Security Directory

M

Mastodon gGmbH

joinmastodon.com

0

Mastodon gGmbH operates joinmastodon.org, a leading decentralized social media platform emphasizing user control, privacy, and open-source principles. The platform enables users to join or host independent servers, fostering a federated social network free from corporate control and advertising. The business model is non-profit, sustained by public donations and sponsorships, positioning Mastodon as a key player in the decentralized social media space. Technically, the website is built on modern web technologies including React and Next.js, delivering a fast, mobile-optimized, and accessible user experience. Hosting and CDN services are provided by reputable partners such as Fastly, ensuring reliable performance. The site demonstrates good SEO practices and clear navigation, supporting a broad international audience with multiple language options. From a security perspective, the site enforces HTTPS and employs domain transfer protections, though DNSSEC is not enabled. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of explicit security policies, vulnerability disclosure, and cookie consent mechanisms suggests areas for improvement. The WHOIS data is consistent with the organization's identity and domain age, reinforcing legitimacy. Overall, joinmastodon.org presents a trustworthy, professional, and privacy-conscious platform with strong community and technical foundations. Strategic enhancements in security transparency and privacy compliance would further strengthen its posture.

V

Vimcar

vimcar.de

0

Vimcar is a German-based company specializing in digital vehicle management solutions, including digital logbooks, GPS tracking, and fleet management software. The company targets self-employed individuals, fleet managers, and tax advisors, offering SaaS products that simplify vehicle administration and ensure tax compliance. The website is professionally designed, mobile-optimized, and uses modern technologies such as Webflow CMS, Google Tag Manager, and Usercentrics for consent management. Hosting is provided via AWS, ensuring reliable infrastructure. Security posture is strong with HTTPS, security headers, and no exposed sensitive data. However, the absence of explicit privacy policy and terms of service pages, as well as lack of direct contact information, represent areas for improvement. Overall, Vimcar demonstrates a mature digital presence with good trust indicators and certifications, positioning it well in the transportation SaaS market.

F

FORMATION GmbH

tryformation.com

0

FORMATION GmbH is a German technology company specializing in interactive mapping and asset tracking solutions for events, buildings, and industrial environments. Their offerings include QR code-based tracking, hybrid tracking integrating IoT and GPS technologies, and compliance features such as Digital Product Passports and Asset Administration Shells. The company serves a B2B market with notable clients including the German Federal Forces and Bosch, positioning itself as a niche provider with strong industry partnerships. Technically, the website is built using the Hugo static site generator, leveraging modern web technologies such as JavaScript, Google Fonts, and service workers for progressive web app capabilities. The site is well-optimized for performance, mobile responsiveness, and SEO, with integration of analytics and marketing tools like Google Analytics and HubSpot forms. From a security perspective, the site enforces HTTPS, implements cookie consent mechanisms, and uses secure form submission practices. However, it lacks published security policies, incident response contacts, and vulnerability disclosure information. DNSSEC is not enabled, and HTTP security headers are not explicitly detected, suggesting areas for improvement. Overall, the website is professional, trustworthy, and compliant with GDPR, with a strong business credibility and technical maturity. The domain registration data aligns well with the business profile, supporting legitimacy. Strategic recommendations include enhancing security transparency, enabling DNSSEC, and publishing formal security and incident response policies.

P

Pengutronix e.K.

pengutronix.de

0

Pengutronix e.K. is a specialized German company providing embedded Linux consulting, kernel development, open source multimedia solutions, and training services primarily targeting industrial customers developing Linux-based devices. The company maintains a professional and content-rich website that clearly communicates its services and expertise, positioning itself as a niche player in the embedded Linux technology sector. The website is well-structured, mobile-optimized, and uses modern web technologies such as Bootstrap, jQuery, and PhotoSwipe to deliver a good user experience. From a technical perspective, the website employs HTTPS with good SSL configuration, modern JavaScript libraries, and responsive design. SEO practices are well implemented with proper meta tags and Open Graph data. However, some accessibility features could be improved. Security headers are not explicitly detected, and there is no visible security.txt or incident response contact information, which could be enhanced to improve security posture and transparency. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is supported by a comprehensive privacy policy, but the absence of a cookie consent mechanism is a minor gap. Contact information is clearly provided, including email, phone, and physical address, enhancing business credibility. No advertising or tracking services are detected, indicating a privacy-conscious approach. Overall, the website and domain appear legitimate and consistent with the company's business operations. The WHOIS data is minimal but does not raise concerns. The site is safe for general audiences with no adult or questionable content. Strategic recommendations include implementing security headers, adding a cookie consent mechanism, publishing a security.txt file, and providing explicit incident response contacts to further strengthen security and compliance.

O

OpenCage GmbH

opencagedata.com

0

OpenCage GmbH operates a specialized geocoding and geosearch API service that leverages open data sources such as OpenStreetMap to provide worldwide location data conversion. Established in 2013 and headquartered in Berlin, Germany, the company targets developers and enterprises seeking affordable, reliable, and open alternatives to proprietary geocoding services. Their business model includes subscription and pay-as-you-go pricing with a generous free trial, supported by extensive SDKs and tutorials for over 30 programming languages. The website reflects a mature market position with strong trust signals including customer testimonials, corporate memberships, and GDPR compliance. Technically, the website is well-constructed using modern web technologies including Bootstrap and Font Awesome, hosted on Cloudflare infrastructure ensuring fast performance and robust availability. The site is mobile-optimized and accessible, with comprehensive SEO and metadata implementation. Security posture is strong with HTTPS enforced, domain transfer protection, and a dedicated security policy page, although DNSSEC is not enabled and some security headers are not explicitly visible. Privacy compliance is evident with a detailed GDPR policy, but no explicit cookie consent mechanism was detected. Overall, OpenCage demonstrates a high level of digital maturity and business credibility. The security posture is solid with room for minor improvements in DNS security and vulnerability disclosure transparency. The website content is professional, safe, and highly relevant to its target audience. No blocking or WAF challenges were detected, allowing full content analysis. Strategic recommendations include enabling DNSSEC, publishing a security.txt file for vulnerability reporting, implementing a cookie consent mechanism if cookies are used, and enhancing security headers to further harden the site against common web threats.

O

OSBA – Open Source Business Alliance

osb-alliance.com

0

The OSBA – Open Source Business Alliance is a German non-profit association dedicated to promoting digital sovereignty and open source software adoption. The website serves as a hub for news, events, working groups, and member information, targeting public sector entities, enterprises, and open source advocates. The organization positions itself as a leading voice in the German open source ecosystem, emphasizing transparency, innovation, and independence from proprietary vendors. Technically, the website is built on WordPress using the Enfold theme and several plugins such as Modern Events Calendar Lite and Search Filter Pro. Hosting is provided by agenturserver, indicated by the nameservers. The site is moderately performant, mobile-optimized, and SEO-friendly with structured data and Open Graph metadata. No major technical issues or vulnerabilities were detected in the content provided. Security posture is adequate with HTTPS enabled and no exposed sensitive data. However, the site lacks explicit security headers and published security policies or incident response information. Privacy compliance is good with a comprehensive privacy policy present, though no cookie consent mechanism was detected. Business credibility is high given the professional content, consistent branding, and active news updates. Overall, the site is trustworthy and well-maintained, supporting its mission effectively. Enhancements in security headers, incident response transparency, and cookie consent would further strengthen its posture.

H

Heinlein Support GmbH

heinlein-support.de

0

Heinlein Support GmbH is a German-based IT consulting company specializing in Linux expertise, secure communication, and data center solutions. The company offers a range of services including IT administration, consulting, training (Akademie), hosting, and SLA contracts. Their market position is that of a trusted Linux and open source specialist with a strong presence in the German IT sector, supported by multiple customer testimonials and references. The website is professionally designed, mobile-optimized, and provides clear navigation and relevant content targeting IT professionals and enterprises. Technically, the site is built on Drupal 10 with modern JavaScript libraries and is hosted by JPBerlin, a reputable German hosting provider. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers and explicit security policies are missing. Privacy compliance is adequate with a privacy policy and cookie policy present, but lacks a consent mechanism. Overall, the site demonstrates a mature digital presence with moderate tracking via Matomo analytics and a strong focus on trust and professionalism.

R

ReactOS Deutschland e.V.

reactos.org

0

ReactOS Deutschland e.V. operates the ReactOS project, an open-source reimplementation of the Windows operating system aimed at running Windows applications and drivers in a trusted open-source environment. The project targets developers and users interested in an alternative to Windows, leveraging community contributions and donations to sustain development. The website reflects a well-established project with a history dating back to 2000, supported by consistent domain registration and active community engagement through forums, chat, and social media. Technically, the website is built using the Hugo static site generator, Bootstrap framework, and common web libraries such as jQuery and Photoswipe. The site is mobile-optimized with good SEO practices and clear navigation, although accessibility features are basic. Performance is moderate, with no major issues detected. The site uses HTTPS with a valid SSL configuration but lacks DNSSEC and security headers, which are recommended for enhanced security. From a security perspective, the site demonstrates a moderate security posture with HTTPS enabled and domain transfer protection. However, it lacks explicit security policies, incident response contacts, and cookie consent mechanisms, which are important for compliance with privacy regulations such as GDPR. No critical vulnerabilities or malware indicators were found, and the domain registration data supports the legitimacy of the project. Overall, ReactOS.org is a credible and professional website representing a niche open-source technology project. Strategic improvements in privacy compliance, security headers, and explicit security policies would enhance trust and regulatory adherence.

B

Barker Technologies AB and ByteHive

spacecommz.io

0

spacecommz.io is a newly founded technology company (2024) specializing in browser-based communication tools tailored for live video production and broadcast professionals. The platform offers scalable team communication with unlimited spaces and channels, targeting broadcast and live-streaming experts. The business model is subscription-based with weekly, monthly, and yearly pricing options. The website is developed and maintained by Barker Technologies AB and ByteHive, indicating a collaborative partnership. Technically, the site is built using the Astro framework and hosted on Cloudflare, ensuring modern infrastructure and good performance. The site is mobile-optimized and SEO-friendly, with a professional design and clear navigation. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC is not enabled and security headers are missing. Privacy compliance is partially met with a privacy policy and terms of service present, but lacks a cookie consent mechanism. No direct contact emails or phone numbers are provided on the main site, which may impact user trust. Overall, the site is trustworthy and professional but could improve in security headers, privacy consent, and contact transparency.

P

publis.de

appimage.org

0

AppImage.org is an established open source project founded in 2010 and registered under the organization publis.de in Germany. The website provides a platform and tools for packaging Linux desktop applications into portable, self-contained AppImage files that run across multiple Linux distributions without installation. The project targets Linux users and application developers seeking a simplified distribution method. The site features community engagement through forums, live chat, and GitHub repositories, supported by testimonials from notable Linux figures, enhancing its credibility and market position within the Linux ecosystem. Technically, the website employs a modern tech stack including Bootstrap, FontAwesome, jQuery, and embedded YouTube videos, delivering a responsive and user-friendly experience optimized for desktop and mobile. Hosting is stable with a reputable registrar, though DNSSEC is not enabled. The site lacks advanced security headers and privacy policies, indicating areas for improvement in compliance and security posture. No forms or tracking scripts are present, reflecting a privacy-conscious design. Security-wise, the site benefits from HTTPS (assumed from URL), absence of exposed sensitive data, and minimal attack surface due to lack of user input forms. However, missing security headers and lack of documented security or incident response policies suggest moderate security maturity. The WHOIS data is consistent and trustworthy, supporting the legitimacy of the domain and organization. Overall, AppImage.org presents a professional, trustworthy, and technically sound platform with room to enhance privacy compliance and security best practices. Strategic improvements in these areas would strengthen user trust and regulatory adherence.

O

osb international

osb-i.com

0

osb international is a medium-sized consulting firm based in Germany, specializing in systemic consulting, organizational design, leadership development, and change management. The company targets organizations and family businesses, offering coaching, seminars, and strategy consulting services. The website is professionally designed using TYPO3 CMS and modern frontend technologies, providing a good user experience with mobile optimization and clear navigation. The presence of a detailed cookie consent mechanism indicates a commitment to privacy compliance, including GDPR. However, the absence of WHOIS data for the domain www.osb-i.com raises concerns about domain legitimacy and registration status, which should be verified to ensure trustworthiness. Security posture is strong with HTTPS and cookie consent, but the site lacks explicit security policies and incident response information. Overall, the website is functional, professional, and privacy-aware but would benefit from enhanced transparency and verified domain registration.

M

Marcel Hellkamp

bottlepy.org

0

Bottle is an established open source Python micro web-framework project founded in 2011 by Marcel Hellkamp. It targets Python developers seeking a lightweight, dependency-free framework for building web applications. The website serves as comprehensive documentation for the framework, including tutorials, API references, and plugin development guides. The project maintains a niche position in the Python ecosystem, emphasizing simplicity and minimalism. Technically, the site uses static HTML with internal JavaScript for documentation rendering and links to reputable Python-related external resources. The domain is registered with a reputable registrar since 2011, indicating stability and legitimacy. From a security perspective, the site lacks explicit privacy and cookie policies, security headers, and contact information, which lowers its privacy compliance and security posture scores. No forms or data collection mechanisms are present, reducing risk exposure. The absence of WAF or blocking mechanisms allows full content accessibility. The SSL configuration and security headers could not be fully assessed but should be verified and improved. Overall, the site is safe, professional, and trustworthy but would benefit from enhanced privacy and security disclosures. The overall risk is low given the nature of the site as documentation without user data collection. Strategic recommendations include publishing privacy and cookie policies, implementing security headers, enabling DNSSEC, and providing clear contact and incident response information to improve compliance and trust. These steps would enhance the security posture and user confidence without impacting the lightweight nature of the project.

S

SAP Concur

concur.de

0

SAP Concur is a leading enterprise software provider specializing in cloud-based travel and expense management solutions. The website www.concur.de serves the German market with localized content and comprehensive product offerings including expense reporting, travel booking, and budget management. The company is positioned as a market leader with a strong brand presence and a broad partner network. Technically, the site is built on Drupal CMS, uses modern JavaScript frameworks, and integrates advanced monitoring tools like New Relic and TrustArc for consent management, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforcement and cookie consent mechanisms, though explicit security headers and vulnerability disclosure policies are not publicly evident. Overall, the site demonstrates high professionalism, excellent content quality, and compliance with GDPR regulations, supporting SAP Concur's reputation as a trusted enterprise solution provider.

W

Westmetall GmbH & Co. KG

westmetall.com

0

Westmetall GmbH & Co. KG operates as a specialized supplier and trader of non-ferrous metals, including primary metals, wires, cables, semi-finished products, and scrap metals. The company targets businesses in the metal trading and recycling sectors, offering direct access to international metal markets with a focus on price advantages and risk reduction. The website presents a professional and consistent brand image with clear navigation and relevant business content. Technically, the website is built using depage-cms v2.6.1 with standard HTML, CSS, and JavaScript. The site shows moderate performance and basic mobile optimization. SEO practices are adequately implemented with proper meta tags and keywords. However, no advanced analytics or tracking technologies are detected, indicating a minimal user tracking approach. From a security perspective, the site lacks visible security headers and cookie consent mechanisms, which are important for GDPR compliance and overall security posture. The WHOIS data is missing, which raises concerns about domain legitimacy and trustworthiness. No contact emails or phone numbers are explicitly provided on the homepage, limiting direct communication channels. Overall, the website is functional and business-appropriate but would benefit from enhanced security measures, improved privacy compliance, and clearer contact information to strengthen trust and credibility.

P

Polarstern Energie

polarstern-energie.de

0

Polarstern Energie operates as a renewable energy provider in Germany, offering 100% clean electricity and gas sourced sustainably. The company positions itself as a committed player in the global energy transition, targeting environmentally conscious consumers. Their website reflects a professional and consistent brand image with clear messaging about their services and mission. Technically, the site is built using modern frameworks such as Nuxt.js, hosted on Azure DNS infrastructure, and integrates third-party tools like Cookiebot for consent management and Zoho SalesIQ for customer engagement. Security posture is solid with HTTPS enforced and no visible vulnerabilities, although some security headers could be improved. Privacy compliance is well addressed with comprehensive policies and active consent mechanisms. Overall, the website demonstrates a mature digital presence suitable for a medium-sized energy company.

B

Bundesverband Naturkost Naturwaren e.V.

n-bnn.de

0

BNN e.V. is a German non-profit association dedicated to promoting ecological and sustainable practices in the organic food and natural products sector. The website serves as an information hub for members and the public, offering news, policy positions, quality assurance services, and market data. The organization maintains a strong presence in the organic food industry with active engagement through social media and regular updates. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and SEO optimizations, providing a good user experience and mobile responsiveness. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security policies and headers could be improved. Overall, the site is trustworthy, professional, and compliant with GDPR requirements.

O

On-Apply GmbH

onapply.de

0

OnApply is a German-based SaaS company specializing in recruiting and applicant management software designed to streamline the hiring process for businesses. Founded in 2012, it offers a comprehensive platform that includes job posting management, applicant tracking, interview scheduling, analytics, and team collaboration tools. The company positions itself as an easy-to-use solution for HR professionals and recruiters, with a strong emphasis on GDPR compliance and data security. The website reflects a mature digital presence with positive user ratings and clear business information. Technically, OnApply leverages modern web technologies including Webflow CMS, Amazon AWS hosting, Google Tag Manager, and Cloudflare Turnstile captcha for security. The site is well-optimized for performance, mobile responsiveness, and accessibility, indicating a high level of digital maturity. The use of structured data and comprehensive metadata supports SEO and user experience. From a security perspective, the website enforces HTTPS, employs bot protection, and provides cookie consent mechanisms aligned with GDPR. While explicit security headers are not fully confirmed, the overall posture is strong with no visible vulnerabilities or exposed sensitive data. However, the absence of a public vulnerability disclosure or incident response contact is noted. Overall, OnApply presents a low-risk profile with a professional and trustworthy online presence. Strategic recommendations include enhancing security header implementation, publishing vulnerability disclosure policies, and improving transparency on data retention and incident response to further strengthen trust and compliance.

T

tegut... gute Lebensmittel GmbH & Co. KG

tegut.com

0

tegut... gute Lebensmittel GmbH & Co. KG is a well-established German supermarket chain operating approximately 350 stores across six federal states. The company specializes in offering a wide range of quality food products, including regional, organic, vegan, and vegetarian options, emphasizing sustainability and transparency since its founding in 1947. The website reflects a mature digital presence with comprehensive content, customer engagement features such as a loyalty program (tebonus), recipe collections, and nutritional plans. Technically, the site is built on TYPO3 CMS, employs modern JavaScript libraries, and integrates multiple marketing and analytics tools while maintaining GDPR compliance through a consent management platform. Security posture is strong with HTTPS enforcement and privacy controls, although explicit security headers could be improved. Despite the absence of WHOIS registration data, the website's professionalism, certifications, and trust signals indicate a legitimate and credible business. Overall, tegut demonstrates a robust online presence aligned with its brand values and customer expectations.

A

ALECO GmbH

aleco.bio

0

ALECO GmbH is a well-established organic supermarket chain operating in the northwest region of Germany, with a history spanning over 25 years since its founding in 1989. The company focuses on providing a fully ecological product range with a strong emphasis on freshness, targeting consumers interested in organic and sustainable products. Their business model centers on retail through multiple physical store locations, supported by customer loyalty programs and active recruitment efforts. Technically, the website employs modern tracking technologies such as Google Tag Manager and Google Analytics, and uses Swiper.js for interactive content. The site is mobile-optimized with good SEO practices and basic accessibility features. Performance is moderate, with no critical technical issues detected. However, no CMS or hosting provider details are explicitly identified. From a security perspective, the website enforces HTTPS and implements a cookie consent banner, indicating awareness of privacy regulations. However, it lacks advanced security headers and does not publish explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is unavailable due to privacy protection or malformed queries, but the website's legitimacy is supported by consistent branding, multiple store locations, and active social media presence. Overall, ALECO GmbH presents a credible and professional online presence with moderate technical maturity and a good security posture. Strategic improvements could include enhancing security headers, publishing security policies, and providing clearer contact information such as phone numbers to further strengthen trust and compliance.

E

ebl-naturkost GmbH & Co. KG

ebl-naturkost.de

0

ebl-naturkost GmbH & Co. KG operates as a regional organic food retailer in Germany, emphasizing sustainable, high-quality, and natural products sourced from regional and biologically certified farms. The company maintains a strong market position within the organic retail sector, offering weekly and monthly promotional offers through both physical markets and an online presence. Their target audience includes consumers seeking organic and regional food products. Technically, the website is built on the Shopware CMS platform, hosted by Timme Hosting, and incorporates modern web technologies with responsive design and SEO best practices. The site uses Google Analytics with IP anonymization and implements a cookie consent mechanism, reflecting a good level of digital maturity and privacy awareness. Security posture is solid with HTTPS enforced, though some security headers and explicit security policies are absent. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, with room for improvement in security transparency and incident response readiness.

T

tegut... gute Lebensmittel GmbH & Co. KG

basicbio.de

0

tegut... gute Lebensmittel GmbH & Co. KG is a well-established German supermarket chain operating approximately 350 stores across six federal states. The company specializes in offering a wide range of products including regional foods, organic (Bio) products, vegan and vegetarian options, and items adhering to their Reinheitsversprechen (purity promise). Founded in 1947, tegut... emphasizes sustainability, fairness, and transparency as core business values. Their business model focuses on retailing quality food products with a strong commitment to environmental and social responsibility. The website reflects a mature digital presence with comprehensive customer engagement features such as a loyalty program (tebonus), recipe collections, and an online shop.

B

BIO COMPANY SE

biocompany.de

0

BIO COMPANY SE operates as a regional organic supermarket chain primarily serving Berlin, Brandenburg, and Sachsen since 1999. The company focuses on providing high-quality, sustainable, and regional organic food products, supported by a strong online presence including an e-commerce shop, newsletter, and customer loyalty programs. Their market position is that of a trusted regional leader in organic retail with a medium-sized business footprint. Technically, the website employs modern web technologies such as Bootstrap, jQuery, and Swiper.js, alongside specialized services like Matomo for analytics, Brevo for newsletters, and Uberall for store location mapping. The site is hosted on rzone.de infrastructure and uses a MODX CMS platform. Performance and mobile optimization are good, with a comprehensive cookie consent mechanism ensuring GDPR compliance. From a security perspective, the site enforces HTTPS, uses Google reCAPTCHA to protect forms, and manages cookie consent effectively. However, it lacks publicly available formal security policies and incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. The domain registration data is consistent with the business claims, indicating legitimacy and trustworthiness. Overall, BIO COMPANY SE's website is professional, secure, and compliant with privacy regulations, supporting its business credibility and customer trust. Strategic improvements could focus on publishing formal security policies and enhancing security headers to further strengthen the security posture.

D

Denns BioMärkte

denns-biomarkt.de

0

Denns BioMärkte operates as a large-scale organic retail chain in Germany, offering a comprehensive range of organic products including food, fresh produce, bakery items, ecological drugstore goods, and natural cosmetics. The company is part of the BioMarkt Verbund, a recognized network of organic markets, and emphasizes certified organic products from reputable associations such as Bioland, Biokreis, Naturland, and Demeter. The website reflects a professional retail business model targeting general consumers interested in organic and ecological products. Technically, the website is built using modern frameworks like React and Gatsby, hosted on Microsoft Azure DNS infrastructure, and incorporates essential marketing and tracking tools such as Google Tag Manager and Facebook Pixel. The site includes a cookie consent mechanism via Cookiebot, indicating compliance efforts with GDPR regulations. Security-wise, while HTTPS is implied and cookie consent is implemented, the site lacks visible advanced security headers and formal security policies or incident response contacts. No blocking or WAF challenges were detected, allowing full content access. Overall, the website demonstrates a good balance of business credibility, technical implementation, and privacy compliance, with room for improvement in security policies and transparency.

C

Celax & Partners

celax.asia

0

Celax & Partners is a small technology outsourcing company specializing in web design, e-commerce, app development, and digital marketing services primarily targeting German-speaking clients. The company emphasizes cost-effective outsourcing solutions with in-house teams based in Bali, Indonesia, and has over 25 years of experience. Their market position is that of an established provider offering comprehensive digital services including SEO, booking systems, and loyalty programs. Technically, the website is built on a modern WordPress stack using Elementor and Astra theme, with privacy-conscious analytics via Matomo. The site is well-structured, mobile-optimized, and provides clear contact channels including phone and WhatsApp. Security posture is good with HTTPS and no exposed sensitive data, though security headers and formal policies are lacking. Overall, the website is professional and trustworthy with room for improvement in privacy compliance and security best practices.

G

Gastronovi GmbH & Co. KG

gastronovi.com

0

Gastronovi GmbH & Co. KG operates a professional and comprehensive cloud-based software platform tailored for the gastronomy industry, offering modules for point of sale, inventory management, marketing, guest services, and payment processing. The company targets gastronomy businesses seeking digital transformation and operational efficiency. The website is well-designed, mobile-optimized, and rich in content, reflecting a mature digital presence. Technically, the site leverages TYPO3 CMS, Bootstrap, and modern JavaScript libraries, with integration of third-party services such as Google Tag Manager and Calendly. Security posture is good with HTTPS enforced and cookie consent mechanisms implemented, though some security headers could be improved. WHOIS data is unavailable, which is unusual but the website's professionalism and trust signals mitigate concerns. Overall, the site demonstrates a strong business and technical foundation with minor areas for security enhancement.

M

Mary Kay

marykayintouch.de

0

Mary Kay InTouch Germany is a regional portal for Mary Kay consultants and customers, providing access to product ordering, promotions, and support. The site is built on Salesforce Experience Cloud, leveraging Salesforce Lightning Web Components and integrates multiple payment and analytics services such as Stripe, PayPal, Adyen, and Google Analytics. The technical infrastructure is modern and hosted on AWS, ensuring reliable performance and scalability. Security measures include HTTPS, a strict Content-Security-Policy, and cookie consent mechanisms, although explicit privacy and terms of service pages were not found in the provided content. The site is mobile optimized and presents a professional, branded experience consistent with Mary Kay's global presence.

The website marykaypromotion.de is a small German-language blog focused on philosophy topics. It is built on WordPress and hosted on German nameservers provided by netclusive.de. The site contains minimal content, primarily a single blog post and a contact button without a linked form or email address. There are no privacy, cookie, or terms of service policies present, and no explicit business or company information is provided. Technically, the site uses standard WordPress technologies and modern web fonts, with basic mobile optimization and accessibility features. Security posture is weak due to the absence of security headers, incident response contacts, and published security policies. No analytics or advertising tools are detected, indicating minimal user tracking. Overall, the site is accessible without WAF or blocking mechanisms and contains safe content suitable for a general audience.

M

Mary Kay

marykay.de

0

Mary Kay Germany operates a comprehensive e-commerce platform focused on beauty and skincare products, leveraging Salesforce Commerce Cloud technology. The website is well-integrated with multiple payment providers and marketing tools, targeting German-speaking consumers. The technical infrastructure is modern, with good performance and mobile optimization. Security posture is strong with HTTPS, CSP, and secure cookie usage, though explicit security policies and incident response information are not publicly available. Privacy compliance is well addressed with clear privacy and cookie policies including consent mechanisms. Overall, the website presents a professional and trustworthy digital presence consistent with Mary Kay's global brand.

gutefrage.net is the largest German-speaking question-and-answer platform, facilitating community-driven knowledge exchange among millions of users. The platform emphasizes anonymity and quick responses, serving a broad general audience primarily in Germany. The website demonstrates a good level of content quality, with a professional design and clear navigation, optimized for mobile devices. Technically, it employs modern web technologies including JavaScript and CSS, and integrates a consent management platform to ensure GDPR compliance. However, some security headers and detailed WHOIS data are missing, which slightly impacts the overall security posture assessment. Privacy policies and cookie consent mechanisms are well implemented, reflecting a strong commitment to user data protection. Overall, gutefrage.net presents a trustworthy and professional online presence with room for technical and security enhancements.

S

Skratch Labs

skratchlabs.eu

0

Skratch Labs operates a professional e-commerce website focused on sports nutrition products tailored for endurance athletes in Europe. The website presents a clear business model centered on retailing natural ingredient-based nutrition supplements with a strong emphasis on quality and flavor. The company targets a niche market of endurance athletes, positioning itself as an expert in sports nutrition with a European focus. The website content is well-structured, with comprehensive privacy and cookie policies, and uses Shopify as its e-commerce platform, leveraging modern technologies and integrations such as Klaviyo for marketing and Apple Pay for payments. Technically, the site is well-optimized for performance and mobile responsiveness, with good SEO and accessibility practices.

N

Naturpark Zittauer Gebirge e. V.

naturpark-verein.de

0

Naturpark Zittauer Gebirge e. V. operates a regional nature park website focused on promoting the unique cultural and natural landscape of the Zittauer Gebirge region in Saxony, Germany. The site provides information on nature experiences, educational programs, events, and regional development initiatives, targeting tourists, local residents, and educational institutions. The organization appears to be a small non-profit entity dedicated to environmental and cultural preservation. Technically, the website is built on the BLUEPAGE-CMS platform with modern JavaScript libraries such as jQuery and bxSlider, and employs lazy loading for images to optimize performance. The site is mobile responsive and uses HTTPS with a valid SSL configuration. Cookie consent mechanisms are implemented to comply with GDPR requirements, and privacy is respected by using YouTube's nocookie domain for embedded videos. From a security perspective, the website enforces HTTPS and includes a cookie consent banner with granular controls, but lacks explicit security headers and incident response contact information. No vulnerabilities or exposed sensitive data were detected. The WHOIS data indicates consistent domain registration and hosting with no suspicious patterns. Overall, the site demonstrates a good security posture for its size and purpose. The overall risk is low given the nature of the business and the absence of critical security issues. Strategic recommendations include enhancing security headers, publishing a security policy or incident response contact, and maintaining regular audits of third-party scripts to further strengthen security and trust.

T

The Boeing Company

boeing.de

0

The Boeing Company’s German website serves as a regional portal highlighting its significant presence and contributions to the German aerospace industry. The site emphasizes Boeing’s role in supporting over 1,000 direct employees and more than 23,000 jobs in the German supply chain, focusing on sustainable growth and advanced technology partnerships. The website is professionally designed with consistent branding and offers multi-regional language navigation, reflecting Boeing’s global footprint. Technically, the site leverages Adobe Experience Manager as its CMS, integrates Brightcove for video content, and uses Google Tag Manager for analytics, indicating a mature digital infrastructure. Security-wise, the site uses HTTPS and implements cookie consent mechanisms but lacks visible security headers and explicit security policies, suggesting room for improvement in transparency and security posture. Overall, the site is trustworthy and professional but would benefit from enhanced privacy disclosures and security documentation.

B

Beyond Foundation

beyond-foundation.org

0

Beyond Foundation is a German non-profit organization established in 2013, focusing on cultural and therapeutic projects that connect people through music and promote intercultural understanding, awareness, dialogue, and respect. The website presents a professional and consistent brand image with good content quality and user experience, targeting a general audience interested in cultural and therapeutic arts. Technically, the site uses modern JavaScript libraries such as Flickity for carousels and integrates Cookiebot for GDPR-compliant cookie consent management, indicating a moderate level of digital maturity. Security posture is adequate with domain registration protections and cookie consent mechanisms, but lacks visible advanced security headers and explicit security policies. Overall, the site is safe, trustworthy, and compliant with privacy regulations, though it would benefit from publishing privacy and terms of service documents and enhancing security headers.

H

Hutschn GbR

creativealps.org

0

creativeALPS is a small, specialized consultancy and research organization focused on sustainable economic and societal development in the Alpine region. They serve private, public, and social sector clients by providing research, advisory, and project implementation support. The website is professionally designed using modern web technologies such as Webflow and integrates security features like Google reCAPTCHA and GDPR-compliant cookie consent mechanisms. While the website demonstrates good security practices including HTTPS and form protection, it lacks explicit security headers and publicly available WHOIS domain registration data, which slightly reduces trustworthiness. Overall, the site is accessible, well-structured, and provides clear contact information, supporting a positive business credibility profile.

RWS Technology is a well-established German manufacturer specializing in ammunition products including rifle cartridges, rimfire cartridges, pistol cartridges, air rifle pellets, and reloading components. With a history dating back to 1855 and exclusive production in Germany, the company targets hunters and sport shooters, positioning itself as a premium brand in the ammunition manufacturing sector. The website reflects a professional and consistent brand image with multilingual support and active social media engagement. Technically, the website is built on TYPO3 CMS and hosted by Vautron Rechenzentrum AG. It demonstrates moderate performance and good mobile optimization. SEO and accessibility are adequately addressed, though some improvements in accessibility could be made. The site uses modern web technologies but lacks DNSSEC and explicit security headers, which are recommended for enhanced security. From a security perspective, the site uses HTTPS but does not show advanced security headers or incident response contacts. Privacy compliance is strong with a clear privacy policy, cookie consent mechanism, and GDPR adherence. However, no terms of service or vulnerability disclosure policies are found, and direct contact emails or phone numbers are not publicly listed, which could impact user trust. Overall, the website is professional and trustworthy with room for security and compliance enhancements. Strategic improvements in security headers, DNSSEC, and clearer contact information would strengthen the security posture and user confidence.

A

Axel Springer Deutschland GmbH

lesershop24.de

0

Lesershop24.de is the official subscription e-commerce platform for Axel Springer Deutschland GmbH, offering a wide range of newspaper and magazine subscriptions. The website targets German-speaking customers seeking reliable and secure subscription services for well-known publications such as BILD, DIE WELT, and AUTO BILD. The platform emphasizes direct ordering from the publisher, secure payment options, and attractive premiums, positioning itself as a trusted and professional service in the media subscription market. Technically, the site is built on Magento Commerce, leveraging modern JavaScript frameworks and CDN services from Akamai, ensuring good performance and mobile optimization. Security posture is strong with HTTPS enforcement, secure payment logos, and cookie consent mechanisms, although explicit security headers and a published security policy are not evident. Privacy compliance is robust, with a comprehensive privacy policy and active consent management. Overall, the site demonstrates high professionalism, trustworthiness, and business credibility, suitable for its target audience and business model.

I

International Shooting Sport Federation - ISSF

issf-sports.org

0

The International Shooting Sport Federation (ISSF) operates as the global governing body for Olympic shooting sports, providing governance, event organization, athlete rankings, and promotional activities. The website serves athletes, officials, and shooting sport enthusiasts with comprehensive news, event calendars, and educational resources. The ISSF maintains a strong market position as the authoritative organization in its niche, supported by partnerships with Olympic and anti-doping agencies. Technically, the website is built on a modern Next.js and React stack, delivering fast performance and excellent mobile optimization. The site employs HTTPS and a cookie consent mechanism, reflecting a mature digital infrastructure. However, some security best practices such as DNSSEC and security headers could be improved. From a security perspective, the site shows good posture with no visible vulnerabilities or exposed sensitive data. The absence of explicit security policies or incident response contacts is a gap. Privacy compliance is well addressed with a clear privacy and cookie policy, including GDPR consent mechanisms. Overall, the ISSF website is professional, trustworthy, and well-aligned with its organizational identity. Strategic improvements in security transparency and contact information would enhance trust and compliance further.

N

Naturpark Zittauer Gebirge e. V.

naturpark-zittauer-gebirge.de

0

Naturpark Zittauer Gebirge e. V. operates as a non-profit organization dedicated to preserving and promoting the unique cultural and natural landscape of the Zittauer Gebirge region in Saxony, Germany. The website serves as an informational portal offering details about nature experiences, educational programs, regional development, and recreational opportunities. The organization targets nature enthusiasts, families, schools, and tourists interested in the cultural and natural heritage of the area. The business model focuses on conservation, education, and community engagement rather than commercial activities. Technically, the website is built on the proprietary BLUEPAGE-CMS platform and utilizes modern web technologies including jQuery, lazy loading for images, and responsive design tailored for desktop, tablet, and mobile devices. Hosting is provided via kasserver.com nameservers. The site demonstrates moderate performance and good SEO practices, though accessibility features are basic. No advanced analytics or tracking tools are detected, reflecting a privacy-conscious approach. From a security perspective, the website enforces HTTPS and implements a cookie consent mechanism compliant with GDPR. However, it lacks explicit security headers and published incident response or vulnerability disclosure policies. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data is limited but does not raise immediate concerns. Overall, the security posture is good but could be improved with additional headers and transparency. The overall risk assessment is low given the nature of the organization and the content provided. Strategic recommendations include enhancing security headers, publishing incident response contacts, and considering a vulnerability disclosure policy to improve trust and security culture. The website is professional, trustworthy, and well-suited for its audience and purpose.

3

3mag

3mag.eu

0

3mag is a regional multilingual magazine serving the three-country border region of Germany, Czech Republic, and Poland. It focuses on cultural events, lifestyle, and regional stories, targeting residents and visitors interested in the Neisse Euroregion. The website is professionally designed with good content quality and clear navigation, supporting multiple languages and featuring a rich set of articles and event information. Technically, the site uses modern web technologies including JavaScript, CSS, and Matomo analytics, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though it lacks some security headers and a formal security policy. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and well-positioned as a niche regional media outlet.

L

Landkreis Görlitz

gis-lkgr.de

0

The website gis-lkgr.de serves as the official geoportal for Landkreis Görlitz, a regional government entity in Germany. It provides a comprehensive set of geographic information system (GIS) services including parcel and address searches, map printing, coordinate tools, and access to OGC services. The portal targets residents, local government officials, planners, and public users interested in geographic and cadastral data of the Landkreis Görlitz region. The business model is a public service offering free access to official geographic data, positioning itself as a trusted government resource. Technically, the website is built using ExtJS 4 framework and proprietary GIS software components (cardo.Map3Lib). It employs AJAX for dynamic content loading and uses HTTPS for secure communication. The site demonstrates moderate performance and basic mobile optimization. Accessibility and SEO optimizations are present but could be improved. The content is well-structured and professionally presented, with consistent branding aligned with Landkreis Görlitz. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data in its HTML content. However, it lacks several recommended security headers such as Content-Security-Policy and X-Frame-Options. There is no visible cookie consent mechanism, which is a GDPR compliance gap. Incident response and security policies are not explicitly provided. No vulnerabilities or suspicious domains were detected. Overall, the security posture is adequate but could benefit from enhancements. The overall risk assessment is low, with the site appearing trustworthy and legitimate as an official government portal. Strategic recommendations include implementing security headers, adding cookie consent mechanisms, providing explicit security and incident response policies, improving mobile responsiveness, and regularly auditing third-party libraries. These steps will enhance compliance, security posture, and user trust.

L

Landkreis Görlitz

landkreis.gr

0

Landkreis Görlitz operates an official regional government website providing comprehensive information and services related to district administration, economy, tourism, education, and social affairs. The site targets residents and visitors of the Landkreis Görlitz region in Germany, offering multilingual content and online citizen services including appointment scheduling and online applications. The website is built on the active-City CMS platform and employs modern JavaScript libraries such as jQuery and Klaro for cookie consent, alongside Matomo for privacy-conscious analytics. From a technical perspective, the website demonstrates moderate performance and basic mobile optimization. Accessibility features are present but could be improved. Security practices include the use of S/MIME certificates for secure email communication and a GDPR-compliant cookie consent mechanism. However, the site lacks explicit HTTP security headers, a published security policy, and a vulnerability disclosure program, which are areas for improvement. Overall, the website is trustworthy and professional, with clear contact information and consistent branding. The domain registration data aligns well with the website content, supporting legitimacy. The security posture is adequate but could be enhanced by implementing recommended best practices. Privacy compliance is good, reflecting adherence to GDPR requirements. Strategic recommendations include enhancing security headers, publishing security and incident response policies, improving mobile and accessibility features, and establishing a vulnerability disclosure process to strengthen the site's security maturity and user trust.

N

net-Com AG

active-city.net

0

net-Com AG operates as a specialized provider of municipal content management systems (CMS) and portal software, branded as active-City. The company targets public sector clients such as municipalities, cities, and counties, offering modular and scalable solutions to manage and present local government information online. With over 200 administrations in Germany and abroad as customers, net-Com AG holds a strong market position as a leader in the municipal CMS sector. Their offerings include a comprehensive suite of modules for citizen services, news, event management, and mobile apps, supporting modern multichannel content distribution.

L

Landkreis Görlitz

kreis-goerlitz.de

0

Landkreis Görlitz operates an official regional government website providing comprehensive information about district administration, services, tourism, education, and social topics. The site targets residents and visitors of the Görlitz district in Germany, offering multilingual content and online services such as appointment scheduling and online applications. The website is built on the active-City CMS platform and incorporates modern web technologies including jQuery, Klaro for cookie consent, and Matomo for privacy-focused analytics. Hosting is provided by plesk11.ncserve.de. Security practices include the use of S/MIME certificates for secure email communication and a cookie consent mechanism compliant with GDPR. However, explicit security headers and vulnerability disclosure policies are not evident, suggesting room for improvement in security posture. Overall, the website is professional, trustworthy, and serves as a reliable information portal for the district.

Z

Zittauer Stadtentwicklungsgesellschaft mbH

stadtentwicklung-zittau.de

0

The Zittauer Stadtentwicklungsgesellschaft mbH is a small, regionally focused municipal development company established in 1992, specializing in city and regional development, tourism, and urban renewal in Zittau, Germany. The website reflects a professional and consistent brand presence with clear navigation and relevant content targeting local citizens, businesses, and public institutions. Technically, the site uses a modern tech stack including Bootstrap and jQuery, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS and cookie consent mechanisms, though lacking explicit security headers and incident response information. Overall, the domain and website appear legitimate and trustworthy with no signs of blocking or suspicious activity.

M

Marketing-Gesellschaft Oberlausitz-Niederschlesien mbH

oberlausitz.com

0

The website www.oberlausitz.com serves as the official regional tourism marketing platform for the Oberlausitz region in Germany. It provides comprehensive information about cultural heritage, nature, family activities, events, and accommodation options, targeting tourists and families interested in exploring the region. The site is professionally designed with consistent branding and rich content, including multilingual support and extensive multimedia galleries. Technically, it is built on TYPO3 CMS with modern JavaScript libraries and includes GDPR-compliant cookie consent mechanisms and analytics tracking via Matomo and Google Analytics. Security posture is good with HTTPS enforced and secure forms, though some security headers could be improved. The absence of WHOIS registration data for the domain is a notable concern, reducing trust from a domain legitimacy perspective, but the website content and external references strongly indicate a legitimate official entity. Overall, the site is a well-maintained, user-friendly, and trustworthy resource for regional tourism promotion.

S

Stadt Zittau

zittau.de

0

The website zittau.de serves as the official digital presence of the city of Zittau, Germany. It provides comprehensive information and services related to tourism, culture, citizen services, education, and economic development. The site targets residents, tourists, and businesses within the Dreiländerregion, offering event calendars, administrative resources, and city news. The business model is that of a government portal, focusing on public service and information dissemination. Technically, the site is built on Drupal CMS, employs Matomo for privacy-respecting analytics, and uses modern web technologies such as FontAwesome and CookiesJSR for cookie management. The site is mobile-optimized and accessible, with good SEO practices and structured navigation. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though additional security headers could enhance protection. No critical vulnerabilities or exposed sensitive data were found. Privacy compliance is robust, with clear privacy and cookie policies and GDPR adherence. Business credibility is high given the official nature of the site and consistent branding. Overall, the site scores well on content quality, technical implementation, security, privacy, and business credibility, making it a trustworthy and professional municipal website.

A

AUTO BILD

autobild.de

0

AUTO BILD operates a comprehensive German-language automotive portal offering test reports, car market listings, and buying advice. The website serves a large audience of automotive consumers and enthusiasts, providing extensive content including news, reviews, and a used car marketplace with over 700,000 listings. The platform is well-positioned in the German automotive media sector with a strong brand presence and professional digital infrastructure. Technically, the website employs modern JavaScript frameworks (likely Vue.js), uses a robust CDN and DNS provider (Akamai), and integrates advanced consent management for GDPR compliance. The site is mobile-optimized, fast-loading, and SEO-friendly, reflecting a mature digital presence. From a security perspective, the site enforces HTTPS, uses security headers, and manages user consent effectively. However, it lacks publicly accessible privacy policies, terms of service, security policies, and incident response contacts, which are important for compliance and user trust. No critical vulnerabilities or suspicious WHOIS patterns were detected, indicating a legitimate and secure operation. Overall, AUTO BILD's website is a professional, trustworthy, and content-rich platform with room for improvement in transparency and compliance documentation.

The website represents the Tourismuszentrum Naturpark Zittauer Gebirge GmbH, a regional tourism organization promoting the Zittauer Gebirge area in Oberlausitz, Germany. It provides comprehensive information on outdoor activities, cultural events, family vacations, and accommodation options, targeting tourists and families interested in nature and regional culture. The site is well-structured with clear navigation and localized content in German. Technically, the site uses a modern stack including jQuery, Slick Slider, Matomo analytics, and Elfsight widgets, running on the Contao CMS platform. The hosting and domain registration are stable and transparent, with no privacy protection, indicating legitimacy. Security posture is adequate with HTTPS and domain transfer protection, but lacks advanced security headers and explicit security policies. Privacy compliance is good with a visible privacy policy and cookie consent mechanism. Overall, the site is professional, trustworthy, and suitable for its audience.

B

Bundesanstalt für Straßen- und Verkehrswesen

bast.de

0

The Bundesanstalt für Straßen- und Verkehrswesen (BASt) is a German federal government research institute specializing in road and traffic safety, infrastructure, vehicle technology, and traffic engineering. It operates under the Federal Ministry for Digital and Transport and provides authoritative research, publications, and quality assessments to support transportation infrastructure and safety in Germany. The website serves as a comprehensive portal for research outputs, news, and public information targeting professionals, government bodies, and the general public. Technically, the website is built on the Government Site Builder CMS, featuring modern HTML5, CSS3, and JavaScript technologies. It is well-optimized for mobile devices, accessible, and SEO-friendly. The site uses HTTPS with excellent SSL configuration, though security headers are not explicitly detected in the HTML content. Privacy and cookie policies are clearly presented with GDPR compliance, and a cookie consent mechanism is implemented. From a security perspective, the site shows good practices with no visible vulnerabilities or exposed sensitive data. However, it lacks a published security policy or incident response contact details and does not provide a security.txt file for vulnerability disclosures. The domain registration and DNS setup align with German government and research networks, reinforcing legitimacy and trustworthiness. Overall, the BASt website is a professional, trustworthy, and secure government portal with excellent content quality and user experience. Strategic improvements could include enhancing security headers and publishing explicit security policies to further strengthen its security posture.

D

DMSB – Deutscher Motor Sport Bund e.V.

bahnsport-deutschland.de

0

Bahnsport Deutschland is the official website for the German motor sports federation's Bahnsport discipline, operated by the Deutscher Motor Sport Bund e.V. The site serves as a comprehensive information hub for enthusiasts, athletes, and clubs involved in motor sports in Germany, providing news, event schedules, results, and official documents. The website demonstrates a solid market position as a national governing body platform with a clear focus on accessibility and user experience. Technically, the site is built on TYPO3 CMS, employs modern web standards, and integrates accessibility tools to support diverse user needs. Security posture is strong with HTTPS enforcement, security headers, and bot protection via Google reCAPTCHA, though explicit security policies and incident response contacts are not published. Overall, the site is professional, trustworthy, and compliant with GDPR, though improvements could be made in transparency around security and vulnerability disclosures.