Security Directory

T

TÜV NORD GROUP

tuev-nord-group.com

0

The TÜV NORD GROUP is a well-established enterprise headquartered in Germany, specializing in safety, certification, inspection, and consulting services across multiple sectors including energy and transportation. With over 150 years of experience and a global presence in more than 100 countries, the company positions itself as a trusted provider of quality and safety solutions. The website reflects a professional and comprehensive digital presence, targeting businesses and organizations seeking expert services in safety and compliance. Technically, the site is built on TYPO3 CMS and utilizes modern JavaScript libraries and consent management tools, although performance is hindered by slow load times and an invalid SSL certificate. Security posture is weakened by the lack of a valid SSL certificate and absence of security headers, which poses risks to user trust and data protection. Privacy compliance is strong, with clear GDPR-aligned policies and cookie consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent security improvements to enhance user confidence and compliance.

Landitec GmbH is a specialized B2B technology company based in Germany, offering high-quality network hardware appliances and related services across Europe. Their business model combines e-commerce with consulting, testing, and support services, targeting enterprises and organizations requiring secure and flexible network infrastructure. The website is built on the Odoo CMS platform and hosted on Odoo.sh, featuring a professional design with clear navigation and multilingual support. However, the site lacks a valid SSL certificate, resulting in no HTTPS protection, which significantly impacts its security posture. While cookie consent mechanisms and privacy policies are present, explicit security policies and incident response information are missing. The company demonstrates trust through extended warranties, partner logos, and detailed product testing.

U

Universitätsklinikum Hamburg-Eppendorf

uke.de

0

The Universitätsklinikum Hamburg-Eppendorf (UKE) is a leading European university hospital specializing in healthcare, research, and education. The website reflects a comprehensive digital presence with extensive information about clinics, institutes, research programs, patient services, and educational offerings. The site targets patients, medical professionals, researchers, and students, positioning UKE as a major healthcare and research institution in Germany. Technically, the site uses established libraries like jQuery and Modernizr, and employs Matomo for privacy-conscious analytics. However, the absence of a valid SSL certificate and modern TLS protocols significantly impacts the security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. The site demonstrates high professionalism and trustworthiness but requires urgent improvements in security infrastructure to protect user data and enhance trust.

The website hfmt-hamburg.de currently serves a 404 error page indicating that no site configuration is found, suggesting the site is either offline or not properly configured. The site is powered by TYPO3 CMS and hosted on infrastructure associated with Technische Universität Hamburg. There is no accessible business content, contact information, or policies available, which severely limits the ability to assess the business or its services. Technically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to security risks. The absence of security headers and modern TLS protocols further weakens its security posture. Overall, the site is not operational from a user or security perspective, resulting in a very low trust and quality rating.

H

Hochschule für bildende Künste Hamburg (HFBK Hamburg)

hfbk-hamburg.de

0

The website represents the Hochschule für bildende Künste Hamburg (HFBK Hamburg), a medium-sized public art university in Germany focused on fine arts education, exhibitions, and research. It targets prospective and current students, artists, and the art community with comprehensive content on academic programs, events, and projects. The site is professionally designed with consistent branding and rich content, supporting an excellent user experience and clear navigation. Technically, the site uses a modern JavaScript stack including jQuery, Masonry, and Klaro for cookie consent, but lacks a valid SSL certificate, resulting in insecure HTTP connections. Security headers are well configured but ineffective without HTTPS. Privacy compliance is partially addressed with a privacy policy and cookie consent mechanism, though GDPR compliance is not fully evident. The site uses Matomo analytics with user consent. Overall, the security posture is weak due to missing HTTPS, which is a critical issue. The site is accessible without WAF or blocking mechanisms.

V

vitrado

vitrado.de

0

vitrado.de operates as an inhouse affiliate marketing network primarily serving the freenet Group's portfolio of digital lifestyle and telecommunications products. The platform targets affiliate marketers and partners seeking to promote these products through various partner programs and marketing tools. The website presents a professional and consistent brand image aligned with its parent company, freenet Group, and offers a range of partner programs including waipu.tv, klarmobil, and freenet Mobile among others. Technically, the site leverages JavaScript, CSS, and SVG technologies with Cloudflare DNS and hosting, but suffers from slow load times and lacks modern security configurations such as a valid SSL certificate and HTTPS support. Security posture is weak due to missing HTTPS, absent security headers, and disabled DNSSEC, exposing the site to potential risks. Privacy compliance is minimal with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Overall, the site is functional and content-rich but requires urgent security and privacy improvements to enhance trust and compliance.

F

freenet DLS GmbH

freenet-mobilfunk.de

0

Freenet DLS GmbH operates a comprehensive German telecommunications website offering mobile phone tariffs, devices, and related digital services. The company targets German consumers seeking flexible mobile plans and devices, positioning itself as a significant player in the German telecom market. The website features structured data with detailed company information and social media presence, supporting brand credibility and customer engagement. Technically, the site employs modern JavaScript frameworks, Cloudflare CDN, and personalization tools like Kameleoon, but suffers from critical SSL/TLS misconfigurations that undermine secure HTTPS access. Security headers are partially implemented, but the lack of a valid SSL certificate and disabled TLS protocols represent major vulnerabilities. Privacy and cookie policies are not detected, indicating compliance gaps. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and comply with regulations.

F

Freie und Hansestadt Hamburg

karriere.hamburg

0

The website karriere.hamburg serves as the official career portal for the Freie und Hansestadt Hamburg, offering a wide range of job opportunities, training programs, and career entry options in the public sector. It targets job seekers, students, and professionals interested in working for the city government. The site is well-branded and professionally presented with clear navigation and relevant content in German. Technically, the site uses modern HTML5 and responsive design techniques but lacks a valid SSL certificate, which is a critical security flaw. Security headers are partially implemented but some settings reduce protection. Privacy compliance is limited, with no cookie consent mechanism despite the presence of tracking scripts. Overall, the site is functional and credible but requires urgent security improvements to protect user data and trust.

A

Arvato Systems

arvato-systems.de

0

Arvato Systems is a leading German IT service provider specializing in digital transformation across multiple industries including energy, manufacturing, healthcare, retail, government, and finance. The company offers a broad portfolio of services such as consulting, cloud and data center services, application development, security, and managed services. It holds multiple industry awards and certifications, including ISO 27001 and Top Employer Germany 2024, reflecting its strong market position and commitment to quality and security. Technically, the website is built on CoreMedia CMS and integrates various analytics and marketing technologies, but suffers from a critical lack of valid SSL/TLS certificates, impacting its security posture. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and GDPR-aligned privacy policies. Overall, the company demonstrates a mature digital presence with strong business credibility but needs urgent improvements in SSL/TLS security to protect user data and maintain trust.

D

Digital Assets AG

digibiz24.com

0

Digibiz24 is a German-based SaaS platform offering an all-in-one solution for building websites, sales funnels, and membership areas, primarily targeting online coaches and entrepreneurs. The platform integrates deeply with Digistore24, a leading European sales automation and affiliate network, enabling seamless payment processing and sales management. The website demonstrates strong digital maturity with modern technologies, good SEO, and mobile optimization. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the platform presents a professional and trustworthy business offering but must urgently address its SSL/TLS configuration to ensure secure user interactions.

A

Arvato SE

open-xcellerator.com

0

The open-xcellerator.com website represents a community platform under Arvato SE focused on Advanced & Personalized Therapies, particularly addressing supply chain challenges in Cell & Gene Therapy. The site aims to foster collaboration among industry stakeholders to improve patient-centric and globally harmonized therapy supply chains. Technically, the site is built on TYPO3 CMS, served by Apache, and uses modern frontend tooling like Vite JS. It integrates Google Tag Manager and Cookiebot for analytics and cookie consent management. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and no HTTPS protocols are enabled, severely impacting security posture. Privacy compliance is supported by a visible privacy and cookie policy with consent mechanisms. Contact is available via a contact page but lacks direct email or phone details on the main site. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect user data and trust.

B

Bertelsmann SE & Co. KGaA

bertelsmann.de

0

Bertelsmann SE & Co. KGaA is a leading international media conglomerate headquartered in Germany, operating across multiple sectors including broadcasting, book publishing, music, services, printing, education, and investments. The website reflects a mature corporate presence with comprehensive information targeting investors, journalists, job seekers, and the general public. The business model is diversified with strong subsidiaries such as RTL Group and Penguin Random House, positioning Bertelsmann as a major player in the global media industry. Technically, the website employs established web technologies like Bootstrap and jQuery, with content delivery via Amazon CloudFront CDN, ensuring good performance and mobile optimization. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. Security headers are partially implemented, but critical HTTPS and TLS configurations are missing, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent managed by Cookiebot. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is professional and content-rich but requires urgent security improvements to meet modern standards.

C

Chatbot

linda-chatbot.de

0

The website linda-chatbot.de appears to be a chatbot service associated with the Sparkasse brand, indicating a financial services context in Germany. However, the site content is currently inaccessible beyond a simple error message indicating a domain or service issue, which severely limits the ability to assess the business comprehensively. The technical infrastructure shows use of React framework and external font resources from Sparkasse's webfonts domain, but the site suffers from very slow load times and minimal content. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, lack of security headers, and missing DNS security configurations. No privacy, cookie, or terms of service policies are present, and no contact or business information is available on the page. Overall, the site is not currently functional or trustworthy for end users.

The website sparkassen-mediacenter.de serves as a centralized media management platform primarily targeting the Sparkassen-Finanzgruppe, a major financial group in Germany. It offers a suite of services including video content management, podcasts, interactive videos, and playlist creation, aimed at enhancing digital content distribution within the group's online platforms. The platform is positioned as an internal tool to streamline media content handling and ensure secure access to both public and internal video assets. Technically, the site is built on a traditional Apache server with standard HTML, CSS, and JavaScript assets. However, it lacks modern security infrastructure, notably missing a valid SSL/TLS certificate and HTTPS support, which significantly undermines its security posture. The site includes multiple JavaScript libraries and CSS bundles but does not leverage modern frameworks or CMS platforms. Security headers are partially implemented, but critical HTTPS and TLS configurations are absent. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is limited to a phone number and support ticket instructions, with no email addresses or social media presence. Overall, the site demonstrates moderate business credibility and good content relevance but suffers from critical security shortcomings that must be addressed to protect user data and maintain trust.

L

Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften

lrz.de

0

The Leibniz-Rechenzentrum (LRZ) is a large, well-established IT service provider dedicated to supporting scientific research and education primarily in Bavaria, Germany. It offers a broad portfolio of advanced IT services including supercomputing, AI and Big Data infrastructure, networking via the Munich Science Network (MWN), IT security, cloud storage, and consulting. The LRZ is positioned as a key regional player with strong partnerships and a focus on cutting-edge technologies. Technically, the website is built on TYPO3 CMS and demonstrates good content quality, navigation, and accessibility, though performance is moderate. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue. Privacy compliance is adequate with a clear privacy policy but lacks cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent improvements in security to protect user data and enhance trust.

D

Deka Investments

deka-investments.de

0

Deka Investments is a prominent German asset management company offering professional investment and retirement solutions primarily targeting private customers. The website reflects a strong market position with comprehensive services including funds, certificates, savings plans, and wealth management, supported by multiple industry awards and a close affiliation with the Sparkassen-Finanzgruppe. The digital infrastructure leverages modern JavaScript frameworks such as Vue.js and integrates analytics and marketing tools like Google Tag Manager and eGain Chat, providing a good user experience with clear navigation and mobile optimization. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue for a financial services website. Privacy and cookie policies are well implemented with GDPR compliance and consent mechanisms in place. Contact information is clearly presented with multiple channels including phone, contact forms, and chat. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure communications and maintain user trust.

L

L-Bank

l-bank.info

0

L-Bank is the state development bank of Baden-Württemberg, Germany, providing financial support and services to businesses, municipalities, and individuals within the region. The bank focuses on economic development, housing promotion, family support, education, and social initiatives. It holds a strong market position as a regional government-backed financial institution with a history dating back to 1924. The website reflects a mature digital presence with modern technologies such as Vue.js and Hippo CMS, delivering excellent user experience and accessibility. Security posture is robust with HTTPS, comprehensive security headers, and cookie consent mechanisms, although some improvements like OCSP stapling and HSTS preload could enhance security further. Privacy compliance is well addressed with clear policies and consent management. Overall, the site demonstrates high professionalism, trustworthiness, and business credibility.

S

Sparkasse Saarbrücken

sparkasse-saarbruecken.de

0

Sparkasse Saarbrücken operates as a regional financial institution providing a broad range of banking and financial services to private and business customers. The website offers comprehensive online banking, credit products, investment options, insurance, and real estate services, positioning itself as a trusted and award-winning bank in Germany. The digital presence is well-structured, targeting both private and corporate clients with clear navigation and service offerings. Technically, the site uses modern web technologies and likely a robust CMS platform, delivering a good user experience with mobile optimization and accessibility features. Security posture is strong with HTTPS, SPF, and DMARC policies in place, though improvements such as DNSSEC and HSTS could enhance protection. Privacy compliance is well addressed with explicit cookie consent and detailed privacy policies. Overall, the website reflects a mature digital infrastructure supporting a large financial institution with a high level of professionalism and trust.

K

Koongo

koongo.de

0

Koongo is a medium-sized e-commerce technology company specializing in product feed management and multi-channel marketplace integration. The company offers a SaaS platform that enables online sellers to synchronize product data, inventory, and orders across over 500 sales channels including Amazon, eBay, and Google Shopping. Koongo positions itself as a comprehensive solution provider with integrations to numerous e-commerce platforms such as Magento, Shopify, WooCommerce, and others. The website is professionally designed, content-rich, and targets e-commerce businesses seeking to expand their online sales footprint efficiently. Technically, the site is built on WordPress with a modern tech stack including jQuery, Google Analytics, and Intercom for customer engagement. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. The site implements a detailed cookie consent mechanism and complies with GDPR requirements, reflecting a strong privacy posture. Overall, Koongo demonstrates a solid market presence with good business credibility but requires urgent improvements in its security infrastructure to meet industry standards.

B

Bildungswerk der Sächsischen Wirtschaft

bsw-sachsen.de

0

Bildungswerk der Sächsischen Wirtschaft is a well-established educational organization focused on vocational training and professional development in the Saxony region of Germany. With over 30 years of experience and multiple subsidiaries, it offers a broad portfolio of services including further education, training seminars, and integration courses. The organization targets companies, employees, job seekers, and schools, positioning itself as a key regional player in workforce qualification and development. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and includes SEO-friendly structured data and social media integration. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate, resulting in an insecure connection and lack of HTTPS enforcement. Other security best practices such as security headers, DNSSEC, and DMARC are also missing. Privacy compliance is addressed with a cookie consent mechanism and clear privacy and cookie policies. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

C

Calls for Transfer

callsfortransfer.de

0

Calls for Transfer (C4T) is a specialized funding program based in Hamburg, Germany, designed to support innovative projects emerging from the city's state universities and scientific research institutions. The program offers up to 35,000 Euro in funding for a 12-month project period, aiming to facilitate the transfer of knowledge and technology from academia to practical applications. The website presents a professional and well-structured portal with clear navigation, targeting researchers and innovators in Hamburg. Technically, the site is built on WordPress with popular plugins such as Elementor and LayerSlider, but it suffers from critical security shortcomings including the absence of a valid SSL certificate and disabled TLS protocols, which significantly impact its security posture. Privacy compliance is well addressed with a cookie consent mechanism and links to privacy and terms of service hosted on the parent organization's domain. Overall, while the business and content aspects are strong, the lack of HTTPS and modern security configurations pose a significant risk that should be urgently addressed.

O

Ost-Ausschuss der Deutschen Wirtschaft e.V.

ost-ausschuss.de

0

The Ost-Ausschuss der Deutschen Wirtschaft e.V. is a medium-sized non-profit association based in Germany that facilitates economic cooperation and business relations between German companies and Eastern European and Central Asian markets. The organization provides services such as policy advocacy, networking events, delegations, and publishes relevant economic updates and reports. The website is professionally designed using Drupal 10 and integrates modern web technologies and analytics tools, targeting business stakeholders and policymakers. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which significantly weakens its security posture. Privacy and cookie policies are present and include consent mechanisms, reflecting good compliance with GDPR requirements. Contact information is clearly provided, enhancing business credibility.

O

ODAV AG - Lehrinstitut für Informatik

odav-lehrinstitut.de

0

ODAV AG - Lehrinstitut für Informatik is a well-established educational institution based in Straubing, Germany, specializing in IT training and professional development. With over 40 years of experience, it offers a variety of courses, firm seminars, and funding options targeting IT professionals and companies seeking to enhance digital competencies. The website reflects a professional and content-rich platform with clear navigation, testimonials, and detailed course information. Technically, the site uses Apache server, jQuery, Bootstrap, and a proprietary ODAV CMS, with Matomo analytics integrated under cookie consent management. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken its security posture. Security headers are partially implemented, but critical improvements are needed to ensure secure communications and compliance. Overall, the site is trustworthy and user-friendly but requires urgent security enhancements to protect user data and improve trust.

T

TÜV NORD

tuev-nord.de

0

TÜV NORD is a well-established enterprise-level company specializing in safety, certification, and training services across multiple sectors including energy, transportation, real estate, healthcare, and technology. The website presents a professional and consistent brand image with comprehensive content targeting both private and business customers. The technical infrastructure is based on TYPO3 CMS with integration of modern marketing and analytics tools, though performance metrics indicate room for improvement. Security posture is weakened by the absence of a valid SSL certificate and HTTPS, which is a critical issue. Privacy compliance is well addressed with consent management and GDPR-aligned policies. Overall, the site is trustworthy but requires urgent security enhancements to protect user data and improve trust.

S

Stahlinstitut VDEh

vdeh.de

0

Stahlinstitut VDEh is a German-based institute specializing in steel technology, offering services such as seminars, standardization, membership, and publications. The website targets industry professionals and members within the steel manufacturing sector. The business model revolves around providing educational and industry services to its members and stakeholders. Technically, the website is built on PHP 7.4.33 with nginx and uses common frontend libraries like Bootstrap and jQuery. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. The site is moderately optimized for mobile and has a good design and navigation structure but suffers from slow DNS resolution and no caching headers that could improve performance. Security posture is weak due to missing HTTPS, lack of advanced security headers, and no cookie consent mechanism. Privacy compliance is minimal with a privacy policy present but no explicit GDPR compliance or cookie consent. Business credibility is moderate with clear branding and professional content but lacks direct contact information and certifications. Overall, the site scores low on security and privacy compliance, which should be prioritized to improve trust and user safety.

F

freenet Internet

freenet-internet.de

0

freenet Internet is a German telecommunications provider specializing in flexible internet tariffs that can be managed entirely via a mobile app. Their offerings include DSL and 5G internet services with monthly cancellable contracts, targeting customers who value freedom and simplicity. The website is built on modern JavaScript frameworks (Nuxt.js and Vue.js) and hosted on Amazon Web Services infrastructure, leveraging CloudFront CDN for content delivery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The presence of SPF and DMARC records indicates some email security awareness, but no advanced security headers or mechanisms are implemented. Privacy and terms of service documents are present and appear comprehensive, but no cookie consent mechanism is detected. Overall, the site provides good content quality and user experience but requires urgent improvements in security posture to protect users and enhance trust.

D

DIZ | Digitales Innovationszentrum GmbH

digitalhub-ai.de

0

Digital Hub Applied Artificial Intelligence Karlsruhe is a regional technology ecosystem hub focused on advancing artificial intelligence and cybersecurity in Karlsruhe, Germany. It serves as a network facilitator offering services such as events, workshops, startup programs, and expert access to foster innovation and collaboration. The website presents a professional and consistent brand image targeting businesses and individuals interested in AI and cybersecurity. Technically, the site is built on the Contao CMS platform, using Apache server and common web libraries like jQuery and Leaflet. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. Security headers are present but insufficient without proper HTTPS. Privacy compliance is partially addressed with a cookie consent mechanism and a privacy policy page, but GDPR compliance indicators and incident response information are missing. Overall, the site demonstrates moderate digital maturity with room for improvement in security and privacy practices.

B

Bertelsmann Education Group

bertelsmann-education-group.com

0

Bertelsmann Education Group is a medium-sized entity under the Bertelsmann parent company, focusing on investments and partnerships in healthcare training and education solutions. The company targets healthcare organizations and education sector stakeholders, aiming to address workforce and skills shortages through innovative learning and workforce management solutions. The website reflects a professional and consistent brand presence, highlighting key subsidiaries such as Afya Limited and Relias. Technically, the site is built on WordPress using Elementor and Astra theme, with moderate performance and good mobile optimization. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocols, despite having some security headers and a strict DMARC policy. Privacy compliance is supported by a clear privacy policy and cookie consent mechanism via Cookiebot. Overall, the site is functional and credible but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

B

Bertelsmann Marketing Services

bertelsmann-marketing-services.com

0

Bertelsmann Marketing Services is a large, Germany-based media and marketing services company, operating as a 100% subsidiary of Bertelsmann. The company specializes in direct marketing, printing services, and multi-channel campaign management, serving a broad range of clients including retail, industrial, and publishing sectors. The website is professionally designed, content-rich, and well-structured, supporting both German and English languages. Technically, the site uses TYPO3 CMS and is hosted on infrastructure managed by Arvato Systems. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. Security headers are partially implemented but insufficient to mitigate risks fully. Privacy compliance is good, with a clear privacy policy and cookie consent mechanism in place. Business credibility is high, supported by certifications and active communication through press releases and social media.

A

Arvato SE

arvato.com

0

Arvato SE is a global enterprise specializing in third-party logistics (3PL), supply chain management, and digital logistics solutions. The company serves a diverse range of industries including e-commerce, B2B, and transportation, offering services such as warehousing, fulfillment, transport management, and digital customer experience solutions. Their market position is strong with a broad international footprint and multiple regional subsidiaries. The website reflects a professional and comprehensive digital presence with multilingual support and detailed service descriptions. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Security-wise, the absence of HTTPS and security headers are critical issues, though cookie consent and privacy compliance are well implemented. Overall, the site is trustworthy and professional but requires urgent security improvements to meet modern standards.

B

BMG Rights Management GmbH

bmg.com

0

BMG Rights Management GmbH operates as a global music publishing and record company, providing a broad range of services to music creators including publishing, recordings, and sync licensing. Positioned as a longtime home for artists and songwriters, BMG leverages a global network combined with innovative technology to empower its clients. The company is a division of the global media conglomerate Bertelsmann, indicating a strong market presence and enterprise scale. The website reflects a professional and consistent brand image targeting music industry professionals and creators. Technically, the site uses modern JavaScript libraries, Google Analytics for tracking, and a consent management platform to comply with privacy regulations. However, the hosting infrastructure appears to be Google Cloud Storage with DNS managed by Arvato Systems. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical risk. Privacy compliance is well addressed with visible policies and consent mechanisms. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and trust.

B

Bertelsmann SE & Co. KGaA

bertelsmann.com

0

Bertelsmann SE & Co. KGaA is a leading international media conglomerate headquartered in Germany, operating through multiple divisions such as RTL Group, Penguin Random House, BMG, and Arvato Group. The company provides a wide range of media, publishing, entertainment, and service offerings targeting journalists, investors, applicants, and the general public. The website reflects a mature digital presence with comprehensive corporate, investor, and media information, supported by strong branding and consistent content quality. Technically, the site uses established technologies like jQuery, Bootstrap, and Cookiebot for consent management, hosted on AWS CloudFront CDN. However, the absence of a valid SSL/TLS certificate and disabled HTTPS protocols represent critical security gaps. Security headers and content security policies are implemented but cannot compensate for the lack of HTTPS, which is essential for protecting user data and trust. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

B

Bertelsmann

createyourowncareer.de

0

Bertelsmann's Create Your Own Career website serves as a comprehensive career portal targeting students, graduates, professionals, and school students interested in opportunities within the Bertelsmann group. The site highlights multiple divisions and offers detailed information on programs, events, and job listings, positioning Bertelsmann as a large multinational media and services conglomerate with a strong employer brand. Technically, the site is built on TYPO3 CMS, hosted likely by Arvato Systems, and integrates modern marketing and consent tools such as Google Analytics, Google Tag Manager, and CookieFirst. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

L

Landitec GmbH

landitec.com

0

Landitec GmbH is a medium-sized German company specializing in high-quality, flexible, and high-performance appliance solutions and services for the B2B sector. They focus on customized IT security appliances and software solutions, including network hardware, edge AI, 5G, and industrial applications. The company holds a strong market position as an OPNsense Platinum Partner and collaborates with notable partners such as SECUDOS and Barracuda. Their offerings include both hardware and software appliances, tailored to customer needs from initial concept to final product delivery. Technically, the website is built on Joomla CMS with the Helix Ultimate framework, utilizing modern libraries like jQuery and Bootstrap. The site is well-structured, mobile-optimized, and includes SEO best practices. However, the absence of a valid SSL certificate and HTTPS significantly impacts their security posture. Security headers are partially implemented, and cookie consent mechanisms are in place, indicating good privacy compliance. Analytics usage is moderate, primarily via Google Analytics and Tag Manager. Security-wise, the lack of valid HTTPS is a critical issue that lowers the overall security score. Other security best practices such as HSTS, OCSP stapling, and session resumption are not implemented. No explicit security policy or incident response information is found. The company provides clear contact information and maintains a professional online presence, but should prioritize securing their website with valid SSL certificates to enhance trust and compliance. Overall, Landitec GmbH presents a professional and credible business with solid technical infrastructure but requires urgent improvements in security configuration to meet modern standards and ensure customer trust.

X

XING

prescreen.io

0

The website prescreen.io redirects or is represented by recruiting.xing.com, a platform operated by XING, a subsidiary of NEW WORK SE. The site offers the onlyfy Bewerbungsmanager, a comprehensive talent acquisition and applicant tracking solution designed for companies seeking to modernize and streamline their recruiting processes. The platform integrates active and passive sourcing, multiposting, social media campaigns, and detailed reporting to support holistic recruiting workflows. Technically, the site is built on WordPress with modern front-end frameworks like Bootstrap and jQuery, hosted on AWS infrastructure. While the site demonstrates good SEO, structured data usage, and user experience, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and disabled TLS protocols, which severely impact its security posture. Privacy compliance is well addressed with visible privacy and cookie policies and consent management via Usercentrics. Overall, the site is content-rich and professionally presented but requires urgent security improvements to protect user data and maintain trust.

C

Content Pass GmbH

contentpass.net

0

Content Pass GmbH operates contentpass.net, a subscription-based platform offering users ad-free and tracking-free access to over 500 digital publications. The company positions itself as a privacy-conscious alternative to traditional ad-supported content, distributing subscription revenues to publishers to compensate for lost advertising income. The service targets privacy-aware consumers in Europe, emphasizing GDPR compliance and user data protection. The platform integrates multiple payment providers and offers multi-device access with a user-friendly interface. Technically, the website is built on a modern React/Next.js stack with Apollo GraphQL and hosted on OVH and Google Cloud Platform, leveraging Bunny.net CDN for performance optimization. However, the site suffers from a critical security flaw due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy policies and terms of service are comprehensive and well-documented, reinforcing trust and compliance.

M

Munich Urban Colab GmbH

munich-urban-colab.de

0

Munich Urban Colab GmbH operates a prominent innovation and coworking space in Munich, Germany, focused on developing and testing solutions for the future city through interdisciplinary and cross-sector collaboration. Positioned as one of Europe's largest startup centers, it serves startups, entrepreneurs, researchers, and public sector entities with services including coworking spaces, event venues, and community building. The website reflects a professional and well-branded digital presence with strong partnerships from major corporations and academic institutions. Technically, the site uses modern JavaScript modules, animation libraries, and a cookie consent management platform, but suffers from slow load times and lacks a valid SSL certificate, which impacts security posture. Security practices are basic, with no security headers or HSTS enabled, and no incident response or vulnerability disclosure policies found. Privacy compliance is good, with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy and professional but requires urgent improvements in SSL and security configurations to enhance user trust and compliance.

I

InterNations

internations.org

0

InterNations is a leading global community platform for expatriates, offering networking, events, and destination guides across 420 cities worldwide. The website targets expatriates and global minds seeking connection and information about living abroad. Technically, the site employs modern JavaScript frameworks, Webpack bundling, and integrates monitoring and analytics tools such as New Relic, Google Analytics, and Cookiebot for consent management. Hosting is via Cloudflare CDN, ensuring performance and availability. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, despite good security header configurations and secure cookie practices. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

L

Landitec GmbH

scope7.de

0

scope7.de is the online presence of Landitec GmbH's scope7® brand, specializing in hardware appliances tailored for open source solutions such as OPNsense®, flexiWAN, IPFire, Untangle®, and FRRouting. The company positions itself as a provider of powerful, cost-effective, and ready-to-use hardware platforms that are pre-installed with popular open source firewall and routing software. Their market position is strengthened by official certifications and partnerships, notably as an OPNsense Platinum Partner and flexiWAN certified hardware provider. The website reflects a professional and consistent brand image targeting businesses and professionals seeking vendor-independent open source security appliances. Technically, the site is built on Joomla CMS with modern frontend libraries and extensions, delivering good performance and mobile optimization. Security posture is solid with HTTPS enforced, HSTS header present, and no detected SSL vulnerabilities, though improvements like OCSP stapling and DNSSEC could enhance security further. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism, aligning with GDPR requirements. Contact information is available with a clear company phone number and contact forms, supporting business credibility. Overall, the website demonstrates a mature digital presence with strong business and security fundamentals.

G

Gaia-X 4 Future Mobility

gaia-x4futuremobility.de

0

Gaia-X 4 Future Mobility is a collaborative project family focused on developing and implementing future mobility applications based on the Gaia-X initiative. It is funded by the German Federal Ministry for Economic Affairs and Climate Action and coordinated by the DLR Institute for AI Security. The initiative involves about 80 participants from industry and research, aiming to build an open, decentralized data and service ecosystem for mobility. The website provides detailed information about the six constituent projects, their goals, participants, and related initiatives. Technically, the site is built on the Webflow platform, uses Google Fonts and jQuery, and is hosted on a CDN. However, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical security concern. Privacy and terms of service pages are present, but no cookie consent mechanism is detected. Overall, the site is professionally designed with good content relevance and navigation but requires urgent security improvements.

P

Papoo Software & Media GmbH

epccm19.com

0

Papoo Software & Media GmbH operates the CCM19 Cookie Consent Manager, a comprehensive European alternative for cookie consent management software. The company offers multiple deployment options including on-premise, cloud, and agency versions, emphasizing data sovereignty by hosting all infrastructure in Germany. The website demonstrates a strong market position with extensive features, multilingual support, and a clear focus on compliance with GDPR, TDDDG, and other privacy regulations. The business targets website owners, agencies, and enterprises requiring robust consent management solutions. Technically, the site uses a modern stack with Apache, PHP, jQuery, and Foundation framework, hosted by Your-Server.de. Security posture is solid with HTTPS, security headers, and no known vulnerabilities, though some improvements like enhanced HSTS and CSP headers are recommended. Overall, the site is professional, well-structured, and trustworthy, with clear contact information and certifications. The privacy and cookie policies are comprehensive and GDPR compliant, supporting a positive privacy compliance score.

H

Hochschule Ruhr West

hs-ruhrwest.de

0

Hochschule Ruhr West is a public university of applied sciences located in the Ruhr region of Germany, with campuses in Mülheim an der Ruhr and Bottrop. The institution offers a broad range of degree programs including bachelor, master, part-time, and dual studies, alongside active research and transfer activities. The website reflects a well-established regional educational institution with a clear focus on accessibility, student services, and cooperation with industry and society. The target audience includes prospective and current students, academic staff, and business partners. Technically, the website employs modern web technologies including JavaScript, CSS, and Cookiebot for cookie consent management, and integrates Google Tag Manager for analytics and marketing. The content management system appears to be Ibexa, supporting a structured and navigable site architecture. Performance is moderate with a page load time of approximately 6 seconds and a page size of about 335 KB. The site is mobile-optimized and accessible with good SEO practices. From a security perspective, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical vulnerability impacting user trust and data protection. No modern TLS protocols or security headers are detected, and HSTS is not enabled. DNS records show proper SPF and DMARC configurations, which help mitigate email spoofing risks. Cookie consent is implemented comprehensively, supporting GDPR compliance. However, no explicit security policy or incident response information is found. Overall, the website is professionally designed and content-rich but suffers from significant security shortcomings due to the absence of HTTPS. Strategic improvements in SSL deployment, security headers, and incident response transparency are recommended to enhance trust and compliance.

Z

ZENIT GmbH (Konsortialführerin), NRW.BANK (Konsortialpartnerin), NRW.Global Business GmbH, IHK NRW e.V.

nrweuropa.de

0

NRW.Europa is a regional representation of the Enterprise Europe Network in North Rhine-Westphalia, Germany, providing comprehensive support for internationalization, innovation, and funding to SMEs and research institutions. The website is built on TYPO3 CMS and features professional design, clear navigation, and multilingual support. However, the site lacks a valid SSL certificate and modern TLS protocols, which significantly impacts its security posture. While privacy compliance is well addressed through a cookie consent mechanism and a comprehensive privacy policy, the absence of HTTPS and other security headers poses risks. The site maintains active content with news and event calendars, reinforcing its credibility and engagement with its audience. Strategic improvements in SSL deployment and security configurations are critical to enhance trust and compliance.

J

Jugend will sich-er-leben (JWSL)

jwsl.de

0

Jugend will sich-er-leben (JWSL) is a German non-profit prevention program focused on occupational safety and health for apprentices. It provides educational materials, competitions, and media resources primarily targeting vocational schools, teachers, and training companies. The program is affiliated with the statutory accident insurance and the DGUV, positioning it as a recognized entity in the education and government sectors within Germany. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and uses Video.js for media playback. However, the site suffers from a critical security deficiency as it lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, but no terms of service or incident response contacts are found. Overall, the site offers good content and user experience but requires urgent security improvements.

B

Berufsgenossenschaft Rohstoffe und Chemische Industrie

bgrci.de

0

Berufsgenossenschaft Rohstoffe und Chemische Industrie (BG RCI) is a statutory accident insurance institution in Germany serving sectors such as mining, chemical industry, paper manufacturing, leather, sugar, and construction materials. The organization provides accident insurance, prevention, rehabilitation, and consulting services focused on occupational safety and health. The website targets entrepreneurs and insured members within these industries, offering information, publications, and access to online services such as a member portal. The site is built on TYPO3 CMS and uses modern JavaScript libraries and Matomo for analytics, indicating a moderate level of digital maturity. However, the website suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential data interception risks. Privacy compliance is well addressed with a comprehensive privacy policy and GDPR adherence, but cookie consent mechanisms are missing. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

B

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM)

bgetem.de

0

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM) is a German statutory accident insurance institution serving sectors including energy, textiles, electronics, and media. The organization provides prevention, rehabilitation, compensation, and member services to insured companies and individuals. The website reflects a well-structured, content-rich platform targeting employers, insured persons, and safety professionals with comprehensive information and resources. Technically, the site is built on the Plone CMS with Bootstrap and jQuery, integrating Matomo analytics and Cookiefirst for consent management. However, the site lacks HTTPS encryption, which is a critical security deficiency. No security headers or modern TLS protocols are configured, exposing the site to potential risks. Privacy and legal compliance are well addressed with clear policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and ensure compliance with modern standards.

B

BG Verkehr

bg-verkehr.de

0

BG Verkehr is a German statutory accident insurance institution specializing in transportation and logistics sectors. The website provides comprehensive information about insurance coverage, prevention, rehabilitation, and training services tailored for employees and companies in these industries. The site targets German-speaking users and serves as an official communication channel for BG Verkehr's services and updates. Technically, the website is built on the Plone CMS platform, utilizing modern frontend libraries such as Bootstrap and Font Awesome, and integrates Piwik/Matomo for analytics and Cookiefirst for cookie consent management. However, a critical security shortfall is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks and undermining trust. The site lacks security headers and advanced SSL configurations, which further impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website is professionally designed with good content quality and navigation but requires urgent security improvements to meet modern standards.

B

BG Kliniken – Klinikverbund der gesetzlichen Unfallversicherung gGmbH

bg-kliniken.de

0

BG Kliniken is a large non-profit healthcare organization in Germany specializing in acute care and rehabilitation for severely injured and occupationally ill patients. It operates one of the largest trauma center networks in the country, offering comprehensive medical services, research, and professional training through its BG Kliniken Akademie. The website is professionally designed with clear navigation targeting patients, insurance carriers, referring physicians, and job applicants. Technically, the site is built on TYPO3 CMS and integrates modern tools such as Usercentrics for cookie consent and Google Tag Manager for analytics. However, the site suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing visitors to potential risks. DNS records show well-configured SPF and DMARC policies, enhancing email security. Overall, the site demonstrates strong business credibility and privacy compliance but requires urgent security improvements.

V

Versicherer im Raum der Kirchen

vrk.de

0

Versicherer im Raum der Kirchen (VRK) is a medium-sized German insurance provider specializing in sustainable and ethical insurance products tailored for individuals and church-related groups. The company offers a broad range of insurance services including auto, travel, home, liability, legal protection, health, and retirement products, with a strong emphasis on sustainability and customer-centric service. Their market position is niche but well-established within the church and non-profit sectors in Germany, supported by multiple sustainability and employer awards. Technically, the website is built on Adobe Experience Manager (AEM) and uses modern web technologies such as StencilJS components and responsive images. However, the site suffers from slow load times and lacks a valid SSL certificate, serving content over HTTP which significantly impacts security posture. Accessibility and SEO optimizations are well implemented, and the site is mobile-friendly with clear navigation. Security-wise, the absence of HTTPS and security headers is a critical weakness, exposing users to potential risks. No explicit security or incident response policies are found, and no vulnerability disclosure or security.txt files are present. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism in place. Overall, VRK's website demonstrates excellent content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, adding security headers, and improving performance to align with best practices.