firm specializing in senior executive and board-level placements. The website reflects a mature, professional services business with a strong market position and comprehensive service offerings tailored to corporate clients. Technically, the site uses a custom ASP.NET CMS hosted on AWS CloudFront, integrating modern analytics and consent management tools. However, the absence of a valid SSL certificate and disabled modern TLS protocols represent significant security gaps. The site employs good security headers and cookie management but lacks advanced email security measures such as DMARC and DNSSEC. Overall, the website is content-rich and professionally designed but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

J

Johns Hopkins University School of Advanced International Studies

sais-jhu.edu

40

Johns Hopkins University School of Advanced International Studies (SAIS) operates a comprehensive and professionally designed website offering graduate programs in international relations. The institution is well-positioned in the education sector with campuses in Washington DC, Europe, and China, serving a diverse international student body. The website content is rich, relevant, and professionally presented, reflecting the institution's high market position and reputation. Technically, the site uses Drupal 7 with a variety of modern JavaScript libraries and is hosted behind Cloudflare, but lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Security headers are present but insufficient without proper TLS. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. The WHOIS data confirms domain legitimacy and consistency with the institution's identity. Overall, the site is trustworthy and professional but requires urgent improvements in SSL/TLS deployment and privacy compliance to enhance security and user trust.

MOTIONDATA VECTOR Gruppe is a well-established Austrian software and IT solutions provider specializing in Dealer Management Systems and related automotive industry services. With over 40 years of experience and a strong presence in the D-A-CH region and other European markets, the company offers a comprehensive portfolio including cloud-based DMS, sales management tools, web portfolios, mobile apps, and IT infrastructure services. The website reflects a mature digital presence with professional design, multilingual support, and clear navigation. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which undermines user trust and data security. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Social media integration and brand certifications further enhance credibility.

I

Irian Solutions Softwareentwicklungs GmbH

irian.at

40

Irian Solutions Softwareentwicklungs GmbH is a well-established software development company based in Austria, specializing in digital product development using technologies such as Java, Angular, and .NET. The company targets businesses requiring custom software solutions, with a strong market presence evidenced by notable clients in finance, energy, and transportation sectors. Their website reflects a professional and modern digital presence, leveraging the Astro framework and Cloudflare for hosting and CDN services. However, the website's security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS enforcement, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the company demonstrates strong business credibility and digital maturity but must urgently address its SSL/TLS configuration to ensure secure communications and maintain trust.

Plansee SE is a globally recognized manufacturer specializing in refractory metals such as molybdenum, tungsten, and tantalum, serving high-tech industries including electronics, aerospace, and energy. With a century of experience and multiple production sites worldwide, Plansee positions itself as a leader in high-performance materials and sustainable manufacturing solutions. The website reflects a mature digital presence built on Adobe Experience Manager and Next.js, leveraging Akamai CDN and Google Tag Manager for performance and analytics. However, the current lack of a valid SSL certificate and disabled TLS protocols represent critical security vulnerabilities that undermine user trust and data protection. Despite these issues, the site maintains comprehensive privacy and cookie policies aligned with GDPR, and showcases certifications like EcoVadis Gold and ASML Sustainability Excellence Award, reinforcing its market credibility. Strategic improvements in SSL/TLS deployment and enhanced security configurations are recommended to elevate the overall security posture and user confidence.

V

Vizrt

vizrt.com

40

Vizrt is a leading media technology company specializing in live broadcast and video storytelling solutions. Their website showcases a comprehensive portfolio of products and services designed to empower content creators across various sectors including broadcasting, sports, corporate, government, education, and house of worship. The company positions itself as a pioneer in real-time graphics, virtual sets, production automation, and cloud-based production workflows, reaching a global audience of over 4.5 billion people daily. Technically, the website is built on WordPress with modern frameworks and technologies such as Kadence Blocks, Gravity Forms, and Slider Revolution. It leverages Cloudflare for CDN and security, integrates Vimeo for video content, and uses advanced analytics and marketing tools like Google Tag Manager and Facebook Pixel. The site is well-optimized for SEO, accessibility, and mobile responsiveness, providing a professional and engaging user experience. From a security perspective, the site implements several important HTTP security headers and restricts permissions for sensitive APIs. However, the SSL certificate is currently invalid or missing, and TLS 1.2 or higher is not enabled, which are critical issues that reduce the overall security posture. Privacy compliance is strong with clear privacy and cookie policies, including consent mechanisms, aligning with GDPR requirements. Overall, Vizrt's website reflects a mature and professional digital presence with strong business credibility and technical implementation. Addressing the SSL and TLS issues would significantly enhance their security posture and trustworthiness. Strategic recommendations include updating SSL certificates, increasing HSTS duration, enabling modern TLS protocols, and maintaining rigorous security best practices.