Security Directory

V

Verein für Konsumenteninformation (VKI)

verbraucherrecht.at

0

The website Verbraucherrecht.at is operated by the Verein für Konsumenteninformation (VKI), a prominent Austrian non-profit organization focused on consumer rights and legal information. It provides comprehensive resources including news, legal judgments, collective actions, and educational offerings targeted at Austrian consumers. The site is well-branded, consistent, and supported by the Austrian Ministry of Social Affairs, reinforcing its authoritative position in the consumer protection sector. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and uses modern web technologies including Matomo for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly undermines user trust and security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site offers valuable content and services but requires urgent security improvements to meet modern standards.

V

Verein für Konsumenteninformation (VKI)

vki.at

0

The Verein für Konsumenteninformation (VKI) is a well-established Austrian non-profit organization dedicated to consumer protection through product testing, advice, and information dissemination. The website serves as a comprehensive portal for consumers, offering access to product recalls, educational seminars, and greenwashing checks, targeting Austrian consumers primarily. Technically, the site is built on Drupal CMS and hosted on Amazon AWS infrastructure, utilizing Matomo analytics with a clear cookie consent mechanism, reflecting a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. While privacy policies and GDPR compliance are well addressed, the lack of security headers and modern TLS protocols indicates room for significant security improvements. Overall, the site provides excellent content quality and user experience but requires urgent security enhancements to align with best practices and regulatory requirements.

V

Vienna Tourist Board

wien.info

0

The website wien.info serves as the official online travel guide for the City of Vienna, operated by the Vienna Tourist Board. It provides comprehensive information on attractions, events, accommodations, and visitor services, targeting tourists and visitors globally with multilingual support. The site positions itself as the authoritative source for Vienna tourism, offering key services such as event search, city card sales, and a dedicated travel guide app. Technically, the site employs modern JavaScript libraries, integrates with multiple marketing and analytics platforms, and uses a custom or proprietary CMS hosted on xaas.systems DNS infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. Despite this, it implements several security headers and a strict content security policy. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Business contact information is clearly presented, enhancing credibility.

V

Vienna Tourist Board

vienna.info

0

The website vienna.info is the official online travel guide for the City of Vienna, operated by the Vienna Tourist Board. It provides comprehensive information and services for tourists including attractions, events, accommodations, city cards, and accessibility resources. The site targets visitors planning trips to Vienna and serves as an authoritative source for travel-related content. Technically, the site uses modern JavaScript libraries, structured data (JSON-LD), and integrates privacy-conscious analytics (Matomo) alongside cookie consent via OneTrust. However, a critical security gap is the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly undermines the site's security posture. Security headers are present and well-configured, but without HTTPS, the site is vulnerable to interception and man-in-the-middle attacks. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site is professional, content-rich, and user-friendly but urgently requires HTTPS implementation to meet modern security standards.

V

VIENNA SIGHTSEEING TOURS

viennasightseeing.at

0

Viennasightseeing.at is a medium-sized tourism and transportation business specializing in guided sightseeing tours, hop-on-hop-off bus services, day trips, and sightseeing passes in Vienna, Austria. The company positions itself as a market leader in Vienna's sightseeing tour sector, targeting tourists seeking convenient and flexible travel experiences. The website is built on TYPO3 CMS and integrates modern marketing and tracking tools such as Google Tag Manager, Trustpilot, and Usercentrics for consent management. However, the site suffers from critical security issues including an invalid SSL certificate, lack of HTTPS enforcement, and a subdomain takeover vulnerability on its shop subdomain. These issues significantly impact the site's security posture and trustworthiness. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR consent mechanisms. Overall, the site offers good content quality and user experience but requires urgent security improvements to protect user data and maintain business credibility.

Arvato SE operates as a global third-party logistics provider specializing in supply chain management, logistics & fulfillment, transport management, and digital solutions. The company targets businesses in e-commerce and B2B sectors, offering scalable and innovative logistics services. The website demonstrates a strong market presence with multiple localized domains and partner sites, reflecting a large enterprise with a global footprint. Technically, the site is built on TYPO3 CMS with modern frontend tooling and integrates Cookiebot for GDPR-compliant cookie management. However, the main domain suffers from an invalid SSL certificate, impacting security posture. While no critical vulnerabilities are detected, the lack of HTTPS and security headers lowers the overall security score. Privacy compliance is well addressed with clear cookie consent and privacy policies. The website is professionally designed, mobile-optimized, and provides clear navigation and business information, though direct contact emails and phone numbers are not exposed publicly. Strategic improvements in SSL configuration and security headers are recommended to enhance trust and security.

A

A1 Group

a1.group

0

A1 Group is a major telecommunications provider operating primarily in Central and Eastern Europe, serving approximately 30 million customers across seven core markets. The company offers a broad portfolio of services including voice telephony, broadband internet, mobile and home entertainment, smart home solutions, data and IT services, wholesale, payment solutions, and digital services. The website reflects a strong corporate identity with a focus on sustainability and ESG commitments, supported by detailed investor relations content and sustainability reports. Technically, the website is built on WordPress with multilingual support and integrates modern marketing and analytics tools such as Google Analytics, Microsoft Clarity, and Bugsnag. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which is a critical vulnerability that must be addressed promptly. Privacy compliance is well managed with a comprehensive cookie consent mechanism and clear privacy policy. Overall, the site demonstrates professionalism and trustworthiness but requires urgent improvements in SSL/TLS security to protect user data and maintain credibility.

A

A1 Digital

a1.digital

0

A1 Digital is a prominent European technology service provider specializing in IoT, Cloud, Network, and Cybersecurity solutions. The company targets businesses across Europe aiming for digital transformation, offering managed connectivity, cloud services, and security solutions. Their market position is strong with a large customer base and presence in multiple countries, supported by a parent company, Telekom Austria AG, and several subsidiaries. Technically, the website is built on Craft CMS with modern marketing and consent tools, providing a good user experience and mobile optimization. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. The site implements several security headers but lacks modern TLS protocols and secure cipher suites. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent SSL/TLS improvements to enhance security and user trust.

A

A1 Startup Campus

a1startup.net

0

A1 Startup Campus is a medium-sized startup accelerator affiliated with the A1 Group, focused on supporting startups in technology, digital services, cybersecurity, education, and sustainability sectors. The website is professionally designed using WordPress with multilingual support and integrates modern technologies such as Vimeo for video content and Google Tag Manager for analytics. The site demonstrates good SEO and mobile optimization, providing clear navigation and relevant business content. Security posture is adequate with HTTPS and valid SSL certificates, though improvements are recommended in DNS security and HTTP security headers. Privacy compliance is strong with a GDPR-compliant cookie consent mechanism and detailed cookie categorization. Contact is primarily via email, with no phone numbers or physical addresses explicitly provided. Overall, the site is trustworthy and well-positioned as a startup support platform within the telecommunications and technology industry.

A

Austrian Business Agency

investinaustria.at

0

The Austrian Business Agency operates the website investinaustria.at to promote Austria as a prime investment destination. It provides comprehensive information and free consulting services to international investors and companies interested in establishing or expanding their business in Austria. The agency emphasizes Austria's innovation, research capabilities, skilled workforce, and stable economic environment. Technically, the website is built on modern frameworks including TYPO3 CMS and Nuxt.js, hosted behind Cloudflare for performance and security. The SSL certificate is valid but lacks advanced HTTPS security headers like HSTS. Privacy compliance is partially addressed with a clear privacy policy but lacks a cookie consent mechanism. Contact information and social media presence are well established, enhancing business credibility. Overall, the site is professional, content-rich, and user-friendly, suitable for its government agency role.

V

VPG Vienna PASS GmbH

viennapass.de

0

VPG Vienna PASS GmbH operates the Vienna Pass website, offering sightseeing passes for tourists visiting Vienna. The business provides two main products: the Vienna PASS with access to up to 90 attractions and the Flexi PASS with a flexible number of visits. The website is built on TYPO3 CMS and integrates modern marketing and payment technologies such as Google Tag Manager, Usercentrics for consent management, and Adyen for payments. The site demonstrates good content quality, clear navigation, and mobile optimization, targeting tourists and culture enthusiasts. However, the website suffers from critical security issues due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture and trustworthiness. Privacy and cookie policies are present and GDPR compliant, with active social media engagement and trust signals like Trustpilot and money-back guarantees enhancing business credibility.

W

WienTourismus

viennacitycard.at

0

The website viennacitycard.at serves as the official platform for the Vienna City Card, a tourism product offering public transport access and discounts in Vienna. It is operated by WienTourismus and targets tourists seeking convenient mobility and sightseeing benefits. The site features a modern TYPO3 CMS infrastructure with Alpine.js for interactivity, hosted behind Cloudflare. While the site is content-rich, well-branded, and professionally designed with good mobile optimization and accessibility, it suffers from a critical security issue: the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which significantly impacts the security posture. Privacy compliance is strong, with a clear privacy policy, cookie consent via Usercentrics, and GDPR adherence. The site integrates Matomo analytics and Google Tag Manager for tracking, balanced with user privacy controls. Overall, the site is trustworthy and professional but requires urgent SSL/TLS remediation to ensure secure user interactions.

I

IXOPAY GmbH

tokenex.com

0

IXOPAY GmbH operates a sophisticated enterprise payment orchestration and tokenization platform designed to streamline global payments for merchants and enterprises. The company positions itself as a scalable and flexible solution provider, offering a wide range of payment modules and services that enhance authorization rates, PCI compliance, and payment data management. Their market focus includes fintech, e-commerce, and financial services sectors, targeting businesses that require advanced payment orchestration capabilities. The website content is professionally designed, well-structured, and optimized for user experience and SEO, reflecting a mature digital presence. Technically, the website leverages modern JavaScript frameworks and integrates third-party tools such as Sentry for error tracking, Google Tag Manager for analytics, and ChiliPiper for lead routing. Hosting is provided via Cloudflare, ensuring robust CDN and security features. Performance is fast, and the site is mobile-optimized with good accessibility standards. Structured data in JSON-LD format enhances search engine understanding and business credibility. From a security perspective, the site enforces HTTPS with strong security headers and OCSP stapling, though HSTS is not fully enabled according to SSL info. No critical vulnerabilities were detected in SSL/TLS configuration. However, the absence of a visible cookie consent mechanism and a formal incident response or vulnerability disclosure policy indicates areas for compliance and security posture improvement. No direct contact emails or phone numbers are publicly listed, with contact primarily via forms and legal pages. Overall, IXOPAY demonstrates a strong business and technical foundation with a high level of professionalism and trustworthiness. Strategic enhancements in privacy compliance and security transparency would further strengthen their market position and customer confidence.

A

A1

a1partnering.com

0

A1 Partnering is a strategic business unit of A1, Austria's leading telecommunications provider with over 7.1 million customers. The website promotes business partnerships and investment opportunities for B2C companies aiming to enter the Austrian and Central European markets. The company leverages its strong market position, customer base, and marketing expertise to facilitate market entry and growth for partners. Technically, the website uses modern frontend technologies such as Tailwind CSS and Alpine.js, and integrates OneTrust for cookie consent management. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site presents professional content and branding but requires urgent security improvements.

A

A1 Telekom Austria Group

a1blog.net

0

A1 Telekom Austria Group operates the website a1blog.net as a content platform focused on internet, smartphones, digital life, and related telecommunications services primarily targeting Austrian consumers. The site serves as a marketing and informational blog, showcasing product news, tips, and corporate social responsibility initiatives. Technically, the site is built on the Liferay CMS platform, leveraging modern JavaScript frameworks including React and Alloy UI, and integrates Google Tag Manager and OneTrust for analytics and cookie consent management. Despite rich content and professional design, the site suffers from a critical security shortfall due to an invalid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies in German, aligned with GDPR requirements. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

A

A1 Telekom Austria AG

a1click.at

0

A1click.at is an online marketplace operated under the A1 Telekom Austria AG brand, offering a curated selection of digital, entertainment, energy, finance, and insurance products. The platform leverages trusted partnerships and the A1 Trusted Brands certification to provide exclusive deals and services to Austrian consumers. The website features a modern frontend technology stack including Alpine.js and Tailwind CSS, integrated with multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Hotjar. Despite a professional design and good content quality, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and missing security headers, which significantly impact its security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism powered by OneTrust and a clear privacy policy in German. Contact information is limited to an email address and a newsletter subscription form, with no phone numbers or physical addresses disclosed. Overall, the website presents a solid business presence with room for improvement in technical security and performance optimization.

V

Vienna Airport Lines

viennaairportlines.at

0

Vienna Airport Lines is a transportation service operating express bus lines between Vienna city and Vienna International Airport. It is a business unit of the Österreichische Postbus Aktiengesellschaft, a subsidiary of ÖBB-Personenverkehr AG, positioning itself as a reliable and convenient airport shuttle provider. The website presents clear business information, service offerings, and partner links, targeting travelers and commuters in Vienna. The digital infrastructure includes a responsive design and uses Matomo analytics for user tracking. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. No cookie consent mechanism or comprehensive privacy compliance features are evident. The site is moderately performant and accessible but requires urgent security improvements to meet modern standards.

Ö

ÖBB Nightjet

nightjet.com

0

ÖBB Nightjet operates a comprehensive overnight train service connecting over 25 European metropolitan cities, focusing on comfortable, climate-friendly travel options including vehicle transport. The website is well-branded, content-rich, and targets travelers seeking overnight rail journeys across Europe. Technically, the site uses modern web technologies such as ES modules and web components, but performance data is lacking. Security posture is weakened by the absence of a valid SSL certificate and HTTPS support, which is a critical issue. Privacy and terms policies are linked to official ÖBB domains, indicating good compliance practices. Contact information is provided primarily via phone and external contact forms. Overall, the site is professional and trustworthy but requires urgent security improvements.

I

IXOPAY GmbH

ixopay.com

0

IXOPAY GmbH is a medium-sized enterprise based in Austria specializing in enterprise payment orchestration and tokenization solutions. The company offers a comprehensive platform designed to improve authorization rates, streamline PCI compliance, and unify payment data for merchants and enterprises globally. Their business model focuses on providing modular payment services and connectivity to multiple payment processors, targeting B2B clients in finance and technology sectors. The website demonstrates strong branding consistency, professional content, and trust indicators such as client testimonials and social media presence. Technically, the website leverages modern JavaScript technologies, integrates third-party services like Sentry for error tracking, ChiliPiper for lead routing, and TokenEx for tokenization. It is hosted behind Cloudflare, which provides DNS and CDN services. However, performance is currently slow, and accessibility is basic. SEO optimization is good with proper meta tags and structured data. From a security perspective, while the website implements several important HTTP security headers and secure cookie attributes, it suffers from a critical SSL/TLS misconfiguration with no valid certificate and no enabled TLS protocols. This severely impacts the security posture and trustworthiness of the site. Privacy compliance is generally good with a comprehensive privacy policy and GDPR indicators, but no explicit cookie consent mechanism was detected. Overall, IXOPAY presents a professional and credible business front with strong technical foundations but requires urgent remediation of SSL/TLS issues to ensure secure and trusted operations. Strategic improvements in performance and privacy consent mechanisms would further enhance their digital maturity.

E

E.ON Energie Österreich GmbH

eon-energie.at

0

E.ON Energie Österreich GmbH is a leading energy provider in Austria, offering reliable electricity and natural gas supply with a strong emphasis on renewable energy, particularly 100% green electricity from Austrian hydropower. The company also provides e-mobility solutions and comprehensive customer service including online portals and live chat support. Their market position is reinforced by multiple industry awards and certifications, reflecting a commitment to quality and sustainability. Technically, the website is built on Adobe Experience Manager with modern web components and integrates various third-party services such as Google Tag Manager for analytics and Usercentrics for consent management. The site is hosted via Cloudflare and uses a valid DigiCert SSL certificate, though some security enhancements like HSTS and DNSSEC are not yet implemented. Performance is moderate with room for improvement. Security posture is solid with no critical vulnerabilities detected, proper use of HTTPS, and SPF records for email protection. Privacy compliance is strong with clear privacy and cookie policies and a consent mechanism in place. Contact information is readily available, enhancing business credibility. Overall, the website demonstrates a mature digital presence with good content quality, technical implementation, and security practices, positioning E.ON as a trustworthy and professional energy provider in the Austrian market.

G

Grazer Wechselseitige Versicherung AG

grawe.at

0

Grazer Wechselseitige Versicherung AG (GRAWE) is a well-established Austrian insurance company founded in 1828, offering a broad range of insurance products including private, business, and agricultural insurance, alongside financial services. The company maintains a strong market position in Austria with a large customer base and extensive service network. Their website reflects a mature digital presence with comprehensive content, clear navigation, and multi-language support. Technically, the site is built on TYPO3 CMS, uses modern JavaScript and CDN services, but suffers from slow load times due to high resource count and page size. Security posture is good with valid SSL, strong cipher suites, and proper DNS security records like SPF and DMARC, though improvements such as enabling HSTS and OCSP stapling are recommended. Privacy compliance is robust with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its large enterprise status.

C

Christian Doppler Laboratory CDL-BOT

cdl-bot.at

0

The Christian Doppler Laboratory CDL-BOT is a research-focused institution specializing in blockchain technologies for the Internet of Things. It operates as a collaboration between academic institutions TU Hamburg and TU Wien, supported by Austria's Federal Ministry for Digital and Economic Affairs and industrial partners such as Pantos and the IOTA Foundation. The laboratory aims to advance Distributed Ledger Technologies to be practical and effective for IoT applications, including secure data exchange and payment mechanisms. The website reflects a professional research entity with clear academic and industrial partnerships but lacks direct contact information and comprehensive privacy or security policies. Technically, the website is built using modern web technologies including React and Next.js, providing a good user experience and mobile optimization. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. The DNS setup is standard but lacks advanced security features such as DNSSEC and CAA records. Performance is moderate with a page load time of approximately 4 seconds. Security-wise, the site does not implement essential best practices such as HTTPS, HSTS, or security headers, and lacks vulnerability disclosure or incident response information. Privacy compliance is minimal with a basic privacy policy present but no cookie consent mechanism or GDPR compliance statements. Overall, the site is functional and informative but requires urgent improvements in security and privacy to meet modern standards. Strategic recommendations include immediate deployment of a valid SSL certificate, enabling HTTPS, implementing security headers, adding cookie consent mechanisms, and publishing comprehensive security and privacy policies to enhance trust and compliance.

E

easyname GmbH

easyname.com

0

easyname GmbH is a medium-sized Austrian technology company specializing in webhosting, domain registration, website building, VPS hosting, SSL certificates, and digital marketing services. Positioned as a reliable European provider, easyname emphasizes customer support, data privacy, and operational transparency. Their business model targets individuals and SMEs seeking comprehensive online presence solutions. The website reflects a professional and consistent brand image with clear navigation and relevant content. Technically, the site uses modern JavaScript frameworks including React and jQuery, supported by a custom platform hosted on their own datacenters in Austria, Germany, and Switzerland. However, performance is currently slow and accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, despite presence of some security headers and SPF/DMARC email protections. Privacy compliance is good with clear policies and consent mechanisms. Overall, the site is trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

A

Arztsuche24.at

arztsuche24.at

0

Arztsuche24.at is an Austrian online healthcare directory providing comprehensive listings of doctors, pharmacies, and health institutions across Austria. The platform offers detailed information including health insurance affiliations, opening hours, directions, and contact details, targeting patients and healthcare seekers within Austria. The site collaborates with Verlagshaus der Ärzte, enhancing its credibility and content quality. Technically, the website is built on WordPress with a custom theme and utilizes common web technologies such as jQuery, Bootstrap, and Leaflet.js for maps. However, the site suffers from a lack of a valid SSL certificate, resulting in no HTTPS support and outdated security protocols, which significantly impacts its security posture. Privacy compliance is addressed through a cookie consent banner and links to comprehensive privacy and terms policies hosted on a partner domain. Overall, while the site provides valuable healthcare information, its security shortcomings and slow performance present risks that should be addressed to improve user trust and compliance.

J

Joyn

joyn.at

0

Joyn.at is a regional streaming media platform targeting German-speaking users in Austria, Germany, and Switzerland. The service offers video content with geo-restrictions limiting access outside these countries. The website is built using modern web technologies including Next.js and React, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Privacy and cookie policies are present, indicating some compliance with GDPR requirements, but no explicit security or incident response policies are found. Overall, the site provides a professional user experience but requires significant improvements in security posture to protect user data and enhance trust.

E

easyname GmbH

easyname.at

0

easyname GmbH is an established Austrian web hosting and domain registration company offering a range of services including webhosting, website builder, VPS hosting, SSL certificates, and digital marketing solutions. The company positions itself as a reliable and customer-focused provider with ISO/IEC 27001 certified data centers, targeting individuals and businesses seeking professional online presence solutions. The website demonstrates good content quality, clear navigation, and consistent branding, supporting a positive user experience and trustworthiness. Technically, the site uses modern JavaScript frameworks such as React and jQuery, integrates Google Tag Manager and a consent management platform, and provides multi-language support. However, the absence of a valid SSL certificate and lack of TLS protocol support represent critical security weaknesses. DNS configurations are mostly well-managed with SPF and DMARC records, but CAA records are malformed and DNSSEC is not enabled. Overall, the security posture is moderate but requires urgent improvements in SSL/TLS deployment and security headers to protect user data and maintain trust.

R

Resonanz Digital

resonanz-digital.at

0

Resonanz Digital is a well-established digital agency based in Austria, specializing in WordPress websites, online shops, eCommerce solutions, online marketing, SEO, and Google Ads. With over 20 years of experience and a Google Partner certification, the company targets small and medium enterprises, founders, and individual entrepreneurs. Their service portfolio includes web design, WordPress development, maintenance, plugin development, and marketing services, positioning them as a trusted partner for digital presence creation. The website demonstrates a strong brand consistency and excellent content quality, supported by positive customer reviews from ProvenExpert. Technically, the site runs on WordPress with the Enfold theme and uses various performance and multilingual plugins. Hosting is provided via Google Cloud infrastructure. Security-wise, the site supports modern TLS protocols and has valid SPF and DMARC records but lacks advanced security features like HSTS, DNSSEC, and OCSP stapling, which could be improved. The cookie consent mechanism is implemented with opt-in for marketing and statistics cookies, reflecting good privacy compliance. Overall, the website is professional, trustworthy, and well-optimized for SEO and user experience, though performance could be enhanced.

W

WP-Stars GmbH

wp-stars.com

0

WP-Stars GmbH is a well-established digital agency specializing in E-Commerce, web development, UX/UI design, and online marketing primarily serving clients in Austria and Germany. Founded in 2005, the company offers a comprehensive suite of digital services including website and online shop creation, platform development, and strategic digital consulting. Their market position is strengthened by certifications such as KMU.Digital and Trusted Shops Qualified Partner, alongside a portfolio of reputable clients. Technically, the website is built on WordPress with modern performance optimizations and integrates key tools like Gravity Forms and Borlabs Cookie for GDPR compliance. Security posture is solid with valid SSL, SPF, and DMARC records, though improvements like enabling HSTS and DNSSEC could enhance protection. Overall, WP-Stars demonstrates a mature digital presence with strong business and technical foundations, though explicit security policies and vulnerability disclosures are absent.

W

WP-Network

wp-network.org

0

WP-Network is a non-profit association based in Austria that unites WordPress professionals, digital agencies, freelancers, and web developers primarily in the Austrian and DACH region. The organization offers networking opportunities through monthly WordPress meetups, an expert search platform, and a job board targeting WordPress-related roles. It is supported by sponsorships from recognized companies in the WordPress ecosystem and funded through membership fees and event revenues. The website is well-branded and professionally presented, targeting a niche community of WordPress professionals. Technically, the website is built on WordPress 6.8.1 using the Enfold theme and child theme customizations. It employs modern web technologies including jQuery, Font Awesome, and Matomo analytics for user tracking. The site is hosted with domaintechnik.at and uses structured data (JSON-LD) for SEO enhancement. However, the website suffers from a critical security weakness due to the absence of a valid SSL certificate and lack of HTTPS support, which undermines user trust and data security. From a security perspective, the site has implemented a GDPR-compliant cookie consent mechanism with detailed cookie categories and uses SPF records for email authentication. Nevertheless, it lacks essential security headers, modern TLS protocols, HSTS, and DMARC records. These gaps expose the site to potential risks such as data interception, phishing, and email spoofing. No explicit security policy, incident response contacts, or vulnerability disclosure statements are found. Overall, WP-Network is a valuable community resource with a solid business model and good digital maturity but requires urgent improvements in its security posture to protect its users and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, and implementing comprehensive security headers and email authentication policies.

L

LWND Kreativagentur GmbH

lwnd.com

0

LWND Kreativagentur GmbH is a small Austrian creative agency specializing in providing customized teams of specialists across various disciplines to drive brand success. The company positions itself as a modern and innovative agency with a strong focus on digital marketing, branding, campaigns, and UX design. Their website showcases a comprehensive portfolio of services, detailed case studies, and a professional team presentation, targeting brands and companies seeking tailored creative solutions. Technically, the website uses common web technologies such as jQuery, Swiper, and Google reCAPTCHA, hosted on Hetzner infrastructure. However, the site suffers from a critical security weakness due to the absence of a valid SSL/TLS certificate and lack of HTTPS support, which undermines user trust and data protection. DNS and email security configurations are properly implemented with SPF and DMARC policies. Overall, the website demonstrates excellent content quality and branding consistency but requires urgent security improvements to protect user data and comply with best practices.

D

DRVLESS

drvless.com

0

Drvless is a technology company specializing in AI-powered software solutions for test automation, test case generation, robotic process automation, and continuous monitoring to optimize quality assurance processes. The company positions itself as an innovative player with over 25 years of automation experience and recognized excellence by the European Commission. Their product suite targets software development and QA teams seeking efficient and easy-to-use automation tools. The website reflects a mature digital presence built on WordPress with Elementor, featuring clear product offerings, trial options, and partnership with Objentis consultancy for enhanced customer support. Technically, the website leverages modern web technologies and plugins such as Matomo for analytics and Borlabs for cookie consent management, indicating a commitment to privacy compliance. However, the absence of a valid SSL certificate and lack of modern TLS support represent significant security weaknesses that could undermine user trust and data protection. The DNS configuration is standard but lacks DNSSEC and CAA records, which could improve domain security. Security posture is moderate with good email authentication (SPF) but critical gaps in transport security and missing security policies or incident response information. The site implements GDPR-compliant privacy and cookie policies with consent mechanisms, but no explicit terms of service or vulnerability disclosure policies were found. Contact information is clearly provided, supporting user engagement and support. Overall, Drvless demonstrates a strong business and technical foundation with room for improvement in security hardening and transparency. Addressing SSL/TLS issues and publishing comprehensive security policies would enhance trust and compliance, supporting their market position as a reliable AI automation provider.

B

banibis GmbH

banibis.com

0

banibis GmbH is a small Austrian technology company specializing in modular ERP software solutions tailored for small and medium-sized enterprises, particularly in the trade and service sectors. Their cloud-based ERP system offers comprehensive features including CRM, project management, purchasing and sales, and accounting, with a strong emphasis on customization and customer-centric support. The company maintains a professional online presence with clear contact information, social media integration, and compliance with GDPR and cookie consent regulations. Technically, the website is built on WordPress using the Divi theme, enhanced with various plugins for performance optimization, analytics, and user interaction. The infrastructure is hosted via domaintechnik.at, with a moderate performance profile and good mobile optimization. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security shortcomings that could impact user trust and data protection. From a security perspective, while the site implements SPF records and avoids common vulnerabilities like Heartbleed and POODLE, the lack of HTTPS and missing DMARC records are critical gaps. No explicit security or incident response policies are publicly available, which may affect the company's security posture and compliance readiness. Overall, banibis GmbH demonstrates a solid business and technical foundation with room for improvement in security practices. Addressing these vulnerabilities will enhance trust, compliance, and user confidence in their digital offerings.

M

Medienfachverlag Johann Oberauer GmbH

oberauer.com

0

Medienfachverlag Johann Oberauer GmbH is a leading media publishing company in the DACH region specializing in journalism, PR, communication, and printing industry publications and events. The company operates multiple industry magazines, organizes prestigious events and awards, and manages digital portals and job platforms targeting media professionals. Technically, the website is built on WordPress with a modern tech stack including jQuery, WP Rocket, and Google Tag Manager, optimized for performance and SEO but currently lacks a valid SSL certificate, which is a critical security gap. The security posture shows good email authentication practices with SPF and DMARC but misses HTTPS enforcement and advanced DNS security features. Overall, the company demonstrates strong market positioning and digital maturity but should urgently address SSL/TLS issues to protect user data and enhance trust.

R

Resonanz Digital

resonanz-marketing.com

0

Resonanz Digital is a well-established digital agency based in Austria, specializing in WordPress websites, online shops, eCommerce solutions, SEO, and Google Ads optimization. With over 20 years of experience and a Google Partner certification, the company targets small and medium-sized enterprises, founders, and individual entrepreneurs primarily in the German-speaking market. Their service portfolio includes web design, development, online marketing, and ongoing maintenance, positioning them as a trusted partner for digital presence creation. Technically, the website is built on WordPress using the Avia Framework and integrates various modern web technologies including jQuery and WP Rocket for performance optimization. The hosting infrastructure appears to be on Google Cloud, providing a reliable platform. The site supports multilingual content via WPML and employs structured data for SEO enhancement. Performance is moderate with room for improvement in load times. From a security perspective, the site has correctly configured SPF and DMARC DNS records, indicating good email authentication practices. However, the lack of a valid SSL certificate and absence of TLS protocols represent significant security weaknesses, exposing users to potential data interception risks. The cookie consent mechanism is implemented, supporting GDPR compliance, but the DMARC policy is set to 'none', which could be strengthened. Overall, Resonanz Digital demonstrates a mature digital presence with strong business credibility and customer trust signals. The main risk lies in the missing HTTPS security layer, which should be addressed promptly to protect user data and enhance trust. Strategic improvements in security posture and performance optimization will further solidify their market position.

R

respACT

respact.at

0

respACT is Austria's leading corporate platform for Corporate Social Responsibility (CSR), providing a comprehensive network and resources for businesses committed to sustainable development. The platform offers events, training, publications, and member services targeting companies and organizations interested in CSR and sustainability. Technically, the website is built on the siteswift CMS framework, leveraging modern JavaScript libraries such as jQuery, Swiper.js, and Macy.js, with analytics powered by Matomo and Brevo. The site implements GDPR-compliant cookie consent via Klaro and maintains a valid SSL certificate with strong TLS configurations. Security posture is generally good, with SPF and DMARC records configured, but improvements such as enabling HSTS, OCSP stapling, and DNSSEC are recommended. Overall, respACT demonstrates a mature digital presence with good content quality and user experience, positioning it as a trusted resource in the Austrian CSR ecosystem.

O

OBJENTIS Software Integration GmbH

objentis.com

0

OBJENTIS Software Integration GmbH is an established Austrian IT service provider specializing in software testing consulting, automation, and training. With over 26 years of experience and a portfolio of notable clients including major banks and insurance companies, OBJENTIS positions itself as a trusted partner in the software lifecycle. Their offerings include consulting solutions, innovative driverless test automation products, and tailored training workshops. Technically, the website is built on WordPress using the Astra theme and Elementor page builder, supported by modern web technologies and plugins for search and cookie management. Security-wise, the domain employs valid SPF and DMARC records with strict policies, supports TLS 1.2 and 1.3, and avoids known SSL vulnerabilities. However, improvements are needed in SSL configuration such as enabling HSTS and OCSP stapling, and publishing a security.txt file. Overall, the site demonstrates good digital maturity and professionalism, with moderate performance and good mobile optimization. The presence of client testimonials, certifications, and social media links enhance trust. Strategic recommendations include enhancing HTTPS security headers, formalizing security policies, and improving transparency around incident response.

C

CDR Austria

cdr-austria.com

0

CDR Austria is a specialized platform and network focused on Digital Ethics and Corporate Digital Responsibility, serving as a hub for knowledge exchange, education, and collaboration among businesses, academia, and society in Austria. The organization positions itself as Austria's largest network for sustainable digitalization, offering services such as training, events, and project support to foster trust and ethical digital transformation. Technically, the website is built on WordPress with Elementor and integrates marketing and analytics tools like HubSpot, but suffers from performance issues and lacks a valid SSL certificate, which impacts security and user trust. The security posture is weak due to missing HTTPS and modern TLS protocols, although SPF records and DNS configurations are properly set. Overall, while the business demonstrates strong market positioning and trust indicators through partnerships and compliance with GDPR, it requires urgent improvements in security infrastructure to protect user data and enhance credibility.

A

Angelbird Technologies GmbH

angelbird.com

0

Angelbird Technologies GmbH operates a professional e-commerce platform specializing in high-performance storage media such as memory cards, SSDs, and custom media solutions tailored for camera and audio professionals. The company positions itself as a niche market leader with a focus on quality and innovation, serving a global audience with a strong presence in Austria. The website demonstrates a solid digital infrastructure with modern web technologies, fast performance, and good mobile optimization. Security posture is generally good with valid SSL certificates, secure cookie practices, and HSTS enabled, though the lack of modern TLS protocols and absence of a cookie consent mechanism indicate areas for improvement. The company maintains active social media channels and provides comprehensive privacy and terms of service documentation, supporting trust and compliance. Overall, Angelbird shows a mature digital presence with room to enhance security and privacy transparency further.

W

Wings for Life

wingsforlife.com

0

Wings for Life is a medium-sized non-profit organization focused on funding spinal cord injury research and supporting life-changing projects worldwide. The organization maintains a strong market position with global outreach and partnerships, including affiliation with Red Bull. Their website is built on modern technologies such as Nuxt.js and Vue.js, hosted on Netlify, and integrates payment processing via Stripe and security via Google reCAPTCHA. The site demonstrates good digital maturity with excellent mobile optimization, accessibility, and SEO practices. Security posture is solid with a valid SSL certificate and HSTS enabled, though it lacks modern TLS protocol support and DNSSEC. Privacy and terms policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the organization presents a professional and trustworthy online presence with room for security enhancements.

D

DEKRA

dekra.at

0

DEKRA Austria GmbH is a prominent provider of safety and certification services in Austria, operating as part of the global DEKRA group founded in 1925. The company offers a broad range of services including vehicle inspections, damage assessments, digital claims management, environmental stickers, occupational safety, hazardous goods consulting, fire protection, and training. Their market position is strong with a comprehensive service portfolio targeting both private and business customers. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, hosted on Azure, and employs advanced security headers and privacy compliance mechanisms. The security posture is robust with valid SSL certificates, HSTS, and strict content security policies, though TLS 1.2/1.3 support could be improved. Overall, DEKRA Austria demonstrates a mature digital presence with good security hygiene and compliance alignment.

D

Die neue Dimension der Geldanlage-Investieren in eine digitale Zukunft

superfund.at

0

The website's security posture is currently weak, with critical and high severity issues impacting key areas such as privacy compliance, security headers, and information security management. Notably, the absence of essential security headers like Strict-Transport-Security and Content-Security-Policy leaves the site vulnerable to man-in-the-middle attacks, clickjacking, and cross-site scripting. GDPR compliance is critically lacking, with no privacy or cookie policies and no consent mechanisms, exposing the business to regulatory fines and reputational damage. Furthermore, the lack of a formal information security framework, incident response procedures, and security policy documentation undermines the organization's ability to manage and respond to cyber threats effectively. While email security, SSL/TLS, DNS health, and network security score moderately well, imminent SSL certificate expiration and missing DNSSEC are concerns. Overall, urgent remediation is required to reduce legal, operational, and cybersecurity risks. Implementing prioritized controls will strengthen defenses, ensure regulatory compliance, and protect customer trust.

The website's security posture is currently weak with multiple critical and high-severity issues that expose the business to significant risks. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and compliance with GDPR and NIS2 regulations. Missing key security headers such as Strict-Transport-Security and Content-Security-Policy leave the site vulnerable to man-in-the-middle attacks and content injection. GDPR compliance is poor, lacking basic cookie policies and consent mechanisms, which can lead to legal penalties and reputational damage. The lack of a formal information security framework, incident response procedures, and security policies indicates immature security governance. While network security and DNS health show some strengths, critical gaps in email security and vulnerability management remain. Overall, immediate remediation is required to protect customer data, ensure regulatory compliance, and maintain stakeholder trust. Failure to act promptly could result in data breaches, legal consequences, and loss of business credibility.

The website https://paldu.com exhibits significant security gaps, particularly in its HTTP security headers, GDPR compliance, and adherence to the NIS2 directive, resulting in an overall unknown risk score. While there are no critical vulnerabilities, multiple high and medium severity issues expose the business to risks such as data breaches, regulatory fines, and reputational damage. Immediate remediation is necessary to strengthen security posture and regulatory compliance.

The website https://posch.com currently exhibits significant security and compliance gaps, particularly in critical HTTP security headers, GDPR adherence, and information security governance. While there are no critical vulnerabilities, multiple high and medium risk issues indicate an elevated risk of data exposure, regulatory non-compliance, and potential exploitation. Immediate attention is required to strengthen security controls and regulatory alignment to protect business reputation and customer trust.