Security Directory

D

DKB AG

dkb.de

0

DKB AG is a leading sustainable direct bank in Germany, offering a wide range of digital banking services including accounts, credit cards, loans, and investment products with a strong emphasis on renewable energy financing and social responsibility. The bank holds a prime ESG rating from ISS ESG, positioning it as a market leader in sustainable finance among the top 20 German banks. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, hosted on AWS infrastructure, and uses Contentful as its CMS. The site demonstrates good performance and excellent mobile optimization, with comprehensive SEO and accessibility features. Security-wise, the site has a valid SSL certificate and properly configured SPF and DMARC records, but lacks DNSSEC and HSTS, which are recommended for enhanced security. The website employs Usercentrics CMP for cookie consent management and integrates analytics tools like Mapp Intelligence and Google Tag Manager, maintaining good privacy compliance. Overall, DKB AG's digital presence reflects a mature and professional organization with a strong commitment to sustainability and customer trust.

N

N26 SE

n26.com

0

N26 SE is a leading mobile-first bank headquartered in Germany, operating with a full German banking license and serving over 8 million customers across 24 markets. The company offers a range of financial products including free and premium bank accounts, instant savings linked to the European Central Bank rate, stock and ETF trading, and crypto investment powered by Bitpanda. Their digital-first approach is supported by a modern technology stack including React, Contentful CMS, and AWS hosting, ensuring a seamless and mobile-optimized user experience. Security is a core focus, with BaFin supervision, deposit protection up to €100,000, and advanced payment authentication methods such as 3D Secure and biometric verification. The website demonstrates strong privacy compliance with GDPR-aligned policies and cookie consent management via OneTrust. However, there are areas for improvement such as enabling HSTS, OCSP stapling, DNSSEC, and publishing a security.txt for vulnerability disclosure. Overall, N26 presents a mature digital banking platform with a solid security posture and a high level of trustworthiness in the fintech market.

F

finleap

finleap.com

0

finleap is a fintech company builder based in Germany, established in 2014, that has built or invested in multiple fintech ventures and corporate joint ventures with a significant market valuation. The company targets fintech investors, startups, and corporate partners, positioning itself as an important player in the fintech ecosystem. The website is built on WordPress and hosted on Amazon AWS infrastructure, utilizing modern web technologies including Google Tag Manager and Usercentrics for consent management. Performance is moderate with good mobile optimization and SEO practices. Security posture is adequate with valid SSL, SPF, and DMARC configurations, but lacks advanced features such as HSTS and OCSP stapling, and does not have DNSSEC or CAA enabled. The site employs a cookie consent mechanism compliant with GDPR, enhancing privacy compliance. Overall, finleap demonstrates a professional and trustworthy online presence with room for security improvements.

J

JTL-Software GmbH

jtl-url.de

0

JTL-Software GmbH is a leading German provider of ERP and e-commerce software solutions tailored for online retailers. With a strong market presence in the DACH region and over 50,000 customers, JTL offers a comprehensive ecosystem including ERP systems, online shop platforms, warehouse management, marketplace integration, and middleware solutions. Their product suite supports B2C, B2B, and D2C business models, emphasizing flexibility and scalability. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates advanced analytics and marketing tools such as Google Tag Manager, Matomo, and Microsoft Clarity. Security-wise, the site employs strong TLS protocols and valid certificates but lacks DNSSEC, HSTS, and CAA records, which are recommended for enhanced security. The company demonstrates strong compliance with GDPR through detailed privacy and cookie policies and uses a robust consent management system. Overall, JTL maintains a high level of professionalism, trustworthiness, and digital maturity, positioning itself as a reliable partner in the e-commerce software market.

R

Reply

vanillareply.com

0

Vanilla Reply, a part of the Reply group, specializes in tailored e-commerce, CMS, and PIM solutions primarily serving the German market. The company leverages strong partnerships with leading technology providers such as Shopware, Sylius, Akeneo, Storyblok, and TYPO3 to deliver integrated and agile digital experiences. Their business model focuses on consulting, custom software development, and cloud-based operations, positioning them as a trusted medium-sized player in the e-commerce sector. Technically, the website employs modern web technologies including Google Tag Manager, reCAPTCHA, OneTrust for cookie consent, and Google Maps API. The hosting is managed via register.it with a valid SSL certificate supporting TLS 1.3 and 1.2, and OCSP stapling enabled. However, performance is somewhat slow with a page load time of over 8 seconds, indicating potential optimization opportunities. The site is well-optimized for mobile and accessibility, with good SEO practices. From a security perspective, the site demonstrates good practices such as strong TLS protocols and no known SSL vulnerabilities. However, it lacks DNSSEC, CAA records, and DMARC, which are recommended for enhanced DNS and email security. The cookie consent mechanism is robust and GDPR compliant, but no explicit security policy or incident response information is publicly available. Overall, Vanilla Reply presents a professional and trustworthy digital presence with strong business and technical foundations. Strategic improvements in DNS security, email authentication, and performance optimization would further enhance their security posture and user experience.

I

interneX GmbH

internex.de

0

interneX GmbH is a small German company with a basic online presence primarily providing legal and contact information on its website. The company’s market position and detailed business services are not explicitly described, indicating a limited digital footprint. The website is minimalistic, with no advanced content or interactive features, targeting a general audience likely within Germany. Technically, the site is hosted on kasserver.com using Apache with HTTP/2 support and basic CSS styling. Performance is fast, but mobile optimization and accessibility are basic. Security posture shows support for modern TLS protocols without known vulnerabilities, but lacks advanced security headers such as HSTS and OCSP stapling. DNSSEC and DMARC are not implemented, which could expose the domain to DNS and email spoofing risks. Overall, the security score is moderate with room for improvement in compliance and best practices. The website does not include privacy or cookie consent mechanisms, which may impact GDPR compliance. Contact information is clearly provided, but no email addresses or social media links are present. Strategic recommendations include enhancing HTTPS security, implementing DNS and email protections, publishing a vulnerability disclosure policy, and improving privacy compliance to build trust and reduce risk.

P

profihost

profihost.de

0

Profihost is a well-established German managed hosting provider specializing in e-commerce hosting solutions tailored for online shops of various sizes. With 25 years of experience and strategic partnerships with platforms like Shopware, OXID, and Pimcore, they offer a comprehensive portfolio including managed servers, clusters, security services, and performance optimization. Their market position is strong within the German e-commerce hosting niche, supported by verified customer testimonials and a partner program. Technically, the website employs modern TLS protocols (TLS 1.3 and 1.2) and uses Google Tag Manager and Consent Manager for analytics and privacy compliance. However, performance is somewhat slow with a load time over 8 seconds. Security posture is basic with no HSTS, OCSP stapling, DNSSEC, or DMARC records, though no critical vulnerabilities were detected. Overall, the company demonstrates a professional and trustworthy online presence with room for security enhancements.

P

PwC-Stiftung

pwc-stiftung.de

0

PwC-Stiftung is a German non-profit foundation focused on promoting economic ethics and cultural education through project funding and its own educational programs. The foundation operates several participatory programs such as Wirtschafts.Forscher!, Hör.Forscher!, and Kultur.Forscher!, targeting schools and students, especially addressing pandemic-related educational gaps and refugee integration. The website is built on WordPress with a moderate technical infrastructure including common plugins for SEO, sliders, and cookie management. Hosting is provided by IONOS, and the site includes structured data for SEO and social media optimization. However, the security posture is weak due to an invalid SSL certificate, lack of modern TLS protocols, and missing security headers and DNS security features. Cookie consent is implemented in compliance with GDPR, enhancing privacy protections. Overall, the site presents a professional and trustworthy image but requires urgent improvements in SSL and security configurations to protect users and data.

P

PricewaterhouseCoopers

pwcplus.de

0

PwC Plus is a specialized knowledge and research platform operated by PricewaterhouseCoopers, targeting primarily financial services professionals with additional focus on healthcare and public services sectors. The platform offers subscription-based access to quality-assured, daily updated content including legal norms monitoring, regulatory insights, and sector-specific modules. The website demonstrates a mature digital presence with multilingual support, user account management, and integration of professional content from trusted partners such as the IFRS Foundation. Technically, the site is hosted on Colt's infrastructure, uses modern TLS protocols, and employs Piwik PRO for analytics with a compliant cookie consent mechanism. Security posture is solid with DMARC enforcement and no critical SSL vulnerabilities, though improvements like enabling HSTS, DNSSEC, and CAA records could enhance security further. No explicit security or incident response policies are published, indicating an area for maturity growth. Overall, PwC Plus presents a professional, trustworthy, and content-rich platform aligned with PwC's global brand standards.

U

United Internet Media

united-internet-media.de

0

United Internet Media is a large, Germany-based exclusive media marketer for United Internet AG brands, offering a wide range of digital advertising and dialog marketing services including programmatic, native, display, video, and email marketing. The website is built on TYPO3 CMS and integrates advanced consent management tools such as PermissionClient and OneTrust, reflecting a mature approach to privacy compliance. Security measures include valid SSL with strong cipher suites, SPF and DMARC records with quarantine policies, though improvements like DNSSEC and HSTS are recommended. The site demonstrates good content quality, navigation, and user experience, targeting advertisers and marketers seeking comprehensive media solutions. Overall, the company maintains a high trustworthiness level with a solid digital presence.

S

Seven.One Entertainment Group GmbH

seven.one

0

Seven.One Entertainment Group GmbH is a leading German media and entertainment company specializing in TV broadcasting, streaming, advertising products, content production, and event and artist management. It operates multiple well-known TV and digital brands and is a subsidiary of ProSiebenSat.1 Media SE. The website demonstrates a mature digital presence with modern technologies such as Liferay CMS, React, and integrated marketing and consent management tools. However, a critical security weakness is the absence of a valid SSL certificate, exposing users to potential risks. The company maintains comprehensive privacy and cookie policies with GDPR compliance and uses consent-based tracking. Overall, the business is positioned strongly in the German media market with a broad portfolio and professional digital infrastructure but needs urgent improvements in security configuration.

S

Score Media Group

score-media.de

0

Score Media Group operates as a national marketing platform for regional media brands in Germany, focusing on regional daily newspapers, their digital and print editions, and associated advertising services. The company holds a strong market position with a portfolio of over 420 regional newspaper titles reaching 62 million readers monthly. Their business model centers on cross-media advertising solutions, combining print, online, and e-paper channels to deliver targeted campaigns for advertisers and agencies. Technically, the website is built on WordPress with modern frameworks like React and uses various plugins and tools such as WPBakery, Slider Revolution, and Google Analytics, indicating a mature digital infrastructure but with room for performance optimization due to high page size and load times. Security-wise, the site supports modern TLS protocols and has valid SPF records but lacks advanced security headers like HSTS and OCSP stapling, and the DMARC policy is set to none, which could expose email spoofing risks. Overall, the site demonstrates good SEO, branding consistency, and user experience but would benefit from enhanced security configurations and clearer contact information.

I

iq digital media marketing gmbh

iqdigital.de

0

iq digital media marketing gmbh is a leading marketing company specializing in advertising for premium German media brands including FAZ Verlag, Handelsblatt Media Group, Süddeutsche Zeitung Verlag, and ZEIT Verlag. The company offers a comprehensive portfolio of digital advertising, programmatic advertising, audio/podcast advertising, newsletter marketing, content marketing, and data targeting services. Their market position is strong, leveraging high-reach, quality media brands to target decision makers and specialized audiences. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, hosted likely on Microsoft Azure, and employs GDPR-compliant consent management and analytics tools. Security posture is good with TLS 1.3 support and valid SPF records, but improvements are recommended in HSTS, DMARC, DNSSEC, and OCSP stapling. Overall, the company demonstrates a mature digital presence with strong privacy and compliance practices.

B

BCN Brand Community Network GmbH

brand-community-network.de

0

BCN Brand Community Network GmbH operates a comprehensive crossmedia marketing network focused on providing advertising solutions across print, digital, and event channels. The company holds a strong market position in Germany with over 300 media brands and 500+ advertising solutions, targeting advertisers and media planners seeking quality reach and brand engagement. The website is built on TYPO3 CMS and integrates modern marketing technologies including Google Tag Manager and a proprietary Smart Stack technology for optimized campaign performance. Security posture is adequate with TLS 1.2 and strong cipher suites but lacks advanced features like HSTS and OCSP stapling. GDPR compliance is well addressed with a dedicated consent management platform. Overall, the digital infrastructure supports a professional and trustworthy user experience, though some security enhancements are recommended.

A

Ad Alliance

ad-alliance.de

0

Ad Alliance is a prominent German media company specializing in advertising solutions across multiple channels including TV, video, print, audio, and digital. It holds a strong market position with key brands and targets decision-maker audiences. The website infrastructure uses a custom CMS hosted on managed IP servers, with moderate performance and good mobile optimization. The security posture is basic with TLS 1.2 enabled and strong cipher suites, but lacks modern features like TLS 1.3, HSTS, and OCSP stapling. Privacy and cookie policies are present and GDPR compliant, supported by a consent management platform. The site integrates Google Analytics and Tag Manager for tracking, with moderate user tracking levels. Contact information and social media presence are comprehensive, enhancing trust and transparency.

D

dimension2 economics & philosophy GmbH

dimension2.consulting

0

dimension2 economics & philosophy GmbH is a small German consulting firm specializing in Corporate Digital Responsibility (CDR) and ethical data usage to help businesses gain competitive advantages. Their website presents a professional and well-structured digital presence built on WordPress with modern design elements and SEO optimizations. However, the technical infrastructure shows significant security weaknesses, including the absence of a valid SSL certificate and lack of modern TLS protocols, which exposes the site to risks and undermines user trust. The company provides contact primarily through a contact form, with no direct email or phone contacts publicly listed. Privacy policy is present and GDPR compliant, but cookie consent mechanisms and terms of service are missing. Overall, the business is positioned as a niche consulting provider with a focus on trustworthy data practices, but the website's security posture requires urgent improvements to align with best practices and enhance client confidence.

T

TÜH Staatliche Technische Überwachung Hessen

tueh.de

0

TÜH Staatliche Technische Überwachung Hessen operates as a regional governmental authority providing digital tachograph cards and related services to individuals and businesses in Hessen, Germany. The website serves as an informational and transactional portal offering application forms and guidance for driver cards, company cards, and workshop cards. The organization positions itself as a trusted public service entity within the transportation sector, focusing on compliance and regulatory oversight. Technically, the website is built on TYPO3 CMS, hosted behind Cloudflare DNS and CDN services, and employs standard web technologies including Bootstrap and FontAwesome. Performance is moderate with good mobile optimization and basic accessibility. Security posture is adequate with a valid SSL certificate and cookie consent mechanisms; however, improvements are recommended such as enabling HSTS, DNSSEC, and security headers. No explicit terms of service or vulnerability disclosure policies are present, and contact information is limited to a contact form without direct emails or phone numbers. Analytics usage includes etracker and Google marketing cookies with user consent. Overall, the website demonstrates a professional and trustworthy presence aligned with its public service mission.

S

Sebastian Gepperth

rash.codes

0

The website rash.codes represents a personal brand and portfolio of Sebastian Gepperth, a software developer and designer specializing in open source projects and freelance coding services. The site targets developers and potential clients interested in modern web technologies and open source contributions. The business model revolves around personal branding and showcasing expertise to attract freelance opportunities. Technically, the site uses a modern frontend stack including Vue.js and Vitepress, hosted on a Hetzner server. However, the site lacks a valid SSL certificate and does not implement HTTPS, which is a significant security concern. DNS records show partial email security with SPF and DMARC configured, including an abuse contact email for incident reporting. Overall, the security posture is weak due to missing TLS, HSTS, and DNSSEC, exposing the site to potential interception and spoofing risks. Strategic improvements in SSL deployment and security policies are recommended to enhance trust and compliance.

D

DATEV eG

datev.com

0

DATEV eG is a leading European software and consulting company specializing in professional support for tax consultancy, auditing, companies, legal advice, and the public sector. The company holds a strong market position as one of Europe's largest software houses, offering over 200 software products and services, including payroll processing for about 14 million payrolls monthly. The website reflects a mature digital presence with excellent content quality, clear navigation, and strong branding consistency targeting tax professionals and related sectors primarily in Germany. Technically, the site leverages Adobe Experience Manager as its CMS, integrates Adobe Helix RUM for analytics, and uses OneTrust for GDPR-compliant cookie consent management. The hosting infrastructure appears self-managed with dedicated DNS and mail servers, and the site supports modern TLS protocols ensuring secure communications. Security posture is good with strict SPF and DMARC policies, absence of known SSL vulnerabilities, but could be improved by enabling HSTS and OCSP stapling. Overall, the website demonstrates a professional and trustworthy digital footprint aligned with enterprise standards.

K

Koelnmesse GmbH

koelnmesse.com

0

Koelnmesse GmbH is a leading trade fair and event organizer based in Cologne, Germany, with a century-long history since its founding in 1924. The company operates over 80 trade fairs and exhibitions both locally and in key global markets, serving a diverse audience including exhibitors, visitors, and trade fair organizers. Koelnmesse has a strong market position, recognized for its sustainability efforts and industry leadership, including recent awards such as 'Company of the Year' 2025 and 'Pioneer in Sustainability 2024'. Technically, the website employs a modern tech stack including jQuery, OneTrust for privacy management, Google Tag Manager, and various third-party integrations for social media and advertising. Hosting is provided via Amazon AWS infrastructure. Performance is moderate with good mobile optimization and basic accessibility features. SEO practices are good, supporting the company's digital presence. From a security perspective, while email security is well managed with valid SPF and DMARC records, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant vulnerabilities. The site lacks HSTS, OCSP stapling, and other advanced security headers, lowering its overall security posture. No vulnerability disclosure or security.txt files were found, indicating limited transparency in security incident handling. Overall, Koelnmesse presents a professional and trustworthy online presence with strong business credentials but requires urgent improvements in its SSL/TLS configuration and security best practices to protect user data and maintain compliance with modern security standards.

Q

Qwist GmbH

qwist.com

0

Qwist GmbH is a leading open finance platform operating primarily in the DACH and Iberian markets, offering a comprehensive suite of B2B2X financial technology products. Their key offerings include digital account and portfolio switching, open banking compliance solutions, financial data analytics, and digital lending integration. The company positions itself as the #1 open finance company in its region, serving major banks and financial institutions with a strong investor backing from Finch Capital and Finleap. Technically, the website is built on WordPress with the Divi theme and leverages modern marketing and analytics tools such as HubSpot, Matomo, and SalesLoft. The site employs GDPR-compliant cookie consent via Cookiebot and maintains a valid SSL certificate, although some security enhancements like HSTS and DNSSEC are absent. Performance is moderate with good mobile optimization and SEO practices. From a security perspective, Qwist demonstrates solid foundational practices including SPF and DMARC email protections and encrypted communications. However, the absence of advanced DNS security measures and a public security or incident response policy suggests room for improvement. No critical vulnerabilities were detected in the current analysis. Overall, Qwist presents a professional and trustworthy digital presence aligned with its market leadership in open finance. Strategic security enhancements and transparency in incident response would further strengthen its risk posture and customer confidence.

P

PlentyONE GmbH

plentyone.com

0

PlentyONE GmbH operates a leading cloud-native all-in-one e-commerce ERP platform that connects brands, manufacturers, and retailers to over 150 global marketplaces. The company offers a scalable and flexible SaaS solution complemented by strategic consulting and operational support services. Their market position is strong, with over 55,000 users and significant transaction volumes, positioning them as a key player in the e-commerce sector. Technically, the website is built on HubSpot CMS, leveraging AWS hosting and Cloudflare CDN, with extensive use of marketing and analytics tools such as Google Analytics, HubSpot, and Cookiebot for privacy compliance. Security posture is generally good with modern TLS protocols and OCSP stapling, but improvements are recommended in HTTP security headers and DNS security. The website demonstrates excellent design, content quality, and user experience, supported by comprehensive cookie consent mechanisms and privacy policies. Overall, PlentyONE shows a mature digital presence with a strong focus on compliance and customer engagement.

P

PlentyONE GmbH

plentysystems.com

0

PlentyONE GmbH operates a cloud-native all-in-one e-commerce ERP platform that connects brands, manufacturers, and retailers with over 150 marketplaces globally. The company holds a strong market position with 55,000 users and significant transaction volumes, offering comprehensive services including multi-channel sales, order management, product data management, and strategic growth consulting. Technically, the website is built on HubSpot CMS, integrates multiple marketing and analytics tools such as Google Analytics, HubSpot, and Cookiebot, and is hosted on AWS infrastructure. However, the site currently lacks a valid SSL certificate and modern TLS support, which poses a critical security risk. The company demonstrates good privacy compliance with GDPR-aligned policies and cookie consent mechanisms. Strategic improvements in security posture, especially SSL/TLS implementation and security headers, are recommended to enhance trust and protect user data.

D

dimension2 economics & philosophy GmbH

cdr-lab.de

0

CDR Lab, operated by dimension2 economics & philosophy GmbH, is a German-based cooperative platform established in 2018 that focuses on Corporate Digital Responsibility (CDR). It serves as a participatory process for companies, academia, NGOs, and institutions to collaboratively develop knowledge, share experiences, and initiate joint CDR solutions through conferences, workshops, webinars, and research projects. The organization positions itself as a niche leader in responsible digital transformation and ethical digital business practices. The website is professionally built on WordPress with modern plugins and SEO optimization, targeting German-speaking audiences interested in digital responsibility and sustainability. Technically, the website leverages WordPress 6.6.1 with Colibri Page Builder Pro, Ultimate Member, The Events Calendar, and Forminator plugins. It is hosted on lima-city.de with multiple IPv4 and IPv6 addresses. Performance is moderate with a page load time of approximately 5 seconds and a page size of 450 KB. Mobile optimization and SEO are good, but accessibility is basic. The site lacks a valid SSL certificate and does not currently enforce HTTPS, which is a significant security concern. DNS records include valid SPF and DMARC policies, but DNSSEC and CAA are not enabled. From a security perspective, the absence of a valid SSL certificate and disabled TLS protocols expose the site to risks such as data interception and man-in-the-middle attacks. The site does not implement HSTS, OCSP stapling, or session resumption, further weakening its security posture. No explicit security policy, incident response contacts, or vulnerability disclosure mechanisms are present. The site collects personal data via a contact form but lacks visible cookie consent mechanisms, which may impact GDPR compliance despite having a comprehensive privacy policy hosted on a related domain. Overall, while the business and content aspects of CDR Lab are strong and professionally presented, the technical security posture requires urgent improvement to protect user data and enhance trust. Strategic recommendations include immediate SSL/TLS deployment, enabling modern security headers and protocols, and implementing cookie consent and vulnerability disclosure policies to align with best practices and regulatory requirements.

B

Bayern Innovativ

bayern-innovativ.de

0

Bayern Innovativ is a publicly commissioned innovation support organization based in Bavaria, Germany, established in 1995. It focuses on fostering innovation by connecting businesses, research institutions, and organizations through networks, services, and events. The organization supports the entire innovation lifecycle, from idea development to market introduction, with a strong emphasis on sectors such as energy, transportation, healthcare, manufacturing, and creative industries. Their market position is well-established as a key facilitator of innovation in the Bavarian economy. Technically, the website is built on TYPO3 CMS and incorporates modern web technologies including Bootstrap, jQuery, and various third-party services such as ReadSpeaker for accessibility and Google Tag Manager for marketing analytics. The site demonstrates good mobile optimization and accessibility features, though performance is somewhat slow with a high load time and resource count. From a security perspective, the site supports TLS 1.3 and 1.2 with no known SSL vulnerabilities, but lacks advanced security headers like HSTS and DNSSEC. Cookie consent mechanisms are implemented comprehensively, supporting GDPR compliance. Certifications such as ISO 37301 and audit badges enhance trustworthiness. However, no explicit security or incident response policies are publicly available. Overall, Bayern Innovativ presents a professional and trustworthy digital presence with room for improvement in security hardening and performance optimization. Strategic enhancements in these areas would strengthen their security posture and user experience.

J

Johann Oberauer GmbH

campaigngermany.de

0

Campaign Germany is a well-established German media service focused on delivering daily industry news and insights for the advertising, marketing, and media sectors. The website offers subscription services, newsletters, job listings, and advertising opportunities, targeting professionals within the German media industry. The company operates under Johann Oberauer GmbH and maintains a consistent brand presence with a good quality content offering. Technically, the site is built on the Newsroom CMS and uses technologies such as nginx, Google Tag Manager, and Google Publisher Tags for advertising. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. While privacy policies and terms of service are present and GDPR compliant, there is no cookie consent mechanism implemented. The site uses standard security headers but misses advanced protections like HSTS and DNSSEC. Overall, the website demonstrates moderate trustworthiness and professionalism but requires urgent security improvements to protect user data and enhance compliance.

B

Bundesverband Digitale Wirtschaft

ovk.de

0

The OVK (Online-Vermarkterkreis) is an important industry association under the Bundesverband Digitale Wirtschaft (BVDW) representing online display marketers in Germany. It focuses on strengthening the national online advertising market, promoting standards, and ensuring market transparency. The website reflects a medium-sized organization with a clear focus on digital advertising and media sectors, targeting industry stakeholders and partners. Technically, the site is built on WordPress with Bootstrap and jQuery, integrating Google Analytics and Borlabs Cookie for tracking and consent management. However, the site suffers from a lack of valid SSL/TLS configuration, which poses security risks and impacts user trust. Privacy and cookie policies are comprehensive and GDPR compliant, but no explicit security or incident response policies are published. The organization maintains a strong partner ecosystem and social media presence, enhancing its market position.

D

DMEXCO

dmexco.com

0

DMEXCO is a leading European event organizer specializing in digital marketing and technology conferences and expositions. The company operates a comprehensive digital platform that includes event information, news, podcasts, and resources targeting industry leaders, marketing professionals, and technology innovators. Their market position is strong as a premier event in the digital marketing space, supported by a large-scale event infrastructure and partnerships with key industry players. Technically, the website is built on WordPress and leverages modern JavaScript libraries and marketing tools such as HubSpot and Usercentrics for analytics and consent management. However, the website suffers from critical security shortcomings including an invalid SSL certificate and lack of modern TLS protocols, which pose significant risks to user trust and data security. The security posture is basic with no advanced security headers or DNSSEC implemented. Overall, DMEXCO demonstrates a mature digital presence with excellent content and user experience but requires urgent improvements in SSL/TLS configuration and security best practices to safeguard its reputation and compliance.

C

Corporate Digital Responsibility Award

cdr-award.digital

0

The Corporate Digital Responsibility Award website serves as a platform to recognize and promote outstanding corporate responsibility in digital transformation within the DACH region. It targets organizations committed to sustainable and ethical digital practices, offering awards, conferences, and networking opportunities. The site is well-branded, content-rich, and supported by reputable partners, positioning it as a leading initiative in its niche. Technically, the website is built on WordPress with common plugins such as Contact Form 7 and Borlabs Cookie for consent management. Despite good SEO practices including structured data and meta tags, the site suffers from performance issues with a high load time and large page size. Mobile optimization and accessibility are rated good, but the lack of a valid SSL certificate and modern TLS protocols significantly undermines the security posture. Security-wise, the absence of HTTPS and modern encryption protocols exposes users to risks, and no advanced security headers or incident response information are present. The site does implement SPF for email protection and shows no signs of subdomain takeover vulnerabilities. Overall, the security maturity is low, requiring urgent improvements to protect user data and enhance trust. Strategically, the site should prioritize securing its infrastructure with valid SSL certificates and modern protocols, enhance security headers, and provide clearer contact and incident response information. These steps will improve user trust, compliance with regulations, and overall resilience against cyber threats.

B

BVDW

deutscherdigitalaward.de

0

The Deutscher Digital Award (DDA) is a prominent award platform recognizing innovative digital projects within the DACH region, organized by BVDW. The website serves as a comprehensive resource for award categories, jury members, and event information, targeting creative professionals in the digital industry. Technically, the site is built on WordPress with Elementor and JetEngine, supported by Borlabs Cookie for consent management. However, the absence of a valid SSL certificate and modern TLS protocols significantly weakens its security posture. While SPF is configured for email, the lack of DMARC and other security headers exposes potential risks. The site demonstrates good SEO and user experience but suffers from slow performance due to large page size and resource count. Overall, the platform is well-positioned in the media sector but requires urgent security improvements to protect user data and enhance trust.

A

AdValue Group GmbH

emarketing.com

0

AdValue Group GmbH is a leading German technology provider specializing in advertising technology, datafeed management, dynamic repricing, and customer journey tracking. Their product suite includes repricing.com, EPWR, intelliAd, intelliTracking, and DataFeedManager, serving over 50,000 customers with more than 1 billion in ad spend managed. The company targets e-commerce businesses, Amazon sellers, brands, and agencies, positioning itself as a market leader with multiple industry awards and Google Premier Partner status. Technically, the website is built on Squarespace with integrations for multilingual support and custom fonts, but currently lacks a valid SSL certificate on the emarketing.com domain, which is a critical security gap. The site implements GDPR-compliant cookie consent mechanisms and provides clear contact information and social media presence. However, it lacks published security policies and incident response details, which are important for trust and compliance. Overall, the company demonstrates strong business maturity and digital presence but should improve its security posture to align with best practices.

T

TÜV Hessen

tuev-club.de

0

TÜV KNOW-HOW CLUB, operated under the TÜV Hessen brand, provides specialized training and informational events primarily targeting management system representatives and TÜV PROFiCERT customers. The website serves as a platform to promote membership, events, and certification-related services, positioning itself as a regional leader in certification education and networking. Technically, the site is built on TYPO3 CMS, hosted behind Cloudflare, and employs standard web technologies including Bootstrap and FontAwesome. While the site includes a GDPR-compliant cookie consent mechanism and valid SSL certificates, performance is suboptimal with high load times and no advanced security headers or DNSSEC enabled. Social media integration and legal compliance pages are present, enhancing trust. However, no explicit security policy or incident response information is provided, indicating room for maturity in security posture. Overall, the site is professional and trustworthy but would benefit from technical and security enhancements.

T

TÜV Technische Überwachung Hessen GmbH

tuev-hessen.de

0

TÜV Hessen is a well-established German company specializing in safety, environmental protection, and quality assurance services for both private and business customers. With a strong market position supported by nearly 150 years of experience, TÜV Hessen offers a broad range of services including vehicle inspections, building certifications, workplace safety, and management system certifications. The company targets private individuals and businesses primarily in the energy, transportation, and manufacturing sectors. Their digital presence is powered by TYPO3 CMS and hosted via Cloudflare, featuring modern responsive design and GDPR-compliant cookie consent mechanisms. However, the website exhibits slow performance and lacks some advanced security configurations such as HSTS and DNSSEC.

T

Tomorrow GmbH

tomorrow.one

0

Tomorrow GmbH is a sustainable mobile banking service provider operating primarily in Germany and select European countries. The company offers a range of bank accounts focused on sustainability, including the Now, Change, and Zero accounts, as well as investment products and savings accounts with competitive interest rates. Their market position is that of a challenger bank with a strong emphasis on climate protection and social impact, supported by a regulated banking partner, Solaris SE. The website demonstrates a mature digital presence with excellent content quality, user experience, and SEO optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and lack of HTTPS support, which undermines user trust and data security. The company has implemented privacy and cookie policies with consent mechanisms, and holds a B Corp certification, enhancing its trustworthiness. Strategic partnerships with Solaris SE, lemon.markets, and Qwist strengthen its service offerings and operational capabilities.

A

AMALYTIX GmbH

amalytix.com

0

AMALYTIX GmbH operates a specialized SaaS platform focused on providing Amazon sellers and vendors with comprehensive business intelligence and monitoring tools. Positioned as an official Amazon Software Partner and Amazon Ads Software Partner, AMALYTIX offers a suite of services including Amazon BI dashboards, intelligent alerts, content monitoring, and agency tools. The company targets Amazon marketplace participants primarily in Germany and offers a 14-day free trial to attract users. Their digital presence is robust, featuring bilingual content, extensive knowledge bases, and customer testimonials that reinforce trust and professionalism. Technically, the website leverages modern frameworks such as Nuxt.js and Vue.js, hosted on Netlify Edge, with TailwindCSS for styling and Umami Analytics for privacy-focused user tracking. While the site demonstrates good SEO, mobile optimization, and user experience, performance metrics are moderate, and accessibility is basic. The SSL configuration is notably deficient, with no valid certificate and no modern TLS protocols enabled, posing a significant security risk. From a security perspective, the site implements some best practices such as HSTS headers but lacks a valid SSL certificate, OCSP stapling, session resumption, and certificate transparency compliance. There is no visible security policy or incident response information, which could impact trust and compliance. Cookie consent mechanisms are implemented and appear GDPR compliant, supported by a comprehensive privacy policy. Overall, AMALYTIX presents a professional and trustworthy e-commerce SaaS offering with strong market positioning but requires urgent improvements in SSL/TLS security to protect user data and maintain compliance. Strategic enhancements in security posture and incident response readiness will further strengthen their market credibility and operational resilience.

A

AdValue Group GmbH

epwr.com

0

EPWR is a German-based SaaS company specializing in Amazon Ads management tools, offering automated bidding, detailed reporting, and campaign management solutions. Positioned as an Amazon Advanced Partner with multiple industry awards, EPWR targets Amazon sellers, vendors, and agencies seeking to optimize their advertising performance. The platform provides comprehensive features including real-time data integration, AI-driven bid management, and campaign automation to enhance efficiency and ROI. Technically, the website is built on Webflow CMS, leveraging modern JavaScript frameworks and third-party services such as Google Tag Manager and CCM19 for cookie consent management. While the SSL certificate is valid and HSTS is enabled, the site lacks modern TLS protocol support and DNS security features like DNSSEC and CAA records, indicating room for security enhancements. The site demonstrates good privacy compliance with GDPR-aligned cookie consent mechanisms and detailed privacy policies. Overall, EPWR presents a professional, trustworthy digital presence with strong branding and customer testimonials, though performance optimization is recommended due to slow load times.

A

AdValue Group GmbH

datafeedmanager.com

0

AdValue Group GmbH operates a leading product feed management platform targeting e-commerce businesses primarily in Germany. Their solution integrates with major shop systems and advertising platforms, offering automated feed optimization and campaign management tools. The website is professionally designed using Squarespace, with good mobile optimization and GDPR-compliant cookie consent mechanisms. Security posture is adequate with valid SSL and HSTS enabled, but lacks modern TLS protocols and DNS security features. Contact information and legal disclosures are clearly provided, enhancing trust. Overall, the company demonstrates a mature digital presence with a focus on e-commerce performance tools.

A

AdValue Group GmbH

repricing.com

0

Repricing.com is a German-based SaaS provider specializing in dynamic repricing solutions for online retailers. Owned by AdValue Group GmbH, it offers plugins compatible with major e-commerce platforms such as Shopware, JTL, and plentymarkets, along with campaign management tools for Google, Meta, and Microsoft advertising platforms. The website is professionally designed and targets German-speaking e-commerce businesses aiming to optimize pricing and marketing efficiency. Technically, the site is built on Squarespace CMS and integrates Google Analytics and Tag Manager for analytics, but suffers from an invalid SSL certificate which undermines secure HTTPS connections. Security headers like HSTS and X-Frame-Options are present, but improvements are needed in SSL configuration and DNS security. Privacy and cookie policies are implemented with GDPR compliance and user consent mechanisms. Overall, the site demonstrates a solid business and technical foundation but requires remediation of SSL issues and enhanced security practices to improve trust and compliance.

E

emarketing AG

intellitracking.com

0

intelliTracking, operated by emarketing AG, is a leading German provider of website data analysis and customer journey tracking solutions. The company emphasizes privacy compliance, offering patented, cookieless, and server-side tracking technologies tailored for e-commerce and website operators in Germany. Their market position is strong, supported by multiple certifications and a broad client base. Technically, the site is built on Squarespace with a moderate performance profile and good mobile optimization. However, the SSL configuration is currently invalid, posing a significant security risk. Security headers are partially implemented, but improvements are needed to meet modern standards. Overall, intelliTracking demonstrates a high level of professionalism and trustworthiness, with clear contact information and compliance with GDPR requirements.

A

AdValue Group GmbH

advalue-group.com

0

AdValue Group GmbH is a leading German technology provider specializing in advertising technology, datafeed management, dynamic repricing, and customer journey tracking. They offer a suite of products including repricing.com, EPWR for Amazon Ads, intelliAd for PPC optimization, intelliTracking for customer journey analytics, and DataFeedManager for product datafeeds. The company serves online retailers, brands, vendors, and agencies, managing over 1 billion in ad spend and supporting more than 50,000 customers. Their market position is strong with multiple industry awards and certifications, including Google Premier Partner status. Technically, the website is built on Squarespace with good mobile optimization and SEO practices. Security posture is basic with valid SSL and HSTS enabled but lacks modern TLS protocols and DNSSEC. No formal security policy or incident response information is published. Overall, the company demonstrates a mature digital presence with room for security enhancements.

TÜV PROFiCERT, operated by TÜV Hessen, is a well-established certification and conformity assessment provider specializing in quality management, environmental and energy management, occupational safety, information security, healthcare, and validation services. The company leverages its TÜV brand reputation and accredited certification procedures to serve businesses seeking recognized certifications in Germany and potentially beyond. The website is built on TYPO3 CMS, hosted behind Cloudflare, and employs a professional design with clear navigation and multilingual support. While the SSL certificate is valid and HSTS is enabled with preload, the absence of modern TLS protocols (TLS 1.2 or 1.3) is a notable security gap. The site implements a comprehensive cookie consent mechanism and uses etracker for analytics, reflecting a moderate level of user tracking with good privacy compliance. Contact information is clearly presented, but no explicit incident response or vulnerability disclosure policies are found. Overall, the site demonstrates a solid security posture with room for improvement in modern protocol support and security header implementation.

A

AdValue Group GmbH

e-pwr.de

0

EPWR, a product of AdValue Group GmbH based in Germany, is a specialized SaaS platform focused on optimizing Amazon Advertising campaigns through automated bidding, comprehensive reporting, and campaign management. The company holds a strong market position supported by multiple industry awards and partnerships, targeting Amazon sellers, vendors, and marketing agencies. Technically, the website leverages modern web technologies including Webflow CMS, Cloudflare CDN, and Google Tag Manager, ensuring fast performance and excellent mobile optimization. Security posture is solid with HTTPS, HSTS, and secure cookies, though TLS protocols are not currently enabled, and DNS security features like DNSSEC and CAA are absent. No explicit security policy or incident response information is publicly available, which could be improved to enhance trust. Overall, the website demonstrates high professionalism, trustworthiness, and a clear focus on delivering value to Amazon advertisers.

E

exito GmbH & Co. KG

exito.de

0

exito GmbH & Co. KG is a well-established online marketing agency based in Nürnberg, Germany, specializing in performance marketing services such as Search Engine Advertising (SEA), Search Engine Optimization (SEO), Display Advertising, and social media campaigns. Founded in 1998, the company has a strong market presence with a focus on delivering measurable marketing results and supporting international multilingual campaigns. Their website reflects a professional and consistent brand image with comprehensive content and active social media engagement. Technically, the website is built on the webEdition CMS platform, utilizing technologies like jQuery and Bootstrap, and offers good mobile optimization and SEO practices. However, the security posture shows room for improvement, with no modern TLS protocols enabled and missing security headers, although the SSL certificate is valid and free of known vulnerabilities. The absence of cookie consent mechanisms and explicit security policies suggests partial GDPR compliance. Overall, exito GmbH & Co. KG demonstrates a solid business and digital presence but should enhance its security and privacy practices to align with best practices and regulatory requirements.

A

ad agents GmbH

ad-agents.com

0

ad agents GmbH is a well-established digital marketing agency based in Germany, specializing in online and performance marketing services. Founded in 2006, the company offers a comprehensive portfolio including search engine advertising, SEO, Amazon marketplace services, affiliate management, social media advertising, consulting, analytics, and product data management. The agency serves a broad business audience seeking to enhance their digital marketing performance nationally and internationally. The website reflects a mature digital presence with excellent content quality, strong branding consistency, and multiple trust indicators such as client testimonials and industry certifications. Technically, the site is built on WordPress with modern performance optimizations and integrates advanced marketing and analytics tools like HubSpot, Usercentrics CMP, and eTracker. Security posture is good with valid SSL, HSTS enabled, and SPF records configured, though TLS protocols are currently disabled, which is a notable gap. Privacy compliance is well addressed with GDPR-aligned cookie consent mechanisms. Overall, the company demonstrates a strong market position with a professional and trustworthy online presence.

S

Solarisbank AG

solarisgroup.com

0

Solarisbank AG operates as a leading embedded finance platform in Europe, providing a comprehensive Banking-as-a-Service solution that enables businesses to integrate digital banking, payments, lending, and identification services via advanced APIs. The company holds a full German banking license, allowing it to operate across the EU with a strong compliance and regulatory framework. Solarisbank's market position is reinforced by partnerships with notable clients such as American Express and Tomorrow, and a clear focus on customer-centric financial product innovation. Technically, Solarisbank employs modern web technologies including React and Gatsby, hosted on AWS infrastructure, with a cloud-based banking platform emphasizing scalability and international expansion. The website demonstrates good performance, mobile optimization, accessibility, and SEO practices, supported by a robust API-driven backend. From a security perspective, Solarisbank maintains a valid SSL certificate, enforces HSTS with preload, and implements SPF DNS records. However, the absence of enabled TLS 1.2 or higher protocols and lack of DNSSEC and CAA records present areas for improvement. The company provides clear privacy policies, cookie consent mechanisms, and incident response contact channels, reflecting a mature security posture. Overall, Solarisbank presents a high-trust, professional digital presence with strong business and technical foundations. Strategic enhancements in security protocols and transparency around vulnerability disclosures would further strengthen its risk profile and customer confidence.

V

Volkswagen Financial Services

volkswagen-versicherungsdienst.de

0

Volkswagen Financial Services AG operates the volkswagen-versicherungsdienst.de website, providing a comprehensive portfolio of automotive insurance products including liability, partial and full coverage, warranty extensions, leasing rate insurance, credit protection, and travel insurance. The site targets primarily German private and business customers, leveraging the strong Volkswagen brand and integrated financial services ecosystem. The website is built on Adobe Experience Manager with extensive use of modern web technologies and content delivery networks, ensuring excellent performance and user experience. However, the SSL configuration is critically flawed with a self-signed certificate and no enabled TLS protocols, which undermines secure communications. Security headers are well implemented, but the absence of a cookie consent mechanism and explicit security or incident response policies indicates gaps in compliance and transparency. The site integrates multiple marketing and analytics tools, including Adobe Analytics, Google Tag Manager, and UserZoom, reflecting extensive user tracking. Overall, the site is professional, content-rich, and trustworthy from a business perspective but requires urgent security improvements to protect user data and comply with best practices.

V

Volkswagen Financial Services AG

volkswagen-bank.de

0

Volkswagen Financial Services AG operates a comprehensive digital platform offering automotive financial services including leasing, financing, insurance, and mobility solutions primarily targeting private and business customers in Germany. The website demonstrates a mature digital infrastructure leveraging Adobe Experience Manager, advanced analytics, and multiple integrations with marketing and tracking tools. However, the security posture is weakened by an invalid self-signed SSL certificate and disabled TLS protocols, which pose significant risks to secure communications. The site includes strong security headers and content policies but lacks visible cookie consent mechanisms and explicit security or incident response policies. Overall, the platform is professionally designed, content-rich, and well-branded, supporting a leading position in automotive financial services within the Volkswagen Group ecosystem.

A

AdValue Group GmbH

intelliad.de

0

intelliAd.de is a German-based technology company specializing in performance marketing software solutions. Their flagship offering, the intelliAd Performance Marketing Suite, provides tools for optimizing online marketing activities including search engine advertising and customer journey tracking with GDPR-compliant features. The company holds a strong market position in the German-speaking region, supported by multiple industry certifications and partnerships with notable brands. Their website reflects a professional and consistent brand image targeting digital marketers and agencies. Technically, the site is built on WordPress with a modern plugin ecosystem, leveraging Google Analytics and Usercentrics for analytics and consent management. Security posture is adequate with a valid SSL certificate but lacks modern TLS protocol support and advanced security headers. No explicit security or incident response policies are published, representing an area for improvement. Overall, intelliAd demonstrates a mature digital presence with good compliance and marketing transparency.