Security Directory

S

Sparkasse Saarbrücken

sparkasse-saarbruecken.de

0

Sparkasse Saarbrücken operates as a regional financial institution providing a broad range of banking and financial services to private and business customers. The website offers comprehensive online banking, credit products, investment options, insurance, and real estate services, positioning itself as a trusted and award-winning bank in Germany. The digital presence is well-structured, targeting both private and corporate clients with clear navigation and service offerings. Technically, the site uses modern web technologies and likely a robust CMS platform, delivering a good user experience with mobile optimization and accessibility features. Security posture is strong with HTTPS, SPF, and DMARC policies in place, though improvements such as DNSSEC and HSTS could enhance protection. Privacy compliance is well addressed with explicit cookie consent and detailed privacy policies. Overall, the website reflects a mature digital infrastructure supporting a large financial institution with a high level of professionalism and trust.

V

Versicherer im Raum der Kirchen

vrk.de

0

Versicherer im Raum der Kirchen (VRK) is a medium-sized German insurance provider specializing in sustainable and ethical insurance products tailored for individuals and church-related groups. The company offers a broad range of insurance services including auto, travel, home, liability, legal protection, health, and retirement products, with a strong emphasis on sustainability and customer-centric service. Their market position is niche but well-established within the church and non-profit sectors in Germany, supported by multiple sustainability and employer awards. Technically, the website is built on Adobe Experience Manager (AEM) and uses modern web technologies such as StencilJS components and responsive images. However, the site suffers from slow load times and lacks a valid SSL certificate, serving content over HTTP which significantly impacts security posture. Accessibility and SEO optimizations are well implemented, and the site is mobile-friendly with clear navigation. Security-wise, the absence of HTTPS and security headers is a critical weakness, exposing users to potential risks. No explicit security or incident response policies are found, and no vulnerability disclosure or security.txt files are present. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism in place. Overall, VRK's website demonstrates excellent content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, adding security headers, and improving performance to align with best practices.

I

IXOPAY GmbH

ixopay.com

0

IXOPAY GmbH is a medium-sized enterprise based in Austria specializing in enterprise payment orchestration and tokenization solutions. The company offers a comprehensive platform designed to improve authorization rates, streamline PCI compliance, and unify payment data for merchants and enterprises globally. Their business model focuses on providing modular payment services and connectivity to multiple payment processors, targeting B2B clients in finance and technology sectors. The website demonstrates strong branding consistency, professional content, and trust indicators such as client testimonials and social media presence. Technically, the website leverages modern JavaScript technologies, integrates third-party services like Sentry for error tracking, ChiliPiper for lead routing, and TokenEx for tokenization. It is hosted behind Cloudflare, which provides DNS and CDN services. However, performance is currently slow, and accessibility is basic. SEO optimization is good with proper meta tags and structured data. From a security perspective, while the website implements several important HTTP security headers and secure cookie attributes, it suffers from a critical SSL/TLS misconfiguration with no valid certificate and no enabled TLS protocols. This severely impacts the security posture and trustworthiness of the site. Privacy compliance is generally good with a comprehensive privacy policy and GDPR indicators, but no explicit cookie consent mechanism was detected. Overall, IXOPAY presents a professional and credible business front with strong technical foundations but requires urgent remediation of SSL/TLS issues to ensure secure and trusted operations. Strategic improvements in performance and privacy consent mechanisms would further enhance their digital maturity.

B

Baloise Gruppe

baloise.com

0

Baloise Gruppe is a leading European insurance and financial services provider with a strong presence in Switzerland, Germany, Luxembourg, Belgium, and Liechtenstein. The company offers a wide range of insurance products, financial solutions, and career opportunities, targeting both private and institutional customers. Their website reflects a professional and comprehensive digital presence with extensive content, multi-language support, and clear navigation. Technically, the site employs modern web components and integrates various marketing and analytics tools, though it suffers from an invalid SSL certificate which impacts its security posture. The security configuration lacks essential headers and proper SSL, reducing the overall security score. Privacy compliance is well addressed with comprehensive policies and a robust cookie consent mechanism. Overall, the website is professional and trustworthy but requires urgent attention to its SSL configuration to enhance security and user trust.

G

Grazer Wechselseitige Versicherung AG

grawe.at

0

Grazer Wechselseitige Versicherung AG (GRAWE) is a well-established Austrian insurance company founded in 1828, offering a broad range of insurance products including private, business, and agricultural insurance, alongside financial services. The company maintains a strong market position in Austria with a large customer base and extensive service network. Their website reflects a mature digital presence with comprehensive content, clear navigation, and multi-language support. Technically, the site is built on TYPO3 CMS, uses modern JavaScript and CDN services, but suffers from slow load times due to high resource count and page size. Security posture is good with valid SSL, strong cipher suites, and proper DNS security records like SPF and DMARC, though improvements such as enabling HSTS and OCSP stapling are recommended. Privacy compliance is robust with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its large enterprise status.

I

ION Group

iontrading.com

0

ION Group is a global enterprise specializing in financial software and automation technology, serving financial institutions, central banks, and corporations. Their comprehensive product portfolio spans markets, analytics, core banking, treasury, commodities, and credit information, positioning them as a key player in the finance and technology sectors. The website reflects a mature digital presence with extensive content, clear navigation, and strong branding consistency. Technically, the site is built on WordPress with modern analytics and marketing tools integrated, hosted on AWS infrastructure. Security posture is solid with HTTPS and valid SPF/DMARC records, though improvements like HSTS and DNSSEC are recommended. Privacy compliance is robust, featuring a detailed cookie consent mechanism and GDPR-aligned policies. Overall, the site demonstrates high professionalism and trustworthiness, supporting ION's market position as a leading automation technology provider.

D

DASH Financial Technologies

dashfinancial.com

0

DASH Financial Technologies is a prominent provider of electronic trading platforms and capital markets technology solutions, serving large institutional clients such as hedge funds and professional traders. The company offers a broad range of services including execution services, analytics, workflow tools, regulatory technology, and prime brokerage services. Their market position is reinforced by multiple industry awards and recognitions, highlighting their leadership in the financial technology sector. Technically, the website is built on WordPress with modern technologies such as TLS 1.3, OCSP stapling, and integrates marketing and analytics tools like HubSpot, Google Tag Manager, and Facebook Pixel. Security posture is good with HTTPS enforced and SPF/DMARC email protections, though improvements like HSTS and DNSSEC could enhance security further. Privacy compliance is moderate with a privacy policy present but lacking explicit cookie consent mechanisms. Overall, the website demonstrates strong business credibility, professional design, and functional user experience, making it a reliable digital presence for DASH Financial Technologies.

I

ION Analytics

barclayhedge.com

0

BarclayHedge, operated under ION Analytics and the ION Group, is a well-established provider of alternative investment data and analytics with over 40 years of market presence. The company offers comprehensive fund databases, performance indices, fund rankings, and market insights targeted at financial institutions such as banks, hedge funds, advisors, and institutional investors. The website reflects a professional and consistent brand image, with clear navigation and relevant content tailored to its target audience. Technically, the site is built on WordPress with modern libraries and frameworks, though performance could be improved due to high load times and resource counts. Security posture is solid with HTTPS, TLS 1.3 support, and OCSP stapling, but lacks HSTS and some security headers. Privacy compliance is robust, featuring a comprehensive cookie consent mechanism and a detailed privacy policy aligned with GDPR. Overall, the site demonstrates a mature digital presence with good business credibility and trust indicators.

B

Backstop Solutions

backstopsolutions.com

0

Backstop Solutions is a finance-focused software provider specializing in investment management solutions including research management, portfolio management, and data services. Positioned as a service of ION Analytics, it targets institutional investors, private fund managers, and consultants with a comprehensive SaaS platform. The website demonstrates strong branding, client testimonials, and a clear business model focused on empowering investment decisions through technology. Technically, the site is built on WordPress with modern front-end frameworks and integrates multiple marketing and analytics tools. However, performance is hindered by slow load times and a large page size. Security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocols, although SPF, DMARC, and HSTS policies are in place. Privacy compliance is robust with GDPR-aligned cookie consent mechanisms and clear privacy and terms policies. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

I

ION Analytics

blackpeakgroup.com

0

ION Analytics operates as an enterprise-level financial intelligence platform integrating multiple specialized services such as Mergermarket, Debtwire, Dealogic, and Blackpeak under the ION Group umbrella. The company targets capital markets participants including advisors, banks, corporates, investors, and lawyers, providing predictive analytics and market intelligence to empower decision-making. The website reflects a strong market position as a pioneer in combining human insight with machine intelligence for capital markets transformation. Technically, the website is built on WordPress with modern frameworks like Bootstrap and uses various JavaScript libraries for enhanced user experience. Hosting is supported by Microsoft Azure DNS infrastructure. While the site is rich in content and well-structured, performance is somewhat slow due to large page size and numerous resources. SEO and mobile optimization are well addressed, though accessibility is basic. Security posture is good with HTTPS enforced, TLS 1.3 support, OCSP stapling, and strong SPF and DMARC email policies. However, improvements such as enabling HSTS, DNSSEC, and CAA records would enhance security further. Privacy compliance is robust, featuring a comprehensive privacy policy, GDPR-compliant cookie consent mechanisms, and detailed user controls. Overall, the site demonstrates high professionalism and trustworthiness with clear business information and multiple trust signals. No critical security issues or blocking mechanisms were detected, allowing full content access and analysis.

I

ION Group

debtwire.com

0

Debtwire is a specialized platform under the ION Group umbrella, providing predictive analytics and editorial insights focused on Leveraged Finance markets. The company leverages a combination of human expertise and AI-driven analytics to deliver market intelligence and restructuring data to financial professionals including advisors, banks, corporates, investors, and legal experts. Positioned as a next-generation service, Debtwire integrates community engagement and real-time alerts to maintain a competitive edge in the finance analytics sector. Technically, the website is built on WordPress with modern front-end frameworks and integrates multiple marketing and analytics tools, though it suffers from a critical lack of valid SSL/TLS configuration, impacting security posture. Privacy compliance is strong with GDPR-aligned cookie consent mechanisms and DMARC/SPF email policies. However, the absence of HTTPS and security headers lowers the overall security rating. The site is professionally designed with good content relevance and clear navigation, targeting enterprise-level finance professionals primarily in the United States. Strategic improvements in security infrastructure and explicit terms of service publication would enhance trust and compliance.

M

Mergermarket

mergermarket.com

0

Mergermarket is a leading enterprise-level provider of predictive M&A intelligence, combining proprietary editorial insight with advanced analytics to serve a diverse audience including advisors, banks, corporates, investors, and legal professionals. The company operates under the parent organization ION Group and offers a suite of services such as predictive analytics, intelligent search, and investigative journalism to empower clients in the competitive M&A market. The website demonstrates a professional and consistent brand presence with excellent content quality and clear navigation tailored for its target audience. Technically, the website is built on WordPress with modern frameworks like Bootstrap 5 and integrates multiple analytics and marketing tools including Google Analytics, Microsoft Clarity, Hotjar, and Optimizely. Hosting and DNS services leverage Cloudflare and Microsoft Azure, ensuring reliable performance and security. The site is moderately performant with good mobile optimization and basic accessibility features. From a security perspective, the site enforces HTTPS with TLS 1.2, strong cipher suites, and HSTS policies. SPF and DMARC records are properly configured to protect email domains. Cookie consent mechanisms comply with GDPR requirements, and no critical vulnerabilities or exposed sensitive data were detected. However, the site could improve by enabling TLS 1.3, enhancing certificate transparency, and adding additional security headers. Overall, Mergermarket's digital presence reflects a mature and secure platform with strong business credibility and privacy compliance. The site effectively supports its business model and target market while maintaining a good security posture.

L

LSEG

refinitiv.com

0

LSEG Data & Analytics, part of the London Stock Exchange Group, is a leading global provider of financial market data, analytics, and workflow solutions serving a broad range of financial institutions worldwide. The company leverages strategic partnerships, such as with Microsoft, and exclusive access to Reuters News to deliver comprehensive and actionable financial insights. Their offerings span data feeds, analytics platforms, and specialized workflow tools designed for asset managers, investment bankers, traders, and wealth managers. Technically, the website is built on Adobe Experience Manager and integrates multiple modern technologies including Adobe Launch, Google Analytics, and OneTrust for privacy compliance. However, the site suffers from critical SSL/TLS misconfigurations, lacking a valid certificate and secure protocols, which severely impacts its security posture. Performance is moderate to slow, with a large page size and load time. Security-wise, while the site implements DMARC with a strict reject policy and uses cookie consent mechanisms, the absence of proper HTTPS and presence of a subdomain takeover vulnerability on ftp.refinitiv.com present significant risks. The site uses extensive analytics and marketing tools, indicating a mature digital marketing strategy but also raising privacy considerations. Overall, the website is professionally designed with excellent content quality and strong business credibility but requires urgent remediation of its SSL/TLS and subdomain security issues to improve trust and security compliance.

D

DWS International GmbH

dbxus.com

0

DWS International GmbH operates a comprehensive and professional website focused on asset management and investment solutions, targeting financial professionals, individual, and institutional investors. The company is positioned as a leading global asset manager with a strong European presence, offering active, passive, and alternative investment products with a focus on ESG and sustainability. The technical infrastructure leverages modern JavaScript frameworks such as Vue.js and PrimeVue, along with Brightcove for video content delivery, ensuring a rich user experience. Security posture is strong with HTTPS, SPF, DMARC, and CAA records properly configured, though improvements in HSTS and OCSP stapling are recommended. Privacy compliance is robust with clear cookie consent mechanisms and comprehensive privacy policies. Overall, the website demonstrates high professionalism, trustworthiness, and business credibility.

D

DWS

deutscheliquidity.com

0

The website deutscheliquidity.com appears to be related to financial services, specifically liquidity management and money market funds, as indicated by references to DWS and liquidity management product literature URLs. However, the site content is minimal with no visible privacy policies, contact information, or detailed business descriptions. The technical infrastructure is based on modern JavaScript frameworks such as Nuxt.js, but suffers from poor performance and lack of HTTPS security. The absence of a valid SSL certificate and lack of security headers represent critical vulnerabilities that significantly reduce the site's trustworthiness and security posture. Overall, the site demonstrates low digital maturity and poor privacy compliance, which could negatively impact user trust and regulatory adherence.

I

Infront

infrontfinance.com

0

Infront is a well-established provider of market data and trading software solutions, serving wealth management and trading professionals globally. The company positions itself as an industry leader with over 35 years of experience, trusted by thousands of businesses and professional users. Their offerings include WealthTech solutions, APIs, data feeds, risk management, and analytics, supported by a strong client base and recognized certifications such as the Swiss EAM Award and EcoVadis ESG rating. Technically, the website is built on Adobe Experience Manager and integrates multiple marketing and analytics tools, reflecting a mature digital infrastructure. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and lack of modern TLS protocols, which significantly impacts its security posture. Privacy compliance is well managed with Cookiebot consent mechanisms and a comprehensive privacy policy. Overall, while the business and content quality are excellent, the security weaknesses and slow performance present risks that should be addressed promptly.

I

ION Analytics

ionanalytics.com

0

ION Analytics is a leading enterprise-level platform that integrates human insight with machine intelligence to transform global capital markets. The company offers a comprehensive suite of services including Mergermarket, Debtwire, Dealogic, and others, targeting advisors, banks, corporates, investors, and lawyers. Positioned as a pioneer in predictive intelligence for capital markets, ION Analytics operates under the parent company ION Group and maintains a strong market presence with multiple partner services integrated into its platform. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website is built on WordPress and leverages modern technologies such as Bootstrap, jQuery, and various analytics and marketing tools including Google Tag Manager, Optimizely, and 6sense. Hosting is inferred to be on Microsoft Azure, with DNS and mail services managed via Azure and Microsoft Outlook protection. While the site is functionally rich, performance is somewhat slow due to a large page size and numerous resources. Mobile optimization is good, and SEO practices are well implemented. From a security perspective, the site enforces HTTPS with a valid SSL certificate, has SPF and DMARC records configured for email protection, and uses OCSP stapling. However, it lacks HTTP Strict Transport Security (HSTS) and DNSSEC, which are recommended for enhanced security. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is robust, featuring a comprehensive privacy policy, GDPR-compliant cookie consent mechanisms, and detailed user consent options. Overall, ION Analytics demonstrates a mature digital presence with strong business credibility and security posture. The main areas for improvement include enhancing DNS security, enabling HSTS, and optimizing site performance to improve user experience further.

W

WSD

solvians.com

0

WSD is a technology company specializing in full automation solutions for structured products, serving a global clientele primarily in the financial sector. The company positions itself as a critical infrastructure provider in the structured products value chain, offering cloud-based, scalable, and resilient technology solutions. Their website reflects a professional and consistent brand with strong industry partnerships and certifications such as ISO and EcoVadis. Technically, the site is built on WordPress with Elementor and uses various modern JavaScript libraries and plugins, but suffers from slow load times and lacks HTTPS encryption, which is a significant security concern. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. However, the absence of SSL and security headers lowers the overall security posture. The company provides multiple contact channels including email, phone, and a detailed contact form, supporting good business credibility. Strategic recommendations include immediate implementation of HTTPS, enhancement of security headers, and performance optimization to improve user experience and security.

F

FRIDAY Versicherungen

friday.de

0

FRIDAY Versicherungen is a German digital insurance provider offering flexible and simple online insurance services, including a customer portal (MyFRIDAY) and claims reporting. The company is majority owned by Baloise and has recently ceased offering new insurance products, focusing on servicing existing contracts. The website is built on modern web technologies such as Next.js and Prismic CMS, hosted on AWS infrastructure. While the site provides good content quality, clear navigation, and GDPR-compliant privacy policies, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Email authentication is well configured with SPF and DMARC policies. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure communications.

V

VersicherungsCheck24

versicherungscheck24.de

0

VersicherungsCheck24 is a German-based online insurance comparison portal offering a wide range of insurance products for both private and business customers. The platform provides professional and independent comparisons, helping users find the best insurance tariffs tailored to their needs. The website is built on WordPress using Elementor and integrates modern web technologies such as Alpine.js and Google Tag Manager for analytics and marketing. While the site offers comprehensive content and good user experience, its performance is somewhat slow due to a large page size and many resources. Security posture is adequate with HTTPS and SPF/DMARC configured, but lacks advanced security headers like HSTS and OCSP stapling. Privacy compliance is present with a detailed privacy policy, though no explicit cookie consent mechanism was detected. Overall, VersicherungsCheck24 demonstrates a solid market position in the German insurance comparison sector with a trustworthy and professional online presence.

D

DWS Asset Management

dws.com

0

DWS Asset Management is a leading global asset manager headquartered in Germany, offering a broad range of investment solutions including active, passive, and alternative investments. The company is well-positioned in the finance sector with a strong reputation for stability, innovation, and ESG integration. Technically, the website leverages modern frontend frameworks such as Vue.js and PrimeVue, with integrated video content via Brightcove, and uses Tealium for tag management and analytics. The security posture is solid with valid SSL certificates, SPF and DMARC email protections, and no known SSL vulnerabilities, though improvements such as enabling HSTS, DNSSEC, and security headers are recommended. Overall, the website demonstrates high professionalism, good privacy compliance, and a strong trust profile, serving a global financial professional and investor audience.

D

DWS Asset Management

deutscheawm.com

0

DWS Asset Management is a leading global asset manager headquartered in Germany, offering a broad range of investment solutions including active, passive, and alternative investments. The company is recognized for its expertise in ESG and sustainability investing, serving financial professionals, individual, and institutional investors. The website reflects a mature digital presence with modern frontend technologies and comprehensive content tailored to its target audience. Technically, the site employs Vue.js, PrimeVue, and Brightcove for video delivery, with robust analytics and tag management via Tealium and Webtrekk. Security posture is strong with enforced DMARC policies, SPF, and TLS 1.3 support, though improvements such as enabling HSTS and OCSP stapling are recommended. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR, supported by clear privacy and cookie policies.

I

Infront

vwd.com

0

Infront is a well-established provider of market data and trading software solutions, primarily serving the wealth management and trading sectors. With over 35 years of experience, the company positions itself as an industry leader trusted by thousands of businesses and professional users. Their offerings include a broad range of WealthTech solutions such as trading connectivity, portfolio management, APIs and data feeds, valuation and risk services, and news services. The website reflects a mature digital presence built on Adobe Experience Manager, integrating advanced marketing automation and analytics tools to support lead generation and customer engagement. However, a critical security lapse is noted with an expired SSL certificate, which undermines user trust and security posture. The site employs strong security headers and content security policies but lacks some advanced SSL features like OCSP stapling and HSTS preload. Overall, Infront demonstrates a high level of professionalism, branding consistency, and technical sophistication, though immediate remediation of SSL issues is recommended.

D

Dealogic

dealogic.com

0

Dealogic is a leading provider of software and data solutions for the global capital markets, serving top financial firms worldwide. As part of ION Analytics, Dealogic offers platforms tailored for investment banking, capital markets, syndicate, sales, trading, research, investment managers, and corporations. Their business model focuses on delivering industry-standard data and connectivity solutions that enhance deal-making, compliance, and market insights. The company maintains a strong market position as a trusted partner with extensive media presence and client base. Technically, the website is built on WordPress hosted on Microsoft Azure, leveraging modern web technologies including TLS 1.3, OCSP stapling, and multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and 6sense. The site supports multiple languages and demonstrates good performance and mobile optimization, although accessibility is basic. From a security perspective, Dealogic implements strong email authentication with SPF and DMARC policies, uses secure TLS protocols, and has OCSP stapling enabled. However, it lacks HSTS enforcement, DNSSEC, and certificate transparency compliance. No explicit security policy or incident response information is published, and cookie consent mechanisms are not evident. The security posture is good but could be improved with additional best practices. Overall, Dealogic's website reflects a mature enterprise with strong branding, comprehensive business offerings, and a solid technical foundation. Strategic improvements in security transparency and privacy compliance would enhance trust and reduce risk exposure.

B

Berenberg

berenberg-us.com

0

Berenberg is a historic and well-established financial institution founded in 1590 in Hamburg, Germany. It operates globally with a strong presence in Europe and the USA, offering a broad range of financial services including investment banking, corporate banking, asset management, and fund management. The company is positioned as a leading advisor in Europe with a large equity research team covering over 800 European companies. Technically, the website employs modern web technologies and structured data to enhance SEO and user experience. However, the berenberg-us.com domain currently lacks a valid SSL certificate and modern TLS support, which poses a significant security risk. The company demonstrates good compliance with GDPR and cookie consent regulations, and maintains a comprehensive privacy and security policy. Overall, Berenberg shows a mature digital presence but should urgently address its SSL/TLS configuration to improve security posture and trust.

B

BHW Bausparkasse AG

bhw-partner.de

0

BHW Bausparkasse AG operates the BHW Partner portal, a dedicated platform for partners and financial advisors offering building savings and financing products in Germany. The website provides product information, tools, forms, and partner support services, positioning itself as a key player in the German finance sector specializing in Bausparen and Baufinanzierung. The site is professionally designed with consistent branding and good content quality, targeting financial partners and advisors. Technically, the website is built on Adobe Experience Manager CMS and integrates Webtrekk analytics for user tracking. However, the site currently lacks a valid SSL certificate and modern TLS configurations, which is a significant security concern. The presence of strong SPF and DMARC policies indicates good email security practices. Overall, the security posture is basic with room for improvement in SSL/TLS deployment and security headers. The website complies with GDPR and provides clear privacy and cookie policies with consent mechanisms. Strategic recommendations include upgrading SSL/TLS, enabling HSTS, and enhancing DNS security to improve trust and compliance.

S

Solvians IT-Solutions GmbH

ivestor.de

0

Ivestor.de is a German financial portal operated by Solvians IT-Solutions GmbH, providing stock prices, currency and commodity rates, and intelligent search tools for investment certificates and leveraged products. The website targets investors and financial market participants in Germany, offering relevant financial news and market data. Technically, the site is built on Angular 14.2.6, uses Matomo for analytics, and employs Microsoft Outlook services for email. The SSL configuration supports TLS 1.2 and 1.3 but lacks advanced security features like HSTS and OCSP stapling. DNS records are properly configured with SPF but lack DNSSEC and DMARC, indicating room for email security improvements. The website's performance is slow, with a load time exceeding 16 seconds, but it is mobile-optimized and SEO-friendly. Security posture is moderate with no critical vulnerabilities detected but could benefit from enhanced security headers and email authentication. Overall, ivestor.de presents a professional and trustworthy financial information service with a solid technical foundation but requires improvements in security and performance to enhance user trust and compliance.

S

Spar- und Leihkasse Wynigen AG

slwynigen.ch

0

Spar- und Leihkasse Wynigen AG is a small, independent regional bank based in Switzerland, established in 1929. The bank offers a range of financial services including savings, loans, mortgages, and digital banking solutions such as E-Banking and mobile apps. The website reflects a strong regional focus with personalized customer service as a key differentiator. Technically, the site is built on Joomla CMS, hosted behind Cloudflare, and integrates third-party services like Google Tag Manager and Mapbox. However, the website suffers from significant security shortcomings, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which undermines user trust and data protection. DNS records are properly configured with SPF and DMARC, indicating some email security awareness. Cookie consent mechanisms are implemented in compliance with GDPR, enhancing privacy transparency. Overall, the site demonstrates good business professionalism but requires urgent security improvements to protect customer data and maintain regulatory compliance.

E

Ersparniskasse Speicher

ersparniskassespeicher.ch

0

Ersparniskasse Speicher is a small, regional banking institution based in Switzerland, founded in 1819, serving the local community of Speicher and surrounding areas. It offers traditional banking services such as savings accounts, mortgage lending, and e-banking. The website reflects a well-established local bank with a strong historical presence and community focus. Technically, the website is built on WordPress with standard web technologies including jQuery and Google Maps integration. However, the site suffers from significant security shortcomings, including the absence of a valid SSL certificate and lack of modern TLS protocols, which exposes users to potential risks. The site also lacks visible cookie consent mechanisms and formal security or incident response policies, indicating gaps in compliance and security maturity. Overall, while the business is well-positioned locally with clear contact information and good content quality, the digital security posture requires urgent improvements to protect customer data and enhance trust.

G

GBM Administradora de Activos S.A. de C.V. S.O.F.I.

gbmfondos.com.mx

0

GBMfondos is a well-established Mexican financial services company specializing in investment funds and personalized investment advisory through its GBMadvisor platform. With over 35 years of industry experience and recognition such as Morningstar Awards, it holds a strong market position in Mexico's finance sector. The company targets investors seeking accessible and intelligent investment solutions, supported by a mobile application and a comprehensive digital platform. Technically, the website is hosted on Amazon AWS and employs modern tracking and analytics tools including Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital marketing strategy. However, performance is slow and some SEO and accessibility aspects are basic. Security-wise, the site uses TLS 1.2 and 1.3 with a strict DMARC policy, but lacks advanced SSL features like HSTS and OCSP stapling, and does not have a published security policy or incident response contacts. Overall, the site is professional and trustworthy but could improve in security posture and privacy compliance.

G

GBM

gbm.com

0

GBM is a leading financial services company in Mexico offering a broad range of investment products, trading platforms, and advisory services targeting both individual and institutional investors. The company positions itself as a comprehensive investment ecosystem with strong market presence and a wide product portfolio including stocks, ETFs, bonds, and alternative investments. Their digital platform is supported by WordPress CMS with advanced SEO and marketing integrations, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Marketing and analytics tools are extensively used, indicating a mature digital marketing strategy but raising privacy considerations. Legal and privacy documentation is comprehensive and available in Spanish, supporting regulatory compliance. However, explicit security policies and incident response information are not publicly disclosed.

D

DWS Group

dws.de

0

DWS Group is a leading global asset manager headquartered in Germany, offering a broad range of investment solutions including ESG, infrastructure, equity, bonds, and ETFs. The company has a strong market position with over 60 years of investment expertise and a large workforce. Their digital presence is built on modern web technologies such as Vue.js and integrates advanced video content delivery via Brightcove. The website demonstrates good SEO and user experience practices, with comprehensive privacy and cookie consent mechanisms in place. Security posture is solid with strict SPF and DMARC policies and use of TLS 1.3, though improvements such as enabling HSTS and OCSP stapling are recommended. Fraud warnings and clear contact information enhance user trust. Overall, the site reflects a mature digital infrastructure aligned with enterprise-grade asset management services.

B

BHW Bausparkasse AG

bhw.de

0

BHW Bausparkasse AG is a well-established German financial institution specializing in building savings and home financing products. The company operates a comprehensive website offering detailed information on its products, services, and customer support, targeting private customers interested in real estate financing and savings. The website is built on Adobe Experience Manager and integrates Webtrekk analytics for user tracking and marketing optimization. Security measures include a valid SSL certificate with TLS 1.2 and strong cipher suites, SPF and DMARC email authentication, and multiple domain verification records, although improvements such as enabling HSTS, OCSP stapling, and TLS 1.3 are recommended. The company maintains GDPR-compliant privacy and cookie policies with explicit consent mechanisms. Contact information is clearly provided with phone numbers and contact forms, but no explicit data protection officer contact or security policy page was found. Overall, the website demonstrates a mature digital presence with good usability and trust indicators, supported by strategic partnerships with Deutsche Bank and Postbank.

N

norisbank GmbH

norisbank.de

0

norisbank GmbH is a direct bank subsidiary of Deutsche Bank Gruppe, headquartered in Bonn, Germany. The company offers a range of financial products including credit, checking accounts (Girokonto), savings accounts (Tagesgeld), credit cards, and securities depot services. The website demonstrates a strong market position with multiple awards and certifications, targeting private customers, business clients, students, and youth. The business model focuses on digital banking services with an emphasis on online and mobile banking platforms. Technically, the website is built on Adobe Experience Manager with integrations for Adobe Analytics and Usercentrics for consent management, reflecting a mature digital infrastructure. However, the website currently lacks a valid SSL/TLS certificate, which is a critical security vulnerability. Email security is well configured with SPF and DMARC policies. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is professional, trustworthy, and well-optimized for SEO and accessibility, but requires urgent improvements in SSL security to protect user data and maintain trust.

M

maxblue

maxblue.de

0

maxblue is the online brokerage platform of Deutsche Bank AG, offering a comprehensive suite of investment and trading services including securities trading, depot management, and savings plans. The website positions itself as a strong partner for both beginners and professional investors in Germany, providing extensive market data, analysis, and digital tools. Technically, the site is built on Adobe Experience Manager with Angular framework, leveraging modern web technologies and integrating Adobe Launch for marketing and analytics. Security measures include strong TLS 1.2 encryption, SPF and DMARC email policies, and absence of major SSL vulnerabilities, though improvements like enabling HSTS and TLS 1.3 could enhance security further. The site demonstrates good privacy compliance with clear policies and consent mechanisms. Overall, maxblue presents a professional, trustworthy, and well-structured online brokerage service with a solid digital infrastructure.

B

Berenberg

berenberg.com

0

Berenberg is a historic and well-established financial institution founded in 1590, headquartered in Hamburg, Germany, with a strong presence across Europe and the United States. The company offers a comprehensive suite of financial services including investment banking, corporate banking, asset management, and fund management. It is recognized as one of Europe's leading advisors with a large equity research team covering over 800 European companies. The website reflects a mature digital presence with detailed business information, multiple international office locations, and a focus on client service and sustainability. Technically, the website employs modern web technologies such as JavaScript frameworks, SVG graphics, lazy loading, and structured data for SEO. Hosting is on Microsoft Azure with DNS managed by Colt, and the SSL configuration is robust with TLS 1.2 and strong cipher suites. Cookie consent is managed via CookieFirst, ensuring compliance with privacy regulations. However, there is room for improvement in security headers and protocols, such as enabling HSTS, DNSSEC, and TLS 1.3. From a security perspective, the site demonstrates good practices including SPF and DMARC email protections, OCSP stapling, and no detected SSL vulnerabilities. The privacy policy and cookie consent mechanisms are comprehensive and GDPR compliant. No explicit incident response or vulnerability disclosure pages were found, which could be enhanced to improve transparency and security posture. Overall, Berenberg's website and digital infrastructure reflect a high level of professionalism and trustworthiness, supporting its position as a major player in the financial services sector. Strategic improvements in security protocols and transparency could further strengthen its risk management and client confidence.

H

HBL Solutions

hblsolutions.ch

0

HBL Solutions is a Swiss Banking-as-a-Service provider operating under the regulated banking license of Hypothekarbank Lenzburg AG. The company specializes in embedding banking products such as accounts, cards, payments, securities portfolios, and pension plans into the digital customer journeys of partner companies. Their market position is that of a Swiss pioneer in embedded and open finance, supported by a robust banking infrastructure and regulatory compliance. Technically, the website is built on Umbraco CMS with modern JavaScript libraries like Swiper.js and jQuery, and employs Cookiebot for GDPR-compliant cookie consent management. However, the absence of a valid SSL certificate is a critical security gap. The security posture shows strengths in regulatory compliance and consent management but weaknesses in transport security and DNS security features. Overall, the business is well-positioned in the Swiss finance sector with a clear focus on embedded finance, but should urgently address SSL and DNS security to improve trust and compliance.

F

Finstar AG

finstar.ch

0

Finstar AG is a Swiss-based company specializing in integrated IT solutions for private and universal banks as well as fintechs. With over 40 years of experience, the company offers customized and cost-effective banking software and services, positioning itself as a trusted partner in the financial technology sector. Their offerings include a broad range of products and services such as APIs, digital onboarding, and digital asset platforms, supported by a strong ecosystem of partner banks and financial institutions. The company is a subsidiary of Hypothekarbank Lenzburg AG and holds the prestigious 'swiss made software' label, underscoring its commitment to quality and reliability. Technically, the website is built on the Umbraco CMS and leverages modern JavaScript libraries including GSAP and ScrollMagic for enhanced user experience. It integrates Cookiebot for GDPR-compliant cookie consent management and Google Tag Manager for analytics and marketing. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical security gap. Performance is slow, likely due to the large page size and resource count, but mobile optimization and accessibility are rated good. From a security perspective, the domain has well-configured SPF and DMARC records with a strict reject policy, reducing email spoofing risks. Despite this, the absence of HTTPS and security headers significantly lowers the security posture. No explicit security policy, incident response contacts, or vulnerability disclosure mechanisms were found. The cookie consent mechanism is comprehensive and transparent, supporting GDPR compliance. Overall, Finstar AG presents a professional and trustworthy digital presence with strong business credentials and compliance in privacy and cookie management. The primary risk lies in the lack of HTTPS, which should be addressed urgently to protect user data and maintain trust. Strategic improvements in security infrastructure and transparency around security policies would enhance the company's risk profile and customer confidence.

H

Hypothekarbank Lenzburg AG

hblasset.ch

0

HBL Asset Management, a brand of Hypothekarbank Lenzburg AG, operates a professional asset management and investment product platform targeting private investors primarily in Switzerland. The website offers financial market news, investment insights, and profiling tools to support investor decision-making. Technically, the site is built on the Umbraco CMS and integrates several modern web technologies including Google Analytics, Cookiebot for GDPR-compliant cookie consent, and Google Tag Manager. However, the site lacks HTTPS encryption, which is a critical security deficiency. While cookie consent and privacy policies are well implemented, the absence of SSL/TLS and security headers exposes users to risks. The company maintains a strong digital presence with social media integration and clear contact information, but should urgently address security gaps to protect user data and enhance trust.

S

SCHUFA

schufa.de

0

SCHUFA is a major German credit bureau specializing in credit scoring and risk assessment services for consumers and businesses. The website is currently protected by a FriendlyCaptcha challenge, indicating active bot mitigation measures. However, the site lacks visible privacy, cookie, or terms of service policies on the captcha landing page, and no direct contact information is provided. The DNS configuration shows strong email authentication with SPF and DMARC policies, but the SSL/TLS configuration is critically lacking, with no valid certificate or secure protocols enabled. This presents a significant security risk for users and the business. The technical infrastructure relies on external captcha services and is hosted via United Domains nameservers. Performance is moderate but user experience and content quality are poor due to the captcha gate and lack of accessible content.

D

DKB AG

dkb-bank.de

0

DKB AG is a large German direct bank focused on sustainable banking services including checking accounts, loans, investments, and renewable energy financing. It holds a strong market position as one of the top 20 banks in Germany by balance sheet size and is recognized for its sustainability leadership with ISS ESG Prime-Status. The website is built on modern web technologies including Nuxt.js and Contentful CMS, offering excellent mobile optimization and user experience. However, the SSL configuration is currently misconfigured with a self-signed certificate and no supported TLS protocols, representing a significant security risk. Security headers are present but could be enhanced with better SSL/TLS setup and HSTS configuration. Overall, the bank demonstrates strong trust indicators and compliance with GDPR and cookie policies, supported by comprehensive privacy and terms of service documentation.

F

Finance Forward

financefwd.com

0

Finance Forward operates as a leading German-language online media platform specializing in new finance topics such as fintech, blockchain, and banking. The website offers a comprehensive range of services including news articles, podcasts, newsletters, and event information, targeting professionals and enthusiasts in the finance sector. The business model is centered on digital content delivery with monetization through advertising and partnerships. The company maintains a strong market position as a trusted source for fintech and finance news in Germany, supported by consistent branding and high-quality content.

P

PMHinvestments

pmhinvestments.com

0

PMH Investments is a Dutch investment company focused on small and medium-sized enterprises with strong growth potential (scale-ups). The company positions itself as an active investor providing not only capital but also strategic, financial, and coaching support to entrepreneurs. Their market niche is well-defined within the Dutch finance sector, targeting growing businesses. The website is built on WordPress with a solid SEO foundation and multilingual support, indicating a moderate level of digital maturity. However, the technical infrastructure shows weaknesses in security, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which undermines user trust and data protection. Tracking and analytics are implemented via Google Tag Manager and WPMU DEV Analytics, but no cookie consent mechanism is present, which may raise compliance concerns. Overall, the security posture is basic with significant room for improvement, especially in SSL/TLS configuration and email security policies. Strategic recommendations include securing the website with a valid SSL certificate, implementing DMARC, and enhancing transparency around privacy and security policies.

N

Nomupay

nomupay.com

0

Nomupay is a payment solutions provider offering a comprehensive suite of services including global acquiring, online payments, payouts, and fraud prevention tools. Positioned as a global payment platform with local licenses and extensive payment method coverage, Nomupay targets businesses seeking seamless and scalable payment processing solutions. The website demonstrates a mature digital presence with WordPress CMS, Oxygen Builder, and multilingual support via TranslatePress. Integration of Google Analytics, Tag Manager, and LinkedIn Insight indicates moderate user tracking and marketing sophistication. However, the absence of a valid SSL certificate and lack of TLS support represent significant security vulnerabilities that undermine user trust and data protection. While privacy and cookie policies are present and GDPR compliant, the site lacks explicit security and incident response documentation. Overall, Nomupay presents a professional and trustworthy brand but requires urgent security improvements to safeguard its digital assets and customer data.

I

IFRS Foundation

ifrs.org

0

The IFRS Foundation is a globally recognized non-profit organization dedicated to developing and promoting international accounting and sustainability disclosure standards. It operates through two main boards, the IASB and ISSB, serving a diverse audience including academics, investors, regulators, and preparers. The Foundation maintains a strong market position with adoption in over 140 jurisdictions and offers licensing, digital subscriptions, and professional credentials as part of its service portfolio. Technically, the website is built on Adobe Experience Manager, hosted on Microsoft Azure, and integrates modern analytics and user experience tools such as Adobe Analytics, Google Tag Manager, and Hotjar. The site demonstrates good performance and accessibility standards with a comprehensive cookie consent mechanism and privacy policy aligned with GDPR requirements. Security posture is solid with modern TLS protocols, valid SPF and DMARC records, and OCSP stapling, though improvements are recommended in DNS security and email policy enforcement. Overall, the IFRS Foundation website reflects a mature digital presence with high-quality content, consistent branding, and robust trust indicators.

G

GBM

gbm.com.mx

0

GBM is a leading Mexican financial services company offering a broad range of investment products, trading platforms, and advisory services to both individual and institutional clients. The company positions itself as a comprehensive investment ecosystem with over 6,000 financial instruments and a strong advisory network. Their website reflects a mature digital presence with extensive content, multiple service tiers, and integrated marketing and analytics tools. However, the site suffers from critical security shortcomings, notably the lack of a valid SSL certificate and absence of modern TLS protocols, which undermines user trust and data security. While privacy and cookie policies are present, explicit security policies and incident response information are not found, indicating potential compliance gaps. Overall, GBM demonstrates strong market positioning and digital maturity but requires urgent security improvements to safeguard client data and maintain regulatory compliance.

M

Münchener Hypothekenbank eG

mhb.de

0

Münchener Hypothekenbank eG is a specialized financial institution focused on long-term real estate financing, serving private customers, commercial clients, and investors primarily in Germany. The bank emphasizes sustainability in its lending practices and maintains a strong market position with a history dating back to 1896. The website reflects a mature digital presence built on Drupal 10, integrating modern frontend technologies and a comprehensive cookie consent mechanism via Cookiebot. Analytics are handled through Matomo, balancing user tracking with privacy compliance. Security posture is solid with modern TLS protocols and no known vulnerabilities, though improvements such as DNSSEC, DMARC, and HSTS could enhance protection. Contact information is clearly presented, supporting customer engagement. Overall, the site demonstrates professionalism and trustworthiness aligned with its financial services business.

B

Berenberg

berenberg.de

0

Berenberg is a historic private bank and financial services provider founded in 1590 in Hamburg, Germany. It offers wealth management, asset management, corporate banking, and investment banking services to a diverse clientele including wealthy private clients, corporations, and institutional investors. The bank maintains a strong market position in Europe and the US with multiple offices and a broad service portfolio. Technically, the website employs modern web technologies with good performance and mobile optimization, supported by a robust SSL configuration and DNS setup. Security practices include SPF and DMARC email protections, OCSP stapling, and strong cipher suites, though improvements such as enabling HSTS and DNSSEC could enhance security further. Overall, Berenberg demonstrates a mature digital presence with strong trust indicators and compliance with GDPR and cookie consent regulations.

D

Deutsche Bank AG

deutsche-bank.de

0

Deutsche Bank AG is a leading financial institution offering a wide range of banking and investment services primarily targeting private, corporate, and institutional clients in Germany and internationally. The website reflects a mature digital presence with comprehensive service offerings, strong branding, and user-centric design. The technical infrastructure leverages Adobe Experience Manager CMS, Adobe Launch for tag management, and integrates advanced customer interaction tools such as Genesys widgets and Usercentrics for consent management. Security configurations are solid with valid SPF and DMARC policies, TLS 1.2 encryption with strong cipher suites, but could benefit from enhancements like TLS 1.3 support, HSTS, and DNSSEC. Privacy and cookie policies are well implemented with GDPR compliance, though explicit security and incident response policies are not publicly found. Overall, the site demonstrates a high level of professionalism, trustworthiness, and compliance with regulatory requirements.