Security Directory

Haimer GmbH is a well-established German manufacturing company specializing in precision tool holding products and related services for the machining industry. With over 23 years of domain presence and a global workforce exceeding 800 employees, Haimer offers comprehensive solutions including tool management, calibration, and training. The website reflects a mature digital presence with extensive product catalogs, service offerings, and customer engagement channels. Technically, the site uses modern technologies such as Pimcore CMS, Google Analytics, and Cookiebot for consent management, ensuring a good user experience and compliance with privacy regulations. However, the absence of a valid SSL/TLS certificate significantly impacts the security posture, exposing users to risks and limiting trust. Security headers are properly configured, but the lack of HTTPS is a critical issue. Overall, the business credibility and privacy compliance are strong, but immediate remediation of SSL issues is recommended to enhance security and user trust.

I

Interview Network Solutions GmbH

interviewns.de

0

Interview Network Solutions GmbH operates a professional website offering advanced IT monitoring solutions, primarily through their SharkMon platform and related services. The company targets IT professionals and enterprises seeking comprehensive network traffic analysis, protocol support, and incident management tools. The website is built on WordPress with the Divi theme and includes multiple plugins for SEO, analytics, and cookie consent. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. Cookie consent mechanisms are implemented, but no explicit privacy policy or terms of service pages are found. Contact information is clearly provided, enhancing business credibility. Overall, the site demonstrates good content quality and business professionalism but requires urgent security improvements.

C

Continental AG

continental-corporation.com

0

Continental AG is a well-established multinational technology and manufacturing company specializing in sustainable and connected mobility solutions. Founded in 1871 and headquartered in Germany, the company offers a broad portfolio including automotive technologies, tires, and ContiTech products. The website reflects a mature digital presence with comprehensive corporate, investor, and sustainability information targeting investors, job seekers, and business partners. Technically, the site is built on TYPO3 CMS and hosted likely on AWS infrastructure, with modern JavaScript and CSS usage. However, a critical security weakness is the lack of a valid SSL certificate and disabled TLS protocols, which severely impacts the security posture. Security headers are mostly present but some, like X-XSS-Protection, are disabled. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but urgently needs to address HTTPS and SSL issues to ensure secure user interactions.

C

Certified Senders Alliance

certified-senders.org

0

Certified Senders Alliance (CSA) is a technology-focused organization operating as a central whitelisting authority for commercial email senders and mailbox providers. Their primary mission is to improve the quality and deliverability of commercial emails such as newsletters, invoices, and order confirmations, while protecting recipients from spam and abuse. CSA offers certification services, monitoring tools, and data insights to help email service providers and senders maintain high reputation and compliance standards. The organization is positioned as a trusted intermediary in the email marketing ecosystem, supported by testimonials from major industry players and operated under the eco Association of the Internet Industry in Germany. Technically, the website is built on WordPress with common web technologies including Bootstrap, jQuery, and Font Awesome. It uses plugins for cookie consent (Borlabs Cookie) and bot protection (hCaptcha). However, the site suffers from a lack of a valid SSL certificate and does not support modern TLS protocols, which is a critical security shortfall. Performance is suboptimal with a slow page load time and a large page size, though mobile optimization and SEO practices are generally good. From a security perspective, the site implements DMARC with reporting and provides abuse contact emails, indicating some level of incident response readiness. However, the absence of HTTPS, security headers, and OCSP stapling significantly weakens the security posture. No explicit security policy or vulnerability disclosure mechanism is found. Privacy compliance is well addressed with comprehensive privacy and cookie policies and a consent mechanism. Overall, while the business credibility and content quality are strong, the technical and security implementations require urgent improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL certificate installation, enabling modern TLS, adding security headers, and optimizing site performance.

ETTINGER GmbH is a well-established German family-owned company specializing in fastening technology and electromechanical components, serving industrial and trade customers through a comprehensive B2B online shop. The company offers a wide range of over 25,000 products, including custom manufacturing and special procurement services, with a focus on quality and fast delivery. The website reflects a mature digital presence with professional design, clear navigation, and rich content tailored to its target audience of manufacturers and industrial clients. Technically, the site is built on the Shopware CMS platform, leveraging modern technologies like Algolia for search and Google Tag Manager for analytics. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate, exposing users to potential risks and undermining trust. Security headers are partially implemented but ineffective without HTTPS. Privacy and cookie policies are present and compliant with GDPR, including consent mechanisms. The domain registration is consistent and legitimate, with no privacy protection or suspicious patterns, supporting the company's credibility. Overall, while the business and content aspects are strong, immediate attention is required to secure the website with HTTPS to protect user data and enhance trust.

D

DFS Deutsche Flugsicherung GmbH

dfs.de

0

DFS Deutsche Flugsicherung GmbH is the official German air navigation service provider responsible for managing and controlling air traffic within German airspace. The company ensures safe, efficient, and environmentally conscious flight operations, serving millions of passengers annually. Their services include air traffic control, drone flight management, environmental initiatives, training, and research and development. The website targets aviation professionals, drone operators, and the general public interested in air traffic and environmental topics. Technically, the website employs modern JavaScript frameworks, SystemJS module loading, and the Ionas CMS platform, hosted on Azure DNS infrastructure. The site is well-structured, mobile-optimized, and provides multilingual support. However, the security posture is weakened by an invalid SSL certificate and lack of proper HTTPS enforcement, which is a critical issue. Privacy compliance is strong, with comprehensive cookie consent mechanisms and GDPR-aligned privacy policies. The site lacks explicit incident response or vulnerability disclosure information. Overall, the website is professional and trustworthy but requires urgent SSL remediation to improve security.

G

GIZ

diaspora2030.de

0

Diaspora2030 is a German-based non-profit platform supported by GIZ and BMZ that empowers people with migration backgrounds to contribute to sustainable development in their countries of origin. The platform facilitates diaspora professionals, organizations, entrepreneurs, and networks by providing support, co-financing, and knowledge exchange opportunities. The website is professionally designed, content-rich, and targets diaspora communities and development stakeholders. Technically, the site is built on TYPO3 CMS and hosted by kasserver.com, with moderate performance and good mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical issue. Privacy compliance is well addressed with a consent management platform and clear policies. Overall, the site is trustworthy but requires urgent security improvements.

M

Mittwald CM Service GmbH & Co. KG

agenturserver.it

0

Mittwald CM Service GmbH & Co. KG operates a professional hosting platform targeting web agencies and freelancers, offering managed hosting, vServer, CMS and shop hosting solutions, and related services. The company is well-established with over 20 years of experience and operates its own TÜV-certified data center in Germany. The website reflects a mature business with a strong market position in the German hosting sector, emphasizing performance, security, and customer support. Technically, the site uses modern frameworks such as Flow and Neos CMS, with a focus on responsive design and accessibility. Security posture is solid with multiple security headers and a valid SSL certificate, though improvements like enabling HSTS preload and OCSP stapling are recommended. Privacy compliance is well addressed with GDPR-compliant cookie and privacy policies. Overall, the website and business demonstrate high professionalism and trustworthiness.

M

Mittwald CM Service GmbH & Co. KG

agenturserver.co

0

Mittwald CM Service GmbH & Co. KG operates a professional hosting platform targeting web agencies and freelancers, offering managed webhosting, vServers, CMS and shop hosting solutions, SSL certificates, domain services, and a proprietary management platform called mStudio. The company is well-established with a domain age of 6 years and operates from Germany with a TÜV certified ISO 27001 data center. The website demonstrates a mature digital presence with excellent design, clear navigation, and comprehensive service descriptions. Technically, the site uses modern frameworks including Flow PHP and Neos CMS, supports TLS 1.3, and implements strong security headers and a detailed Content Security Policy. Privacy compliance is robust with GDPR-aligned cookie consent mechanisms and a comprehensive privacy policy. The domain registration data aligns well with the business identity, though domain expiry is imminent and domain protection locks are absent, representing a moderate risk. Overall, the security posture is strong with no detected vulnerabilities, but improvements such as enabling DNSSEC, DMARC, and OCSP stapling are recommended to enhance security further.

C

Centrum für internationale Migration und Entwicklung (CIM)

cimonline.de

0

The Centrum für internationale Migration und Entwicklung (CIM) operates as a government-affiliated non-profit entity focused on facilitating international labor mobility by connecting specialized EU professionals with employers worldwide. The website reflects a clear mission and professional presentation, targeting both job seekers and employers in the international development sector. Technically, the site uses standard web technologies with moderate performance and good mobile optimization but lacks a CMS indication and advanced frameworks. Security posture is weak due to the absence of a valid SSL certificate and modern TLS protocols, exposing users to risks and undermining trust. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite active tracking scripts. Overall, the site is credible and trustworthy but requires urgent security improvements to protect users and enhance compliance.

P

Programme AL-INVEST Verde

alinvest-verde.de

0

The AL-INVEST Verde website represents a European Union funded program aimed at fostering sustainable growth and job creation in Latin America through support for green innovation, public sector assistance, and intellectual property rights. The program operates across 12 countries and collaborates with multiple partner organizations, positioning itself as a key player in sustainable development initiatives in the region. Technically, the website is built on a modern WordPress stack with Elementor and several plugins supporting events, multilingual content, and user engagement. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which undermines user trust and data security. Privacy compliance is well addressed with comprehensive policies and consent mechanisms, reflecting adherence to GDPR standards. Overall, while the content and business positioning are strong, the security posture requires urgent improvement to safeguard users and enhance credibility.

A

AgenturQ

agenturq.de

0

AgenturQ is a non-profit organization dedicated to promoting vocational training and continuing education within the metal and electrical industries in Baden-Württemberg, Germany. The organization provides consulting, software tools, and educational concepts to support workforce development and adaptation to technological changes. Their website reflects a well-established regional institution with a clear focus on education and industry collaboration. Technically, the website is built on WordPress with common plugins for SEO and cookie compliance but suffers from slow performance and lacks a valid SSL certificate, exposing it to security risks. The security posture is weak due to missing HTTPS, security headers, and DNS security features. Privacy compliance is strong with comprehensive policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance credibility.

S

sequa gGmbH

sequa.de

0

sequa gGmbH is a German non-profit development organization specializing in private sector development and vocational training projects worldwide. The website provides comprehensive information about their projects, partnerships, and services, targeting chambers, associations, and stakeholders involved in development cooperation. The site is built on TYPO3 CMS and uses modern frontend technologies but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a GDPR-compliant privacy policy and cookie consent mechanism. However, contact information is primarily available via forms rather than direct emails or phone numbers. The WHOIS data aligns well with the organization's profile, showing consistent registration without privacy protection, supporting transparency. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

E

European Flying Disc Federation

efdf.org

0

The European Flying Disc Federation (EFDF) is a well-established non-profit organization dedicated to the promotion and governance of flying disc sports across Europe. The website serves as an informational hub for multiple flying disc disciplines, providing news, event updates, and organizational details. The domain is mature and consistent with the organization's history, reinforcing its legitimacy. Technically, the site is built on WordPress with a standard theme and common libraries, but suffers from slow load times and lacks modern security configurations such as HTTPS. Security posture is weak due to the absence of a valid SSL certificate, missing security headers, and lack of DNSSEC. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. Contact information is not explicitly provided, which may hinder user trust and compliance. Overall, the site is functional and informative but requires significant improvements in security and privacy to meet modern standards.

I

ITTF Foundation

ittffoundation.org

0

The ITTF Foundation is a non-profit organization leveraging table tennis to promote social development, health, and peace globally. It operates multiple specialized programmes targeting disadvantaged groups, humanitarian aid, and health awareness. The foundation is linked to the ITTF Group and maintains an active online presence with social media and newsletter engagement. Technically, the website is built on the Contao CMS with modern JavaScript libraries and frameworks but suffers from slow performance and lacks a valid SSL certificate, which critically impacts security posture. The absence of HTTPS and security headers exposes the site to risks and undermines user trust. Privacy compliance is basic with a cookie consent banner and a privacy policy, but no explicit GDPR compliance or terms of service are found. WHOIS data indicates a mature domain with privacy protection typical for non-profits. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance credibility.

I

Interact

interact-sport.com

0

Interact is a non-profit initiative focused on promoting Sport for All by supporting international sport organizations in capacity building, certification, and community engagement. The website presents a professional and content-rich platform targeting sport organizations and grassroots participants. Technically, the site is built on WordPress with common libraries and plugins, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is basic with HSTS enabled but no valid TLS protocols or certificate transparency compliance. Privacy compliance is well addressed with a cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure user interactions.

P

Pilates Heritage

pilates-heritage.com

0

Pilates Heritage operates an international Pilates congress and educational event platform based in Germany, focusing on honoring Joseph Pilates and promoting Pilates education worldwide. The website provides detailed event schedules, presenter biographies, and registration forms targeting Pilates practitioners and educators globally. Technically, the site is built on WordPress with common plugins and uses Google reCAPTCHA for form protection. However, the absence of a valid SSL certificate and HTTPS severely impacts the site's security posture. No privacy or terms of service policies are found, indicating compliance gaps. Overall, the site is professionally designed with good content quality but requires urgent security and privacy improvements.

REO AG is a medium-sized German company specializing in the manufacturing and supply of innovative resistive and inductive electrical components, including transformers, reactors, and power controllers. The company targets industrial sectors such as energy, transportation, and medical technology, emphasizing sustainability and technological innovation. Their website is multilingual and professionally designed, supporting a global B2B audience. Technically, the website is built on WordPress with Elementor and several plugins for SEO and multilingual support, hosted on kasserver.com. However, the site lacks a valid SSL certificate and HTTPS support, representing a critical security vulnerability. While privacy and legal documents are linked, no cookie consent mechanism is present, which may affect GDPR compliance. Social media presence and clear contact information enhance business credibility. Overall, the site is functional and content-rich but requires urgent security improvements.

REO AG is a medium-sized German company specializing in the manufacturing and supply of electromagnetic components such as EMV components, chokes, transformers, and power control devices. The company positions itself as a global supplier with a strong emphasis on innovation and sustainability, targeting industrial and technological sectors. The website is built on WordPress with Elementor and includes multilingual support, reflecting a mature digital presence. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security weakness that undermines user trust and data protection. Privacy policies and terms of service are present on the main corporate domain, indicating compliance awareness, though cookie consent mechanisms are lacking. Social media engagement and structured data usage enhance the company's online credibility. Overall, the site offers good content quality and user experience but requires urgent security improvements.

REO AG is a medium-sized German company specializing in the manufacture and supply of electromagnetic compatibility components, chokes, transformers, and resistors primarily for industrial and energy sectors. The company emphasizes innovation and sustainability in its product offerings and maintains a global presence with multiple language-specific websites. The website is built on WordPress using Elementor and Yoast SEO, indicating a modern CMS approach with SEO optimization. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. While contact information and legal pages are well presented, the lack of cookie consent mechanisms and security policies indicates partial privacy compliance. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

REO AG is a medium-sized German company specializing in the manufacturing and supply of innovative resistive and inductive electrical components, including EMV components, transformers, power controllers, and vibratory conveyor technology. The company targets industrial clients globally, emphasizing sustainability and technological innovation. Their website is built on WordPress with Elementor and optimized for Spanish-speaking markets, reflecting a multilingual corporate presence. Technically, the site uses modern CMS and SEO tools but lacks a valid SSL certificate, resulting in an insecure HTTP-only connection. Security posture is weak due to missing HTTPS, lack of security headers, and no domain protection locks. Privacy compliance is moderate with a clear privacy policy but no cookie consent mechanism. Contact information and social media presence are well established, supporting business credibility. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

REO AG is a well-established German family-run company with a 100-year history specializing in the development and production of inductive, resistive, and electronic components for various industrial sectors including energy, transportation, and manufacturing. The company operates internationally with subsidiaries across Europe, North America, Asia, and the Middle East, maintaining production primarily in Germany with a focus on quality and innovation. Technically, the website is built on a modern WordPress CMS with Elementor and Yoast SEO, indicating a good level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness that undermines user trust and data protection. The site lacks advanced security headers and cookie consent mechanisms, which are important for GDPR compliance and overall security posture. Business credibility is strong with clear contact information, social media presence, and detailed product and industry information. Strategic improvements in security and privacy compliance are recommended to enhance trust and protect user data.

REO AG is a well-established German family-owned manufacturing company specializing in inductive, resistive, and electronic components with a history dating back to 1925. The company operates internationally with subsidiaries across Europe, North America, Asia, and the Middle East, serving diverse industrial sectors including transportation, energy, medical technology, and defense. Their business model focuses on B2B supply of customized and standard components, emphasizing innovation, quality, and sustainability. Technically, the website is built on WordPress with modern plugins and SEO tools, offering a professional and content-rich user experience. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, exposing the site to risks and reducing trust. Privacy policies are comprehensive and GDPR compliant, but cookie consent mechanisms are missing. Overall, the company demonstrates strong business credibility but needs urgent improvements in security infrastructure to align with best practices.

B

BAUER Group

bauer.de

0

The BAUER Group is a globally recognized enterprise specializing in specialist foundation engineering, manufacturing, and environmental services. With a history spanning over two centuries, the company maintains a strong market position as a leader in construction and mechanical engineering sectors. Their business model integrates manufacturing of specialized equipment and provision of geotechnical and resource-related services, targeting construction professionals, investors, and job seekers worldwide. Technically, the website is built on Drupal 10 with modern web technologies and demonstrates good mobile optimization, accessibility, and SEO practices. However, the absence of a valid SSL/TLS certificate and HTTPS support significantly undermines the security posture. Security headers and policies are well implemented, but the lack of encryption exposes users to risks. Privacy compliance is robust, with clear privacy and cookie policies and consent mechanisms in place. Overall, the site reflects a professional and trustworthy business presence but requires urgent security improvements to protect user data and maintain trust.

M

M.M.Warburg & CO

warburg-bank.de

0

M.M.Warburg & CO operates a professional online banking platform targeting banking customers primarily in Germany. The website offers secure login mechanisms including electronic TAN authentication and provides clear customer support phone contacts. The technical infrastructure is based on AngularJS with custom JavaScript and CSS, delivering a good user experience and mobile optimization. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent critical security vulnerabilities that undermine trust and data protection. Security headers are well implemented, but the SSL/TLS configuration requires urgent remediation. Privacy compliance is strong with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the website is functional and professional but needs immediate security improvements to meet industry standards.

M

M.M.Warburg & CO Gruppe GmbH

mmwarburggruppe.com

0

The Warburg Gruppe website represents a well-established financial holding company specializing in private banking, asset management, and investment banking services. The group operates multiple subsidiaries, each with a clear market focus, serving high-net-worth individuals and institutional clients primarily in Germany. The website content is professionally presented, targeting a sophisticated audience with detailed information about the group and its subsidiaries. Technically, the site uses a Java-based CMS (OpenCms) and integrates modern marketing and analytics tools such as Usercentrics for consent management and Google Tag Manager. However, a critical security gap exists due to the absence of HTTPS/SSL, exposing users to potential risks. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent security improvements.

M

M.M.Warburg & CO (AG & Co.) KGaA

mmwarburg.com

0

M.M.Warburg & CO is a well-established independent private bank in Germany with a history dating back to 1798. The bank offers a broad range of financial services including private banking, asset management, corporate and investment banking, and institutional client services. The website targets private clients, business customers, and institutional investors, emphasizing personalized service and long-term client relationships. Technically, the website uses modern web technologies such as Apache server, UserCentrics consent management, Google Analytics, and Google Tag Manager, and is built on OpenCms. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. The website is professionally designed with consistent branding and rich content, including reports and multimedia. Overall, the site reflects a reputable financial institution but urgently needs to address its SSL/TLS configuration to ensure secure communications.

O

Olaf Schmidt Coaching

olafschmidt.de

0

Olaf Schmidt Coaching is a small German-based business specializing in LinkedIn lead generation coaching, targeting self-employed professionals and companies, particularly in marketing and sales. The website presents a professional coaching service with clear offerings including personalized LinkedIn strategies, workshops, and weekly support. Technically, the site is built on WordPress with Elementor and uses common web technologies such as Apache and PHP. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. The presence of LinkedIn Insight tracking and Calendly integration indicates a moderate level of digital maturity but also raises privacy considerations. Security posture is weak due to missing HTTPS and security headers, and privacy compliance is basic with only a privacy policy found but no cookie consent mechanism. Overall, the site is functional and professionally presented but requires urgent security improvements to protect user data and improve trust.

Ristorante La Terrazza is a small Italian restaurant located in Krefeld, Germany, specializing in fresh seasonal dishes with a focus on fish and wild game. The business emphasizes warm hospitality and a pleasant dining ambiance, targeting local residents and visitors seeking quality Italian cuisine. The website reflects a local hospitality business model without online reservations, relying on direct phone contact. Technically, the website uses Mobirise CMS with Bootstrap and jQuery libraries, hosted on Cloudpit servers. Performance is moderate to slow, and mobile optimization is good. However, the site lacks HTTPS support, exposing visitors to security risks. Privacy and cookie policies exist but are basic and not fully GDPR compliant. No terms of service or security policies are present. Overall, the site is functional but requires significant security improvements.

M

M.M.Warburg & CO (AG & Co.) KGaA

bankhaus-plump.de

0

M.M.Warburg & CO is an established independent private bank in Germany, founded in 1798, offering a broad range of financial services including private banking, asset management, corporate finance, and institutional client services. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding consistency. Technically, the site uses Apache server, OpenCms CMS, and integrates modern marketing and analytics tools with user consent management. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. The security posture is weak due to lack of TLS protocols and incomplete security headers. Privacy compliance is well addressed through UserCentrics CMP and a comprehensive privacy policy. Overall, the site is credible and professional but requires urgent security improvements.

G

Google

piaselect.com

0

The website analyzed is the localized German version of Google's main search homepage, representing a global technology leader in internet services and advertising. The site provides a clean, professional user interface with comprehensive privacy and cookie policies that comply with GDPR standards. The business model is primarily advertising-driven, targeting a broad audience of internet users worldwide. The technical infrastructure leverages Google's proprietary technologies and frameworks, delivering a fast and mobile-optimized experience. However, a critical security issue is present due to the lack of a valid SSL certificate and disabled TLS protocols, severely impacting the security posture. While security headers are well implemented, the absence of proper HTTPS undermines user trust and data protection. Overall, the site is highly professional and trustworthy but requires urgent remediation of SSL/TLS to ensure secure communications.

I

IoT Smart Space Research Team (IoT-s2o)

s2labs.org

0

The website represents an academic research group led by Marc-Oliver Pahl, focusing on autonomous control and management in heterogeneous networks, specifically IoT Smart Space Orchestration. The group is affiliated with the Technical University of Munich and Institut Mines Telecom, targeting researchers, students, and industry partners interested in IoT technologies and smart spaces. The site serves as an informational and educational platform, offering research insights, teaching activities, project showcases, and open positions for students. Technically, the website is hosted on an Apache server running on Ubuntu, using a custom minimalistic CMS (miniCMS). The site lacks modern security implementations such as HTTPS, HSTS, and DNSSEC, and does not employ advanced web frameworks or performance optimizations. The content is primarily static HTML with embedded multimedia and social media widgets. Performance data is unavailable, and mobile optimization is basic. From a security perspective, the absence of HTTPS and valid SSL certificates is a critical vulnerability, exposing users to potential data interception risks. No security policies, incident response contacts, or vulnerability disclosure mechanisms are published. The site does not implement cookie consent or privacy compliance features beyond a basic privacy policy page. Analytics usage is minimal and disabled, reducing privacy concerns but also limiting insights. Overall, the website functions adequately as an academic informational resource but requires urgent security upgrades and privacy compliance improvements to protect users and enhance trustworthiness. Strategic recommendations include implementing HTTPS, adding security headers, publishing comprehensive privacy and security policies, and improving technical infrastructure for better performance and accessibility.

G

German-French Academy for the Industry of the Future

future-industry.org

0

The German-French Academy for the Industry of the Future operates as a collaborative research and education platform focusing on Industry 4.0 technologies, including cybersecurity, artificial intelligence, advanced manufacturing, and networked cooperation. It serves academic and industrial stakeholders primarily in Germany and France, offering workshops, PhD schools, events, and innovation support. The website is built on WordPress with a modern theme and includes integrations such as Google Analytics and YouTube video embeds. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security vulnerability. Cookie consent mechanisms are implemented, but no explicit privacy policy or terms of service pages were found in the provided content. Overall, the site demonstrates good content quality and professional design but requires urgent security improvements to protect user data and enhance trust.

B

Barkhausen Institut

barkhauseninstitut.org

0

The Barkhausen Institut is an independent research institute based in Dresden, Germany, specializing in trustworthy networked electronic systems and the Internet of Things (IoT). It collaborates closely with the Technical University of Dresden and focuses on research and development of secure, transparent, and sustainable digital technologies. The website targets researchers, academics, and industry professionals interested in IoT and trustworthy digital systems. The business model centers on research, innovation, and public outreach in the technology sector. The institute holds an international reputation with a medium-sized organizational footprint.

D

DigiTrace GmbH

digitrace.de

0

DigiTrace GmbH is a specialized IT-forensics and IT-security service provider based in Germany, offering a broad range of services including IT forensics, incident response, eDiscovery, and expert IT assessments. The company targets businesses, authorities, auditors, and legal professionals, positioning itself as a trusted expert in IT security and forensic investigations. The website is professionally designed using Joomla CMS and includes detailed service descriptions and contact information, although it lacks some modern security configurations. Technically, the site suffers from the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. Other security best practices such as security headers and HSTS are also missing. Privacy compliance is addressed with a comprehensive privacy policy and DMARC/SPF email protections, but no cookie consent mechanism is present. Overall, the site is functional and informative but requires urgent improvements in security infrastructure to meet modern standards.

I

ivy.mayhem GmbH

stella-projects.de

0

stella.projects is a small, specialized web agency based in Hamburg, Germany, with over 15 years of experience in web design and development. They focus on delivering custom digital products including websites, online platforms, consulting, and hosting services. The company positions itself as a reliable partner for startups, SMEs, and private clients, emphasizing clarity, focus, and quality in their offerings. Their market position is strengthened by an official partnership with Statamic CMS and a portfolio of diverse clients. Technically, the website uses modern frameworks such as Laravel and Statamic CMS, with frontend technologies including Alpine.js and a well-structured responsive design. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security flaw. Security headers are mostly present but the absence of HTTPS and HSTS significantly reduces the security posture. Privacy compliance is addressed with a privacy and cookie policy, though no explicit cookie consent mechanism is implemented. Contact information is clearly provided, including phone, email, physical address, and a contact form. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and improve trust.

RETHMANN SE & Co. KG is a well-established German family-owned holding company founded in 1934, operating primarily in the transportation and energy sectors through its subsidiaries REMONDIS, Rhenus, SARIA, and a significant stake in Transdev. The company provides comprehensive services in recycling, logistics, sustainable product manufacturing, and public mobility solutions, targeting industrial clients, municipalities, and private customers. The website is built on TYPO3 CMS, featuring good content quality, clear navigation, and professional design, though it lacks a valid SSL certificate, which is a critical security concern. Privacy policies are comprehensive and GDPR compliant, but no cookie consent mechanism is present. The company demonstrates strong business credibility with detailed contact information and legal disclosures.

A

Anqa IT-Security GmbH

anqa-itsecurity.de

0

Anqa IT-Security GmbH is a German-based Managed Security Service Provider specializing in comprehensive IT security solutions including UTM firewalls, pentesting, endpoint protection, dark web monitoring, and cyber security awareness trainings. The company serves over 7,000 businesses and partners with more than 500 IT system houses, positioning itself as a trusted and experienced player in the German IT security market. Their offerings are designed to be flexible with monthly cancellable contracts and include a free managed service component, enhancing customer value and operational reliability. Technically, the website is built on WordPress with modern plugins for SEO and GDPR compliance, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security posture. The absence of HTTPS and security headers represents a significant vulnerability that should be addressed immediately. Privacy compliance is strong, with clear cookie consent mechanisms and a comprehensive privacy policy. Business credibility is supported by certifications such as ISO27001 and TÜV, testimonials, and a professional online presence. Overall, while the business model and content quality are excellent, the technical security shortcomings reduce the overall risk rating and require urgent remediation.

A

About You Outlet

aboutyou-outlet.de

0

About You Outlet is a large-scale e-commerce platform specializing in discounted fashion products from popular brands, targeting primarily German and European consumers. The site offers daily changing deals, purchase on invoice, and a customer-friendly return policy. Technically, the website is built on modern frameworks such as Nuxt.js and Tailwind CSS, hosted on Cloudflare, and integrates marketing and analytics tools like Google Tag Manager. However, the site suffers from critical security shortcomings, notably an invalid SSL certificate and lack of security headers, which significantly impact its security posture. Privacy and legal compliance are well addressed with dedicated pages and GDPR compliance indicators. Overall, the website is professional and functional but requires urgent security improvements to protect user data and enhance trust.

I

ivy.mayhem GmbH

ivymayhem.io

0

ivy.mayhem GmbH is a Germany-based digital product and service studio specializing in SaaS platform development. Founded in 2016, the company develops and operates multiple SaaS products such as eniston, releasesapp, deftform, and others, serving a diverse clientele from startups to large corporations. The company recently expanded by acquiring stella.projects, a full-service web development agency, enhancing its service offerings. The website presents a professional and modern design with clear navigation and responsive layout, targeting technology-focused businesses and entrepreneurs. Technically, the site uses modern frontend technologies including Alpine.js and Tailwind CSS, hosted with Cloudflare DNS and agenturserver.de mail services. However, the website lacks a valid SSL certificate, resulting in no HTTPS support, which is a significant security concern. Security best practices such as HSTS, security headers, and OCSP stapling are absent, reducing the overall security posture. Privacy compliance is addressed with a comprehensive privacy policy and GDPR compliance statements, but no cookie consent mechanism is implemented. The site uses minimal user tracking via Fathom Analytics, respecting user privacy. Overall, the website is functional and professional but requires urgent improvements in SSL configuration and security headers to enhance trust and security.

B

Beyond Code GmbH

beyondco.de

0

Beyond Code GmbH is a small technology company based in Germany specializing in software tools and educational video courses for web developers, particularly those working with PHP and Laravel. Their market position is focused on providing essential developer tools such as Laravel Herd, Tinkerwell, and Expose, alongside open source packages and developer services. The website reflects a professional and consistent brand with excellent content quality targeting web developers seeking productivity and learning resources. Technically, the site uses modern frameworks like Laravel, Livewire, and Alpine.js, hosted behind Cloudflare, but suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. Security posture is weak due to missing SSL/TLS, absence of security headers, and no cookie consent mechanism, which impacts user trust and compliance. Privacy and terms of service pages are present and comprehensive, with GDPR compliance indicated. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

G

GFT Technologies SE

gft.com

0

GFT Technologies SE is a global technology company specializing in digital transformation and IT modernization services, primarily serving the banking, insurance, and manufacturing sectors. The company leverages advanced technologies such as cloud computing, AI, blockchain, and IoT to deliver innovative solutions that help enterprises stay competitive. Their strong partner ecosystem includes major cloud providers and fintech innovators, reinforcing their market position. Technically, the website is built on modern frameworks like Vue.js and managed via Magnolia CMS, with integrations for analytics and consent management tools such as Google Tag Manager, Microsoft Clarity, and Cookiebot. While the site is mobile-optimized and well-structured for SEO and accessibility, performance metrics were not available. The hosting is supported by Fastly CDN, ensuring global content delivery. From a security perspective, the site implements several best practices including a Content Security Policy, secure cookie flags, and security headers. However, the SSL certificate is invalid or missing, and modern TLS protocols are not supported, which significantly impacts the security posture. No explicit security policy or incident response information is publicly available, and no vulnerability disclosure or security.txt file was found. Overall, the website presents a professional and trustworthy image with comprehensive privacy and cookie policies, but the lack of valid SSL and modern TLS support are critical issues that should be addressed promptly to improve security and user trust.

A

appliedAI Institute for Europe gGmbH

ai-startups-europe.eu

0

The appliedAI Institute for Europe gGmbH is a non-profit organization focused on generating and disseminating high-quality knowledge about trustworthy Artificial Intelligence. It serves professionals and policymakers by providing educational formats, tools, community engagement, and regulatory guidance, positioning itself as a leading AI knowledge hub in Europe. Technically, the website employs modern JavaScript frameworks like Vue.js, Bootstrap for responsive design, and integrates marketing and analytics tools such as Google Tag Manager, HubSpot, and Usercentrics for consent management. However, the security posture is weakened by the absence of a valid SSL certificate, lack of HSTS, and missing DMARC records, which are critical for secure communications and email protection. Overall, the site is content-rich and professionally presented but requires urgent improvements in SSL/TLS configuration to enhance trust and security.

A

Aternos GmbH

exaroton.com

0

exaroton.com is a specialized service offering high-end, on-demand Minecraft game servers with a unique pay-per-use pricing model. The platform targets Minecraft players and server administrators who desire flexible, customizable, and cost-efficient server hosting. The service is backed by Aternos GmbH, a German company, and integrates features such as DDOS protection, automatic backups, and API access to enhance user experience and operational control. The website demonstrates a professional design with clear navigation and comprehensive content tailored to its niche audience. Technically, the site employs modern web technologies including JavaScript, HTML5, and CSS3, with DNS and CDN services provided by Cloudflare. The platform supports both Minecraft Java and Bedrock editions, offering a wide range of server software and modpacks. Despite good SEO and accessibility practices, the website suffers from a critical security flaw: the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Security-wise, the site has implemented SPF and DMARC DNS records with a strict reject policy, uses Google MX servers for email, and has no subdomain takeover vulnerabilities. However, the lack of HTTPS, TLS protocols, HSTS, and OCSP stapling exposes users to potential risks. Privacy compliance is strong, with a comprehensive privacy policy and terms of service hosted on the parent company domain. Analytics usage is moderate and privacy-conscious, utilizing Matomo. Overall, exaroton.com presents a strong business and technical foundation but must urgently address its SSL/TLS deficiencies to ensure user trust and data security. Strategic improvements in security configuration will elevate the platform's credibility and protect its user base effectively.

K

komm.passion GmbH

komm-passion.de

0

komm.passion GmbH is a medium-sized full-service communication consultancy and creative agency operating primarily in Germany with offices in Düsseldorf, Hamburg, and Berlin. The company is affiliated internationally with Team Farner, enhancing its market position. Their service portfolio includes corporate communications, change management, digital health, employer branding, sustainability, and crisis communication among others. The website reflects a professional and consistent brand image with clear navigation and relevant content targeting corporate clients seeking integrated communication solutions. Technically, the site is built on TYPO3 CMS and uses modern web technologies including Google Tag Manager and FontAwesome. However, a critical security gap exists as the website lacks HTTPS, exposing users to potential risks. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Social media presence and trust indicators such as Google Partner and BVDW membership support business credibility. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

Kirchhoff Consult GmbH is a specialized consulting firm focused on financial communication, corporate communications, sustainability, ESG, investor relations, and IPO advisory services. The company targets capital markets professionals and corporate clients seeking expert guidance in reporting and sustainability communication. The website reflects a strong market position supported by multiple industry awards and a consistent, professional brand presence. Technically, the site is built on TYPO3 CMS with Apache and PHP 8.3, but lacks proper HTTPS configuration, which is a critical security gap. Security posture is moderate with valid SPF and DMARC records but no SSL/TLS encryption, no HSTS, and no DNSSEC. Privacy compliance is partial with a comprehensive privacy policy but no cookie consent mechanism. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

V

VRM Anna

vrm-anna.de

0

VRM Anna operates as an online platform facilitating ad submission and management for newspapers and weekly papers primarily in the Rhein-Main and Mittelhessen regions of Germany. The service targets both private and business customers, offering features such as ad drafting, personal ad archives, and payment method storage. The website reflects a regional media service provider with a moderate digital presence and a focus on user convenience for ad bookings. Technically, the site employs modern frontend technologies like React and integrates Google Analytics and Tag Manager for tracking, alongside a GDPR-compliant cookie consent mechanism. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture, exposing users to potential risks. No advanced security headers or DNS security features are implemented, and no explicit security or incident response policies are found. Overall, while the business model and content quality are solid, the technical and security implementations require urgent improvements to meet modern standards and build user trust.

V

VRM

vrm-trauer.de

0

VRM-Trauer.de is a regional German online platform specializing in obituary and mourning announcements, serving regions such as Rhein-Main, Rheinhessen, Südhessen, and Mittelhessen. The website offers comprehensive services including obituary searches, placing ads, memorial pages, grief support, and a directory of funeral service providers. It targets individuals seeking regional mourning information and related services. The platform demonstrates a consistent brand presence and good content quality with clear navigation and mobile optimization. Technically, it employs common web technologies such as jQuery, Bootstrap, and Select2, hosted on Versatel infrastructure. However, the website critically lacks HTTPS support, exposing users to security risks. Cookie consent and privacy policies are well implemented, reflecting GDPR compliance. Overall, the site is functional but requires urgent security improvements.

V

VRM

vrm-jobs.de

0

VRM-jobs.de is a regional job board platform operated by VRM, targeting job seekers and employers in the Rhein-Main area of Germany. It offers a wide range of job listings including full-time, part-time, internships, and student jobs, supported by employer services and candidate account management. The platform is positioned as a key regional player with a comprehensive job offering and partnerships with local companies. Technically, the site is built on modern web technologies such as React and Next.js, with integrations for analytics and consent management. However, the site suffers from a critical security issue due to the lack of a valid SSL certificate and disabled TLS protocols, which severely impacts its security posture. Privacy compliance is well addressed with a detailed cookie consent mechanism and links to comprehensive privacy and terms policies. Overall, the site provides good content quality and user experience but requires urgent security improvements to protect user data and enhance trust.